diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 47d3a0ac90..8f3ea8a965 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -6,6 +6,26 @@ "redirect_document_id": true }, { +"source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md", +"redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md", +"redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md", +"redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md", +"redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-containers-help-protect-windows", "redirect_document_id": true diff --git a/bcs/docfx.json b/bcs/docfx.json index 16e842d530..2fa639d038 100644 --- a/bcs/docfx.json +++ b/bcs/docfx.json @@ -40,6 +40,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "bcs-vsts" + "dest": "bcs-vsts", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index 42532b3fb2..c0761e7192 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -33,6 +33,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "browsers/edge" + "dest": "browsers/edge", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/browsers/edge/edge-technical-demos.md b/browsers/edge/edge-technical-demos.md index b401556fed..4044596777 100644 --- a/browsers/edge/edge-technical-demos.md +++ b/browsers/edge/edge-technical-demos.md @@ -1,7 +1,7 @@ --- title: Microsoft Edge training and demonstrations -ms.prod: browser-edge -layout: article +description: Get access to training and demonstrations for Microsoft Edge. +ms.prod: edge ms.topic: article ms.manager: elizapo author: lizap diff --git a/browsers/edge/microsoft-edge-forrester.md b/browsers/edge/microsoft-edge-forrester.md index af5edc25e9..46e097832b 100644 --- a/browsers/edge/microsoft-edge-forrester.md +++ b/browsers/edge/microsoft-edge-forrester.md @@ -1,15 +1,12 @@ --- -title: Microsoft Edge - Forrester Total Economic Impact +title: Forrester Total Economic Impact - Microsoft Edge description: Review the results of the Microsoft Edge study carried out by Forrester Research -ms.prod: browser-edge -layout: article +ms.prod: edge ms.topic: article -ms.manager: elizapo author: lizap ms.author: elizapo ms.localizationpriority: high --- - # Measuring the impact of Microsoft Edge - Total Economic Impact (TEI) of Microsoft Edge Forrester Research measures the return on investment (ROI) of Microsoft Edge in its latest TEI report and survey. Browse and download these free resources to learn about the impact Microsoft Edge can have in your organization, including significant cost savings in reduced browser help desk tickets and improved browser security, to increased speed, performance, and user productivity. diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml index c1c094727a..1d5723ae94 100644 --- a/browsers/edge/microsoft-edge.yml +++ b/browsers/edge/microsoft-edge.yml @@ -33,7 +33,7 @@ sections: - type: markdown text: " Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
- +

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprse mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprse mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more
" - title: Security @@ -49,7 +49,7 @@ sections: - type: markdown text: " Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.
- +

**Deployment**
Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.
Microsoft Edge deployment guide
Microsoft Edge FAQ
System requirements and language support
Group Policy and MDM settings in Microsoft Edge
Download the Web Application Compatibility Lab Kit
Microsoft Edge training and demonstrations
**End user readiness**
Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.
Quick Start: Microsoft Edge (PDF, .98 MB)
Find it faster with Microsoft Edge (PDF, 605 KB)
Use Microsoft Edge to collaborate (PDF, 468 KB)
Import bookmarks
Password management
Microsoft Edge tips and tricks (video, 20:26)

**Deployment**
Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.
Microsoft Edge deployment guide
Microsoft Edge FAQ
System requirements and language support
Group Policy and MDM settings in Microsoft Edge
Download the Web Application Compatibility Lab Kit
Microsoft Edge training and demonstrations
**End user readiness**
Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.
Quick Start: Microsoft Edge (PDF, .98 MB)
Find it faster with Microsoft Edge (PDF, 605 KB)
Use Microsoft Edge to collaborate (PDF, 468 KB)
Import bookmarks
Password management
Microsoft Edge tips and tricks (video, 20:26)
" - title: Stay informed diff --git a/browsers/edge/web-app-compat-toolkit.md b/browsers/edge/web-app-compat-toolkit.md index 03ce172837..f2742ca22d 100644 --- a/browsers/edge/web-app-compat-toolkit.md +++ b/browsers/edge/web-app-compat-toolkit.md @@ -1,7 +1,7 @@ --- title: Web Application Compatibility lab kit -ms.prod: browser-edge -layout: article +description: Learn how to use the web application compatibility toolkit for Microsoft Edge. +ms.prod: edge ms.topic: article ms.manager: elizapo author: lizap diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 323ba3e4bd..0c42ef4158 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -34,6 +34,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "edges/internet-explorer" + "dest": "edges/internet-explorer", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json index 7a67485a17..06af992034 100644 --- a/devices/hololens/docfx.json +++ b/devices/hololens/docfx.json @@ -48,6 +48,7 @@ "template": [ null ], - "dest": "devices/hololens" + "dest": "devices/hololens", + "markdownEngineName": "dfm" } } diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json index 47f420a4d0..88d3dc2f7e 100644 --- a/devices/surface-hub/docfx.json +++ b/devices/surface-hub/docfx.json @@ -36,6 +36,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "devices/surface-hub" + "dest": "devices/surface-hub", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json index 8477cac86f..9bae9c245d 100644 --- a/devices/surface/docfx.json +++ b/devices/surface/docfx.json @@ -33,6 +33,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "devices/surface" + "dest": "devices/surface", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index 7325a15492..0a73499333 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -60,7 +60,7 @@ SDT for Business is supported on Surface 3 and later devices, including: To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags: - `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry. -- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for Business client mode or `1` for Business Administrator mode. The default value is `0`. +- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`. **To install SDT in ADMINMODE:** diff --git a/education/docfx.json b/education/docfx.json index 227546b56a..87d94a2065 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -33,6 +33,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "education" + "dest": "education", + "markdownEngineName": "dfm" } } diff --git a/gdpr/docfx.json b/gdpr/docfx.json index d426f781dc..2fd5e0e9f9 100644 --- a/gdpr/docfx.json +++ b/gdpr/docfx.json @@ -38,6 +38,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "gdpr" + "dest": "gdpr", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md b/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md index 62fd3a60df..e00d2cedd0 100644 --- a/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md +++ b/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md @@ -10,43 +10,46 @@ ms.prod: w10 ms.date: 06/16/2016 --- - # Microsoft Application Virtualization 5.0 Administrator's Guide - The Microsoft Application Virtualization (App-V) 5.0 Administrator’s Guide provides information and step-by-step procedures to help you administer the App-V 5.0 system and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. -[Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - -[About App-V 5.0](about-app-v-50.md)**|**[About App-V 5.0 SP1](about-app-v-50-sp1.md)**|**[About App-V 5.0 SP2](about-app-v-50-sp2.md)**|**[About App-V 5.0 SP3](about-app-v-50-sp3.md)**|**[Evaluating App-V 5.0](evaluating-app-v-50.md)**|**[High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md)**|**[Accessibility for App-V 5.0](accessibility-for-app-v-50.md) - -[Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -[Preparing Your Environment for App-V 5.0](preparing-your-environment-for-app-v-50.md)**|**[App-V 5.0 Prerequisites](app-v-50-prerequisites.md)**|**[App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md)**|**[Planning to Deploy App-V](planning-to-deploy-app-v.md)**|**[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md)**||**App-V 5.0 SP3 Supported Configurations[App-V 5.0 Planning Checklist](app-v-50-planning-checklist.md) - -[Deploying App-V 5.0](deploying-app-v-50.md) - -[Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md)**|**[Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md)**|**[App-V 5.0 Deployment Checklist](app-v-50-deployment-checklist.md)**|**[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md)**|**[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md) - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md)**|**[Administering App-V 5.0 Virtual Applications by Using the Management Console](administering-app-v-50-virtual-applications-by-using-the-management-console.md)**|**[Managing Connection Groups](managing-connection-groups.md)**|**[Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md)**|**[Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md)**|**[Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md)**|**[Maintaining App-V 5.0](maintaining-app-v-50.md)**|**[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - -[Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) - -[Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md) - -[Performance Guidance for Application Virtualization 5.0](performance-guidance-for-application-virtualization-50.md)**|**[Application Publishing and Client Interaction](application-publishing-and-client-interaction.md)**|**[Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md)**|**[Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md) +- [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) + - [About App-V 5.0](about-app-v-50.md) + - [About App-V 5.0 SP1](about-app-v-50-sp1.md) + - [About App-V 5.0 SP2](about-app-v-50-sp2.md) + - [About App-V 5.0 SP3](about-app-v-50-sp3.md) + - [Evaluating App-V 5.0](evaluating-app-v-50.md) + - [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md) + - [Accessibility for App-V 5.0](accessibility-for-app-v-50.md) +- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) + - [Preparing Your Environment for App-V 5.0](preparing-your-environment-for-app-v-50.md) + - [Planning to Deploy App-V](planning-to-deploy-app-v.md) + - [App-V 5.0 Planning Checklist](app-v-50-planning-checklist.md) +- [Deploying App-V 5.0](deploying-app-v-50.md) + - [Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) + - [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) + - [App-V 5.0 Deployment Checklist](app-v-50-deployment-checklist.md) + - [Deploying Microsoft Office 2016 by Using App-V](deploying-microsoft-office-2016-by-using-app-v.md) + - [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md) + - [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md) +- [Operations for App-V 5.0](operations-for-app-v-50.md) + - [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md) + - [Administering App-V 5.0 Virtual Applications by Using the Management Console](administering-app-v-50-virtual-applications-by-using-the-management-console.md) + - [Managing Connection Groups](managing-connection-groups.md) + - [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md) + - [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md) + - [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) + - [Maintaining App-V 5.0](maintaining-app-v-50.md) + - [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) +- [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) +- [Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md) + - [Performance Guidance for Application Virtualization 5.0](performance-guidance-for-application-virtualization-50.md) + - [Application Publishing and Client Interaction](application-publishing-and-client-interaction.md) + - [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md) + - [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md) ### Got a suggestion for App-V? -Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -  - -  - - - - - +- Add or vote on suggestions on the ["Microsoft Application Virtualization" forum on UserVoice.com](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). +- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md b/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md index 35a1f17856..887c215967 100644 --- a/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md +++ b/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md @@ -10,43 +10,42 @@ ms.prod: w10 ms.date: 06/16/2016 --- - # Microsoft Application Virtualization 5.1 Administrator's Guide - The Microsoft Application Virtualization (App-V) 5.1 Administrator’s Guide provides information and step-by-step procedures to help you administer the App-V 5.1 system and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. -[Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - -[About App-V 5.1](about-app-v-51.md)**|**[Evaluating App-V 5.1](evaluating-app-v-51.md)**|**[High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md)**|**[Accessibility for App-V 5.1](accessibility-for-app-v-51.md) - -[Planning for App-V 5.1](planning-for-app-v-51.md) - -[Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md)**|**[App-V 5.1 Prerequisites](app-v-51-prerequisites.md)**|**[Planning to Deploy App-V](planning-to-deploy-app-v51.md)**|**[App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md)**|**[App-V 5.1 Planning Checklist](app-v-51-planning-checklist.md) - -[Deploying App-V 5.1](deploying-app-v-51.md) - -[Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md)**|**[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md)**|**[App-V 5.1 Deployment Checklist](app-v-51-deployment-checklist.md)**|**[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v51.md)**|**[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md) - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md)**|**[Administering App-V 5.1 Virtual Applications by Using the Management Console](administering-app-v-51-virtual-applications-by-using-the-management-console.md)**|**[Managing Connection Groups](managing-connection-groups51.md)**|**[Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md)**|**[Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md)**|**[Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md)**|**[Maintaining App-V 5.1](maintaining-app-v-51.md)**|**[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - -[Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) - -[Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - -[Performance Guidance for Application Virtualization 5.1](performance-guidance-for-application-virtualization-51.md)**|**[Application Publishing and Client Interaction](application-publishing-and-client-interaction51.md)**|**[Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata51.md)**|**[Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md) +- [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) + - [About App-V 5.1](about-app-v-51.md) + - [Evaluating App-V 5.1](evaluating-app-v-51.md) + - [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md) + - [Accessibility for App-V 5.1](accessibility-for-app-v-51.md) +- [Planning for App-V 5.1](planning-for-app-v-51.md) + - [Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md) + - [Planning to Deploy App-V](planning-to-deploy-app-v51.md) +- [Deploying App-V 5.1](deploying-app-v-51.md) + - [Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) + - [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) + - [App-V 5.1 Deployment Checklist](app-v-51-deployment-checklist.md) + - [Deploying Microsoft Office 2016 by Using App-V](deploying-microsoft-office-2016-by-using-app-v51.md) + - [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v51.md) + - [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md) +- [Operations for App-V 5.1](operations-for-app-v-51.md) + - [Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md) + - [Administering App-V 5.1 Virtual Applications by Using the Management Console](administering-app-v-51-virtual-applications-by-using-the-management-console.md) + - [Managing Connection Groups](managing-connection-groups51.md) + - [Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md) + - [Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md) + - [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) + - [Maintaining App-V 5.1](maintaining-app-v-51.md) + - [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) +- [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) +- [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) + - [Performance Guidance for Application Virtualization 5.1](performance-guidance-for-application-virtualization-51.md) + - [Application Publishing and Client Interaction](application-publishing-and-client-interaction51.md) + - [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata51.md) + - [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md) ### Got a suggestion for App-V? -Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -  - -  - - - - - +- Add or vote on suggestions on the ["Microsoft Application Virtualization" forum on UserVoice.com](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). +- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/docfx.json b/mdop/docfx.json index 530722278f..38b354ec49 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -34,6 +34,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "mdop" + "dest": "mdop", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md index 698d549d6c..7c9ec9ded2 100644 --- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md +++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md @@ -47,7 +47,7 @@ This topic explains how to enable BitLocker on an end user's computer by using M - Escrow TPM OwnerAuth For Windows 7, MBAM must own the TPM for escrow to occur. For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported. - For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. + For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details. - Escrow recovery keys and recovery key packages @@ -66,7 +66,7 @@ This topic explains how to enable BitLocker on an end user's computer by using M **MBAM\_Machine WMI Class** **PrepareTpmAndEscrowOwnerAuth:** Reads the TPM OwnerAuth and sends it to the MBAM recovery database by using the MBAM recovery service. If the TPM is not owned and auto-provisioning is not on, it generates a TPM OwnerAuth and takes ownership. If it fails, an error code is returned for troubleshooting. - **Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. + **Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details. | Parameter | Description | | -------- | ----------- | @@ -179,7 +179,7 @@ Here are a list of common error messages: 3. Name the step **Persist TPM OwnerAuth** 4. Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"` - **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details. + **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details. 3. In the **State Restore** folder, delete the **Enable BitLocker** task. diff --git a/smb/docfx.json b/smb/docfx.json index 181bf75fda..56500f0150 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -42,6 +42,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "smb" + "dest": "smb", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md index baa42e23a6..d477d66085 100644 --- a/store-for-business/billing-understand-your-invoice-msfb.md +++ b/store-for-business/billing-understand-your-invoice-msfb.md @@ -58,7 +58,7 @@ The **Invoice Summary** is on the top of the first page and shows information ab | P.O. number |An optional purchase order number, assigned by you for tracking | | Invoice number |A unique, Microsoft-generated invoice number used for tracking purposes | | Invoice date |Date that the invoice is generated, typically five to 12 days after end of the Billing cycle. You can check your invoice date in billing profile properties.| -| Payment terms |How you pay for your Microsoft bill. *Net 30 days* means you pay by check or wire transfer within 30 days of the invoice date. | +| Payment terms |How you pay for your Microsoft bill. *Net 30 days* means you pay by following instructions on your invoice, within 30 days of the invoice date. | ### Understand the billing summary The **Billing Summary** shows the charges against the billing profile since the previous billing period, any credits that were applied, tax, and the total amount due. @@ -100,7 +100,7 @@ The total amount due for each service family is calculated by subtracting Azure | Total | The total amount due for the purchase | ### How to pay -At the bottom of the invoice, there are instructions for paying your bill. You can pay by check, wire, or online. If you pay online, you can use a credit/debit card or Azure credits, if applicable. +At the bottom of the invoice, there are instructions for paying your bill. You can pay by wire or online. If you pay online, you can use a credit or debit card, or Azure credits, if applicable. ### Publisher information If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice. diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index d739d26b28..e02715ff1f 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -49,6 +49,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "store-for-business" + "dest": "store-for-business", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/store-for-business/sfb-change-history.md b/store-for-business/sfb-change-history.md index f4429a667f..eb426098c6 100644 --- a/store-for-business/sfb-change-history.md +++ b/store-for-business/sfb-change-history.md @@ -8,16 +8,20 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 4/26/2018 +ms.date: 3/2/2019 ms.localizationpriority: medium --- # Change history for Microsoft Store for Business and Microsoft Store for Education -**Applies to** - -- Windows 10 -- Windows 10 Mobile +## March 2019 +| New or changed topic | Description | +| --- | --- | +| [Understand your Microsoft Customer Agreement invoice](billing-understand-your-invoice-msfb.md) | New topic | +| [Understand billing profiles](billing-profile.md) | New topic | +| [Payment methods](payment-methods.md) | New topic | +| [Update Microsoft Store for Business and Microsoft Store for Education account settings](update-microsoft-store-for-business-account-settings.md) | Update with information on billing accounts. | +| [Roles and permissions in Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md) | Add info for purchasing roles and permissions. | ## April 2018 | New or changed topic | Description | diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index 3b11a9431b..9f0e645ab1 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -9,6 +9,7 @@ ms.author: elizapo author: lizap ms.localizationpriority: medium ms.date: 04/26/2018 +ms.topic: article --- # How to add apps and features to Windows 10 > Applies to: Windows 10 diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md index eac656ed68..49f117a030 100644 --- a/windows/application-management/app-v/appv-about-appv.md +++ b/windows/application-management/app-v/appv-about-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # What's new in App-V for Windows 10, version 1703 and earlier diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md index c5a7ad334d..45c7caa713 100644 --- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # How to add or remove an administrator by using the Management Console diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md index 0ae1a703c8..45e9e679e6 100644 --- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # How to add or upgrade packages by using the Management Console diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md index b6cf8bf3d3..59464baca3 100644 --- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md +++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # Administering App-V by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md index a7662c1689..c416a2e63e 100644 --- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md +++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # Administering App-V Virtual Applications by using the Management Console diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md index 36c4204881..2c586765ad 100644 --- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md +++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # How to allow only administrators to enable connection groups diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 63d64c67b1..a1ee5bf107 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/08/2018 +ms.topic: article --- # Application publishing and client interaction diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index be2acfa151..9526ab4f81 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/15/2018 +ms.topic: article --- # How to apply the deployment configuration file by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md index 7f5e05afcd..e92a8ab78e 100644 --- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/15/2018 +ms.topic: article --- # How to apply the user configuration file by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md index 9a0407dafc..66325824b5 100644 --- a/windows/application-management/app-v/appv-auto-batch-sequencing.md +++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md index b4bd1c4426..74df442757 100644 --- a/windows/application-management/app-v/appv-auto-batch-updating.md +++ b/windows/application-management/app-v/appv-auto-batch-updating.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md index 2495e28dd7..63067bd3b6 100644 --- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md +++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/15/2018 +ms.topic: article --- # Automatically clean up unpublished packages on the App-V client diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md index b71dacce5a..ec2a3b80d2 100644 --- a/windows/application-management/app-v/appv-auto-provision-a-vm.md +++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index acc5e6e812..202aeda39b 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/15/2018 +ms.topic: article --- # Available Mobile Device Management (MDM) settings for App-V diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md index 8fef0869e5..d4ff60ca44 100644 --- a/windows/application-management/app-v/appv-capacity-planning.md +++ b/windows/application-management/app-v/appv-capacity-planning.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # App-V Capacity Planning diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md index 1e827161ce..41663d81b1 100644 --- a/windows/application-management/app-v/appv-client-configuration-settings.md +++ b/windows/application-management/app-v/appv-client-configuration-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # About Client Configuration Settings diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md index 3423d1c211..edd87bf73b 100644 --- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/18/2018 +ms.topic: article --- # How to configure access to packages by using the Management Console diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md index 2fbf152ae4..150105c699 100644 --- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md +++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/18/2018 +ms.topic: article --- # How to make a connection group ignore the package version diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md index 4c9e8afc25..488a1f7a7a 100644 --- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md +++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/25/2018 +ms.topic: article --- # How to configure the client to receive package and connection groups updates from the publishing server diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md index dc2e364c79..9f43bc0593 100644 --- a/windows/application-management/app-v/appv-connect-to-the-management-console.md +++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/25/2018 +ms.topic: article --- # How to connect to the Management Console diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md index ad317ada6d..9a7745ec8f 100644 --- a/windows/application-management/app-v/appv-connection-group-file.md +++ b/windows/application-management/app-v/appv-connection-group-file.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/25/2018 +ms.topic: article --- # About the connection group file diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md index 26a2f399c9..aa850efd33 100644 --- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md +++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 06/25/2018 +ms.topic: article --- # About the connection group virtual environment diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md index 9ee866698b..83e309f4df 100644 --- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md +++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to convert a package created in a previous version of App-V diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md index 58ccffc7a8..a362c6b960 100644 --- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md +++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to create a connection croup with user-published and globally published packages diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md index 661b95326d..06cb2f3b61 100644 --- a/windows/application-management/app-v/appv-create-a-connection-group.md +++ b/windows/application-management/app-v/appv-create-a-connection-group.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to create a connection group diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md index a2d704e613..64d7613d73 100644 --- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md +++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to create a custom configuration file by using the App-V Management Console diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index 7c228e7c4d..71b489d69b 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to create a package accelerator by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md index 49be3c2a97..233f4e609b 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to create a package accelerator diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md index 2742b4002f..9d91c8e08e 100644 --- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md +++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to create a virtual application package using an App-V Package Accelerator diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md index 54c4e39515..d573e61940 100644 --- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md +++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # Create and apply an App-V project template to a sequenced App-V package diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md index e6c441feb7..f5123c4f06 100644 --- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md +++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Creating and managing App-V virtualized applications diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md index a364b60032..c6ca02e169 100644 --- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md +++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 07/10/2018 +ms.topic: article --- # How to customize virtual applications extensions for a specific AD group by using the Management Console diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md index ee3f71058e..34472e93e8 100644 --- a/windows/application-management/app-v/appv-delete-a-connection-group.md +++ b/windows/application-management/app-v/appv-delete-a-connection-group.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # How to delete a connection group diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md index 81a067b1eb..ab6f7f440c 100644 --- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md +++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # How to delete a package in the Management Console diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md index e719ae1710..0f4e382de6 100644 --- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md +++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to deploy the App-V databases by using SQL scripts diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md index 29eafeeefa..1486989e1b 100644 --- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # How to deploy App-V packages using electronic software distribution diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md index a2b8ba9569..4112bf670f 100644 --- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md +++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to deploy the App-V server using a script diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md index a8035796ac..d3ef14b85d 100644 --- a/windows/application-management/app-v/appv-deploy-the-appv-server.md +++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to Deploy the App-V Server (new installation) diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md index 1d2034eb89..8b77d6c841 100644 --- a/windows/application-management/app-v/appv-deploying-appv.md +++ b/windows/application-management/app-v/appv-deploying-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Deploying App-V for Windows 10 diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index ce2b61a864..de89bc130c 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Deploying Microsoft Office 2010 by Using App-V diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md index ca909f8764..d075713777 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Deploying Microsoft Office 2013 by Using App-V diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index 63932df3b0..ce10d0918e 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Deploying Microsoft Office 2016 by using App-V diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md index 05f4985ae8..31abfd0d2d 100644 --- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # Deploying App-V packages by using electronic software distribution (ESD) diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md index 638235a066..11e2b14e5e 100644 --- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md +++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Deploying the App-V Sequencer and configuring the client diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md index 010925239a..5ce5fff75c 100644 --- a/windows/application-management/app-v/appv-deploying-the-appv-server.md +++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Deploying the App-V server diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md index 6efc162994..bd1d3d9802 100644 --- a/windows/application-management/app-v/appv-deployment-checklist.md +++ b/windows/application-management/app-v/appv-deployment-checklist.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # App-V Deployment Checklist diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md index 2669aedab4..45421f8951 100644 --- a/windows/application-management/app-v/appv-dynamic-configuration.md +++ b/windows/application-management/app-v/appv-dynamic-configuration.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # About App-V dynamic configuration diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md index 803d11d76e..db2bc9e287 100644 --- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # How to enable only administrators to publish packages by using an ESD diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md index b6df634063..810b13884f 100644 --- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md +++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # How to Enable Reporting on the App-V Client by Using Windows PowerShell diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md index 0696778b9f..621cc25ef8 100644 --- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md +++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Enable the App-V in-box client diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md index 3642e254c5..297983a412 100644 --- a/windows/application-management/app-v/appv-for-windows.md +++ b/windows/application-management/app-v/appv-for-windows.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # Application Virtualization (App-V) for Windows 10 overview diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md index 98794a0cb4..d18e707951 100644 --- a/windows/application-management/app-v/appv-getting-started.md +++ b/windows/application-management/app-v/appv-getting-started.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Getting started with App-V for Windows 10 diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md index 3b799fe1ab..6cd81600e8 100644 --- a/windows/application-management/app-v/appv-high-level-architecture.md +++ b/windows/application-management/app-v/appv-high-level-architecture.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # High-level architecture for App-V diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md index 3097201087..4f23037b26 100644 --- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md +++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md index 5a78399b06..f08f9c8408 100644 --- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md +++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to install the Management Server on a Standalone Computer and Connect it to the Database diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md index a67700ab9a..dd6d2b1fe4 100644 --- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md +++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to install the publishing server on a remote computer diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md index edf22cbc3d..2ccbaac2b2 100644 --- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md +++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # How to install the reporting server on a standalone computer and connect it to the database diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md index c799df5bae..42ab339a2b 100644 --- a/windows/application-management/app-v/appv-install-the-sequencer.md +++ b/windows/application-management/app-v/appv-install-the-sequencer.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Install the App-V Sequencer diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md index 3292b74b3e..81fc2c61b2 100644 --- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md +++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # How to load the Windows PowerShell cmdlets for App-V and get cmdlet help diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md index f98668cea5..f8af0d895a 100644 --- a/windows/application-management/app-v/appv-maintaining-appv.md +++ b/windows/application-management/app-v/appv-maintaining-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # Maintaining App-V diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index f4a20fb696..e72efbfcca 100644 --- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/24/2018 +ms.topic: article --- # How to manage App-V packages running on a stand-alone computer by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md index 23b04fbff1..ae54d9cb00 100644 --- a/windows/application-management/app-v/appv-operations.md +++ b/windows/application-management/app-v/appv-operations.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Operations for App-V diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md index 9525003f91..9550cb45b9 100644 --- a/windows/application-management/app-v/appv-planning-checklist.md +++ b/windows/application-management/app-v/appv-planning-checklist.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # App-V Planning Checklist diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md index 6bb1dfd140..d42bf68651 100644 --- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md +++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning to Use Folder Redirection with App-V diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md index eb5dc60914..5f3e8adad0 100644 --- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md +++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning for the App-V server deployment diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md index 6a3f8107da..826d77a491 100644 --- a/windows/application-management/app-v/appv-planning-for-appv.md +++ b/windows/application-management/app-v/appv-planning-for-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning for App-V diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md index 0fa930006c..3ab365a1b1 100644 --- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md +++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning for high availability with App-V Server diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md index 15b715780d..69372b9cc7 100644 --- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md +++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning for the App-V Sequencer and Client Deployment diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md index 84ec8aeb47..ddd41a422d 100644 --- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md +++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning for deploying App-V with Office diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md index 857549b340..e4ea799723 100644 --- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning to Deploy App-V with an electronic software distribution system diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md index 7e9a2005e7..24becb67a5 100644 --- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md +++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Planning to Deploy App-V for Windows 10 diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md index 045ae3eac4..60612d1e5c 100644 --- a/windows/application-management/app-v/appv-preparing-your-environment.md +++ b/windows/application-management/app-v/appv-preparing-your-environment.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # Preparing your environment for App-V diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md index f8f7d4b0e9..35032ce623 100644 --- a/windows/application-management/app-v/appv-prerequisites.md +++ b/windows/application-management/app-v/appv-prerequisites.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/18/2018 +ms.topic: article --- # App-V for Windows 10 prerequisites diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md index cebbaac7ad..49cb2ca7b9 100644 --- a/windows/application-management/app-v/appv-publish-a-connection-group.md +++ b/windows/application-management/app-v/appv-publish-a-connection-group.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # How to Publish a Connection Group diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md index 8451509577..5e194a561a 100644 --- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 09/27/2018 +ms.topic: article --- # How to publish a package by using the Management console diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index d72bc2f199..11ca2264c1 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.topic: article --- # About App-V reporting diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md index e91afa8136..53cf04a9a4 100644 --- a/windows/application-management/app-v/appv-security-considerations.md +++ b/windows/application-management/app-v/appv-security-considerations.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.topic: article --- # App-V security considerations diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md index ba31867ad8..3db7cd75c9 100644 --- a/windows/application-management/app-v/appv-sequence-a-new-application.md +++ b/windows/application-management/app-v/appv-sequence-a-new-application.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.topic: article --- # Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index 3a0c6514b4..a28d2875c7 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/16/2018 +ms.topic: article --- # App-V Supported Configurations diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index afa48aee66..70fc4d7a66 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -9,6 +9,7 @@ ms.author: elizapo author: lizap ms.localizationpriority: medium ms.date: 12/12/2018 +ms.topic: article --- # Understand the different apps included in Windows 10 diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md index 37099073f8..3dffa46062 100644 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md @@ -8,6 +8,7 @@ ms.pagetype: mobile ms.author: kaushika-ainapure author: kaushika-msft ms.date: 07/21/2017 +ms.topic: article --- # Deploy application upgrades on Windows 10 Mobile diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 5c20bbd8a7..8cb7d083a0 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -47,6 +47,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "win-app-management" + "dest": "win-app-management", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md index 1ed3eec5da..74e71f0072 100644 --- a/windows/application-management/enterprise-background-activity-controls.md +++ b/windows/application-management/enterprise-background-activity-controls.md @@ -5,7 +5,7 @@ description: Allow enterprise background tasks unrestricted access to computer r ms.author: twhitney ms.date: 10/03/2017 ms.topic: article -ms.prod: windows +ms.prod: w10 ms.technology: uwp keywords: windows 10, uwp, enterprise, background task, resources --- diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 082c384d37..bab488fec7 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -8,6 +8,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Administrative Tools in Windows 10 diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md index 24681f6db4..2a6671c21f 100644 --- a/windows/client-management/advanced-troubleshooting-802-authentication.md +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -8,6 +8,7 @@ ms.sitesec: library author: kaushika-msft ms.localizationpriority: medium ms.author: greg-lindsay +ms.topic: troubleshooting --- # Advanced troubleshooting 802.1X authentication diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 207d12b5d3..101ca103bc 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -7,6 +7,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 11/16/2018 +ms.topic: troubleshooting --- # Advanced troubleshooting for Windows boot problems diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index 412bbb99bc..2581981101 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -8,6 +8,7 @@ ms.sitesec: library author: kaushika-msft ms.localizationpriority: medium ms.author: greg-lindsay +ms.topic: troubleshooting --- # Advanced troubleshooting wireless network connectivity diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md index 91800241a0..12912a98f5 100644 --- a/windows/client-management/change-history-for-client-management.md +++ b/windows/client-management/change-history-for-client-management.md @@ -10,6 +10,7 @@ ms.localizationpriority: medium author: jdeckerMS ms.author: jdecker ms.date: 12/06/2018 +ms.topic: article --- # Change history for Client management diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 7c666a3977..3042e56449 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -10,6 +10,7 @@ author: jdeckerms ms.localizationpriority: medium ms.author: jdecker ms.date: 08/02/2018 +ms.topic: article --- # Connect to remote Azure Active Directory-joined PC diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md index b0f3faa4c1..cc14ac0242 100644 --- a/windows/client-management/data-collection-for-802-authentication.md +++ b/windows/client-management/data-collection-for-802-authentication.md @@ -8,6 +8,7 @@ ms.sitesec: library author: kaushika-msft ms.localizationpriority: medium ms.author: mikeblodge +ms.topic: troubleshooting --- # Data collection for troubleshooting 802.1X authentication diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index eab3b9f62e..f68b218456 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -46,6 +46,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "win-client-management" + "dest": "win-client-management", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md index 94d8c56785..38beb2bfcd 100644 --- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md +++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md @@ -7,6 +7,7 @@ ms.sitesec: library author: brianlic-msft ms.localizationpriority: medium ms.date: 10/13/2017 +ms.topic: troubleshooting --- # Group Policy settings that apply only to Windows 10 Enterprise and Education Editions diff --git a/windows/client-management/img-boot-sequence.md b/windows/client-management/img-boot-sequence.md index ca385d841a..19455fe9cd 100644 --- a/windows/client-management/img-boot-sequence.md +++ b/windows/client-management/img-boot-sequence.md @@ -2,6 +2,8 @@ description: A full-sized view of the boot sequence flowchart. title: Boot sequence flowchart ms.date: 11/16/2018 +ms.topic: article +ms.prod: w10 --- Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
diff --git a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md index 0d3b6b861f..18a5683f62 100644 --- a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md +++ b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md @@ -9,6 +9,7 @@ ms.pagetype: mobile author: jdeckerms ms.localizationpriority: medium ms.date: 09/21/2017 +ms.topic: article --- # Join Windows 10 Mobile to Azure Active Directory diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index 66ebec76b8..4d37e28f84 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -10,6 +10,7 @@ ms.pagetype: devices author: jdeckerms ms.localizationpriority: medium ms.date: 09/21/2017 +ms.topic: article --- # Manage corporate devices diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index 7b80381b7c..2f41baa313 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: brianlic-msft ms.date: 04/19/2017 +ms.topic: article --- **Applies to** diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 8581c76291..759f45080d 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -9,6 +9,7 @@ ms.pagetype: devices author: MariciaAlforque ms.localizationpriority: medium ms.date: 04/26/2018 +ms.topic: article --- # Manage Windows 10 in your organization - transitioning to modern management diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 0a91b0f2ad..2db6848263 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -8,6 +8,7 @@ ms.sitesec: library author: jdeckerms ms.author: jdecker ms.date: 10/02/2018 +ms.topic: article --- # Create mandatory user profiles diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 9faccd5f60..8f8ef0ecd3 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2672,7 +2672,7 @@ The following list shows the configuration service providers supported in Window | Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition | |--------|--------|------------| | [AccountManagement CSP](accountmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | -| [Accounts CSP](accounts-csp) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) +| [Accounts CSP](accounts-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [AssignedAccess CSP](assignedaccess-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)| diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index fb26b71e0c..f6e7f9cc49 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -14,7 +14,7 @@ ms.date: 11/01/2017 This is a step-by-step guide to configuring ADMX-backed policies in MDM. -Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy. +Starting in Windows 10 version 1703, Mobile Device Management (MDM) policy configuration support was expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the [Policy configuration service provider (CSP)](policy-configuration-service-provider.md). Configuring ADMX-backed policies in Policy CSP is different from the typical way you configure a traditional MDM policy. Summary of steps to enable a policy: - Find the policy from the list ADMX-backed policies. @@ -22,6 +22,11 @@ Summary of steps to enable a policy: - Use the Group Policy Editor to determine whether there are parameters necessary to enable the policy. - Create the data payload for the SyncML. +See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Ingesting-Office-ADMX-Backed-policies-using/ba-p/354824) for a walk-through using Intune. + +>[!TIP] +>Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](https://docs.microsoft.com/intune/administrative-templates-windows) + ## Enable a policy 1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description. @@ -50,7 +55,7 @@ Summary of steps to enable a policy: ![Enable App-V client](images/admx-appv-enableapp-vclient.png) -3. Create the SyncML to enable the policy that does not require any parameter. +3. Create the SyncML to enable the policy that does not require any parameter. In this example you configure **Enable App-V Client** to **Enabled**. @@ -82,7 +87,7 @@ Summary of steps to enable a policy: ## Enable a policy that requires parameters -1. Create the SyncML to enable the policy that requires parameters. +1. Create the SyncML to enable the policy that requires parameters. In this example, the policy is in **Administrative Templates > System > App-V > Publishing**. @@ -299,12 +304,3 @@ The \ payload is empty. Here an example to set AppVirtualization/Publishin ``` -## Video walkthrough - -Here is a video of how to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune. - -> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121] - -Here is a video of how to import a custom ADMX file to a device using Intune. - -> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73] \ No newline at end of file diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md index dd19365596..0d0848e6fe 100644 --- a/windows/client-management/mdm/personalization-csp.md +++ b/windows/client-management/mdm/personalization-csp.md @@ -64,7 +64,7 @@ The following diagram shows the Personalization configuration service provider i

Supporter operation is Get.

> [!Note] -> This setting is only used to query status. To set the image, use the LockScreenImageStatus setting. +> This setting is only used to query status. To set the image, use the LockScreenImageUrl setting. ## Example SyncML diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b24b2e6b11..00d74b6472 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5030,7 +5030,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallDay​](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration) +- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) ## Policies supported by Windows Holographic @@ -5076,7 +5076,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration) +- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index b3f6a039a4..d744ed476c 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -113,8 +113,7 @@ Here is an example: ``` - - + diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md index be981913ce..84a4a9551f 100644 --- a/windows/client-management/mdm/understanding-admx-backed-policies.md +++ b/windows/client-management/mdm/understanding-admx-backed-policies.md @@ -30,15 +30,8 @@ An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policy Windows maps the name and category path of a Group Policy to a MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\\`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX-backed policies supported by MDM, see [Policy CSP - ADMX-backed policies](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#admx-backed-policies). -## Video walkthrough - -Here is a video of how to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune. - -> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121] - -Here is a video of how to import a custom ADMX file to a device using Intune. - -> [!VIDEO https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73] +>[!TIP] +>Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](https://docs.microsoft.com/intune/administrative-templates-windows) ## ADMX files and the Group Policy Editor diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 5cdfd4830b..7d77e94d7d 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 10/24/2017 +ms.topic: reference --- # New policies for Windows 10 diff --git a/windows/client-management/reset-a-windows-10-mobile-device.md b/windows/client-management/reset-a-windows-10-mobile-device.md index 0fd57c2d06..dbd44ec56d 100644 --- a/windows/client-management/reset-a-windows-10-mobile-device.md +++ b/windows/client-management/reset-a-windows-10-mobile-device.md @@ -9,6 +9,7 @@ ms.pagetype: mobile author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Reset a Windows 10 Mobile device diff --git a/windows/client-management/windows-10-mobile-and-mdm.md b/windows/client-management/windows-10-mobile-and-mdm.md index efb64966cc..b206069663 100644 --- a/windows/client-management/windows-10-mobile-and-mdm.md +++ b/windows/client-management/windows-10-mobile-and-mdm.md @@ -10,6 +10,7 @@ ms.pagetype: mobile, devices, security ms.localizationpriority: medium author: AMeeus ms.date: 01/26/2019 +ms.topic: article --- # Windows 10 Mobile deployment and management guide diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md index f6620bd9c5..797e4ea336 100644 --- a/windows/client-management/windows-10-support-solutions.md +++ b/windows/client-management/windows-10-support-solutions.md @@ -7,6 +7,7 @@ ms.sitesec: library ms.author: elizapo author: kaushika-msft ms.localizationpriority: medium +ms.topic: troubleshooting --- # Troubleshoot Windows 10 clients diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md index 54bb8122b7..ca022c045d 100644 --- a/windows/client-management/windows-version-search.md +++ b/windows/client-management/windows-version-search.md @@ -8,6 +8,7 @@ ms.sitesec: library author: kaushika-msft ms.author: MikeBlodge ms.date: 04/30/2018 +ms.topic: troubleshooting --- # What version of Windows am I running? diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index fbea8c5ef0..1232a8f3f0 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -43,7 +43,6 @@ You can deploy the resulting .xml file to devices using one of the following met - [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - ## Customize the Start screen on your test computer @@ -93,9 +92,15 @@ When you have the Start layout that you want your users to see, use the [Export- 1. While signed in with the same account that you used to customize Start, right-click Start, and select **Windows PowerShell**. -2. At the Windows PowerShell command prompt, enter the following command: +2. On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command: `Export-StartLayout –path .xml ` + + On a device running Windows 10, version 1809, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example: + + ```PowerShell + Export-StartLayout -UseDesktopApplicationID -Path layout.xml + ``` In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml). @@ -132,11 +137,26 @@ When you have the Start layout that you want your users to see, use the [Export- -3. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file are critical.](start-layout-xml-desktop.md#required-order) +3. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order) >[!IMPORTANT] >If the Start layout that you export contains tiles for desktop (Win32) apps or .url links, **Export-StartLayout** will use **DesktopApplicationLinkPath** in the resulting file. Use a text or XML editor to change **DesktopApplicationLinkPath** to **DesktopApplicationID**. See [Specify Start tiles](start-layout-xml-desktop.md#specify-start-tiles) for details on using the app ID in place of the link path. + +>[!NOTE] +>All clients that the start layout applies to must have the apps and other shortcuts present on the local system in the same location as the source for the Start layout. +> +>For scripts and application tile pins to work correctly, follow these rules: +> +>* Executable files and scripts should be listed in \Program Files or wherever the installer of the app places them. +> +>* Shortcuts that will pinned to Start should be placed in \ProgramData\Microsoft\Windows\Start Menu\Programs. +> +>* If you place executable files or scripts in the \ProgramData\Microsoft\Windows\Start Menu\Programs folder, they will not pin to Start. +> +>* Start on Windows 10 does not support subfolders. We only support one folder. For example, \ProgramData\Microsoft\Windows\Start Menu\Programs\Folder. If you go any deeper than one folder, Start will compress the contents of all the subfolder to the top level. + + ## Configure a partial Start layout diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index e66228ba49..67eda5ee5a 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -47,6 +47,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "win-configuration" + "dest": "win-configuration", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md index 071c89831a..d765f93e06 100644 --- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md +++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md @@ -5,6 +5,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium +ms.prod: w10 --- # Find the Application User Model ID of an installed app diff --git a/windows/configuration/images/customize-and-export-start-layout.png b/windows/configuration/images/customize-and-export-start-layout.png new file mode 100644 index 0000000000..41c81ad4d3 Binary files /dev/null and b/windows/configuration/images/customize-and-export-start-layout.png differ diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md index 56411e9638..72377d11f6 100644 --- a/windows/configuration/kiosk-additional-reference.md +++ b/windows/configuration/kiosk-additional-reference.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 09/13/2018 +ms.topic: reference --- # More kiosk methods and reference information diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md index bb333f0c3f..f769ca9fe4 100644 --- a/windows/configuration/kiosk-mdm-bridge.md +++ b/windows/configuration/kiosk-mdm-bridge.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 11/07/2018 +ms.topic: article --- # Use MDM Bridge WMI Provider to create a Windows 10 kiosk diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index e0121dbd6c..888cbc3049 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -7,6 +7,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: jdeckerms +ms.topic: article --- # Configure kiosks and digital signs on Windows desktop editions diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md index 8eef8af221..ace4d35ec9 100644 --- a/windows/configuration/kiosk-policies.md +++ b/windows/configuration/kiosk-policies.md @@ -11,6 +11,7 @@ author: jdeckerms ms.localizationpriority: medium ms.date: 07/30/2018 ms.author: jdecker +ms.topic: article --- # Policies enforced on kiosk devices diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 81e49742b0..f484267983 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 01/09/2019 +ms.topic: article --- # Prepare a device for kiosk configuration diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index e928698268..1c3ec69b44 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 10/01/2018 +ms.topic: article --- # Use Shell Launcher to create a Windows 10 kiosk diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 64a3ca542a..439acaa52b 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 01/09/2019 +ms.topic: article --- # Set up a single-app kiosk diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md index 9281f546da..4e2e579d33 100644 --- a/windows/configuration/kiosk-validate.md +++ b/windows/configuration/kiosk-validate.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 07/30/2018 +ms.topic: article --- # Validate kiosk configuration diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index b927ef5c8e..14905d408b 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -155,6 +155,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can - For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%). +- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both "C:\Program Files\internet explorer\iexplore.exe" and “C:\Program Files (x86)\Internet Explorer\iexplore.exe”. - To configure a single app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample). When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**: diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md index 068422a836..39fc11ef7d 100644 --- a/windows/configuration/manage-wifi-sense-in-enterprise.md +++ b/windows/configuration/manage-wifi-sense-in-enterprise.md @@ -10,6 +10,7 @@ ms.pagetype: mobile author: eross-msft ms.localizationpriority: medium ms.date: 05/02/2018 +ms.topic: article --- # Manage Wi-Fi Sense in your company diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md index 5fa39fd636..7b9f542042 100644 --- a/windows/configuration/provisioning-packages/provisioning-apply-package.md +++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md @@ -55,7 +55,7 @@ Provisioning packages can be applied to a device during the first-run experience ### After setup, from a USB drive, network folder, or SharePoint site -Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network forlder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation. +Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation. ![add a package option](../images/package.png) diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md index 0b0e15e263..3e25afe52b 100644 --- a/windows/configuration/setup-digital-signage.md +++ b/windows/configuration/setup-digital-signage.md @@ -9,6 +9,7 @@ ms.sitesec: library author: jdeckerms ms.localizationpriority: medium ms.date: 10/02/2018 +ms.topic: article --- # Set up digital signs on Windows 10 diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index cb0103ffff..c29f399bba 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -8,6 +8,7 @@ ms.author: kaushika author: kaushika-msft ms.localizationpriority: medium ms.date: 12/03/18 +ms.topic: troubleshooting --- # Troubleshoot Start Menu errors diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md index 9752c25cf2..4b58fb144b 100644 --- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md index dfeb80037f..e970613434 100644 --- a/windows/configuration/ue-v/uev-administering-uev.md +++ b/windows/configuration/ue-v/uev-administering-uev.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index a4e36a5bce..8a9052776e 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md index 10e15e2610..9c32db847a 100644 --- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md +++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md index f0eda613ab..c3931a4bb3 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md index 09bc5bcd87..c4db3ea4d2 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md index e487d59433..c87d86b1a3 100644 --- a/windows/configuration/ue-v/uev-deploy-required-features.md +++ b/windows/configuration/ue-v/uev-deploy-required-features.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # Deploy required UE-V features diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md index 8acad25b0c..1f6e64b883 100644 --- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md +++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # Use UE-V with custom applications diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md index d6ca23c105..c950cf47a5 100644 --- a/windows/configuration/ue-v/uev-for-windows.md +++ b/windows/configuration/ue-v/uev-for-windows.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 05/02/2017 +ms.topic: article --- # User Experience Virtualization (UE-V) for Windows 10 overview diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index f91ada9764..863ac6c5a2 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md index 62bac2494e..208fcff83c 100644 --- a/windows/configuration/ue-v/uev-manage-configurations.md +++ b/windows/configuration/ue-v/uev-manage-configurations.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md index 3d94ba1e9b..75104e3f49 100644 --- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md index 1dbc856d7f..5a91551d13 100644 --- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md index 1ecf51a49c..1a6a7e74e7 100644 --- a/windows/configuration/ue-v/uev-migrating-settings-packages.md +++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index f48f1d3ceb..97ba1594d6 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # Prepare a UE-V Deployment diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index ab756d30d5..d4252476ff 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # User Experience Virtualization (UE-V) Release Notes diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md index 9d75709470..8ed79bc515 100644 --- a/windows/configuration/ue-v/uev-security-considerations.md +++ b/windows/configuration/ue-v/uev-security-considerations.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md index dc43199116..ac1cebb541 100644 --- a/windows/configuration/ue-v/uev-sync-methods.md +++ b/windows/configuration/ue-v/uev-sync-methods.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # Sync Methods for UE-V diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md index 7778a731b8..a3e6f87aaf 100644 --- a/windows/configuration/ue-v/uev-sync-trigger-events.md +++ b/windows/configuration/ue-v/uev-sync-trigger-events.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # Sync Trigger Events for UE-V diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md index eea5619b50..204e2bad1b 100644 --- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md +++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md index e01635f519..3ac63d539a 100644 --- a/windows/configuration/ue-v/uev-technical-reference.md +++ b/windows/configuration/ue-v/uev-technical-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md index fcc4cb1fa3..1c9aa6f02b 100644 --- a/windows/configuration/ue-v/uev-troubleshooting.md +++ b/windows/configuration/ue-v/uev-troubleshooting.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md index a6bed35ea3..d3a5ce084c 100644 --- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md +++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # Upgrade to UE-V for Windows 10 diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md index 00c4e0c9b0..3ea25ad859 100644 --- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md +++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md index 81e41752be..6403ce9355 100644 --- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md +++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- # What's New in UE-V diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md index 408e2115ac..ed9d9b9967 100644 --- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md +++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 +ms.topic: article --- diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md index e6269ec3dc..237867c029 100644 --- a/windows/configuration/windows-10-accessibility-for-ITPros.md +++ b/windows/configuration/windows-10-accessibility-for-ITPros.md @@ -9,6 +9,7 @@ ms.author: jaimeo author: jaimeo ms.localizationpriority: medium ms.date: 01/12/2018 +ms.topic: reference --- # Accessibility information for IT Professionals diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 13cf82c872..ae6dfa473a 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -1,4 +1,5 @@ # [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment) +## [Architectural planning posters for Windows 10](windows-10-architecture-posters.md) ## [Deploy Windows 10 with Microsoft 365](deploy-m365.md) ## [What's new in Windows 10 deployment](deploy-whats-new.md) ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) @@ -278,8 +279,4 @@ #### [Get started with Device Health](update/device-health-get-started.md) #### [Using Device Health](update/device-health-using.md) ### [Enrolling devices in Windows Analytics](update/windows-analytics-get-started.md) -### [Troubleshooting Windows Analytics and FAQ](update/windows-analytics-FAQ-troubleshooting.md) - -## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) - -## [Architectural planning posters for Windows 10](windows-10-architecture-posters.md) \ No newline at end of file +### [Troubleshooting Windows Analytics and FAQ](update/windows-analytics-FAQ-troubleshooting.md) \ No newline at end of file diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md index a785de935e..eb2c0110b3 100644 --- a/windows/deployment/Windows-AutoPilot-EULA-note.md +++ b/windows/deployment/Windows-AutoPilot-EULA-note.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.author: mayam ms.date: 08/22/2017 ROBOTS: noindex,nofollow +ms.topic: article --- # Windows Autopilot EULA dismissal – important information diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md index c61e28a736..0432620ae9 100644 --- a/windows/deployment/add-store-apps-to-image.md +++ b/windows/deployment/add-store-apps-to-image.md @@ -10,6 +10,7 @@ ms.pagetype: deploy author: greg-lindsay ms.author: greglin ms.date: 07/27/2017 +ms.topic: article --- # Add Microsoft Store for Business applications to a Windows 10 image diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md index f2a31049b0..0ca5993529 100644 --- a/windows/deployment/change-history-for-deploy-windows-10.md +++ b/windows/deployment/change-history-for-deploy-windows-10.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 11/08/2017 +ms.topic: article --- # Change history for Deploy Windows 10 diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index 9c87e4c4c7..22b3108f6d 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Configure a PXE server to load Windows PE diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index c1d98d727b..bfd84c39bb 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: mdt ms.date: 05/25/2018 author: greg-lindsay +ms.topic: article --- # Deploy Windows 10 Enterprise licenses diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index e0c769d5e0..9803bd8551 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -8,6 +8,8 @@ ms.pagetype: deploy keywords: deployment, automate, tools, configure, mdt, sccm, M365 ms.localizationpriority: medium author: greg-lindsay +ms.topic: article +ms.collection: M365-modern-desktop --- # Deploy Windows 10 with Microsoft 365 diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index c4c072ca4f..cf6c780326 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -8,6 +8,7 @@ ms.prod: w10 ms.sitesec: library ms.pagetype: deploy author: greg-lindsay +ms.topic: article --- # What's new in Windows 10 deployment diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md index 9847ffdb4c..c4a97a2f45 100644 --- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Assign applications using roles in MDT diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md index 74fe0ef00d..fd6e5b6207 100644 --- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md +++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Build a distributed environment for Windows 10 deployment diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md index 4613b4654e..919c5e4fd8 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Configure MDT deployment share rules diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md index 6c1a0b4c2b..d9f5b096b9 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Configure MDT for UserExit scripts diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md index e55f00f343..95f70b8634 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Configure MDT settings diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md index 7afd5d0100..5f1c91dbea 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -10,6 +10,7 @@ ms.pagetype: mdt ms.sitesec: library author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Create a task sequence with Configuration Manager and MDT diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index 29c8f9e1d9..f3dd992ad6 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 04/18/2018 +ms.topic: article --- # Create a Windows 10 reference image diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 4702f27f80..1466263dc5 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 10/16/2017 +ms.topic: article --- # Deploy a Windows 10 image using MDT diff --git a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md index ead86741f5..75625ec3e8 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md @@ -10,6 +10,7 @@ ms.sitesec: library author: greg-lindsay ms.pagetype: mdt ms.date: 10/16/2017 +ms.topic: article --- # Deploy Windows 10 with the Microsoft Deployment Toolkit diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md index f1916dac85..8e259f076a 100644 --- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Get started with the Microsoft Deployment Toolkit (MDT) diff --git a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md index 2b1134f4f4..3e90951027 100644 --- a/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md @@ -10,6 +10,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Integrate Configuration Manager with MDT diff --git a/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md b/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md index ed7ddad986..0adb1acff2 100644 --- a/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/key-features-in-mdt.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Key features in MDT diff --git a/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md b/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md index 6338e8cc72..7ca3716ae3 100644 --- a/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md +++ b/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # MDT Lite Touch components diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md index 7ef19268fd..23c462b839 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Prepare for deployment with MDT diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md index 8a6dc1f6f9..30700e0e1d 100644 --- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md +++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Refresh a Windows 7 computer with Windows 10 diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md index a6c42ca4b4..a43389b68b 100644 --- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Replace a Windows 7 computer with a Windows 10 computer diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index 6b826df394..8dcb9a871f 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Set up MDT for BitLocker diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md index 88c9fa4845..2d75e10a78 100644 --- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md +++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Simulate a Windows 10 deployment in a test environment diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md index a45ba94242..a6563c1a8e 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Use Orchestrator runbooks with MDT diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md index cc70fc97bd..c815cc9c41 100644 --- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -10,6 +10,7 @@ ms.localizationpriority: medium ms.sitesec: library author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Use the MDT database to stage Windows 10 deployment information diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md index 34b293060a..b4302392b5 100644 --- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md @@ -10,6 +10,7 @@ ms.pagetype: mdt ms.sitesec: library author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Use web services in MDT diff --git a/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md index 4709a89520..9935a8a53c 100644 --- a/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Add a Windows 10 operating system image using Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index fb0564fa07..8fc86605a3 100644 --- a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -9,6 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index fbae53450a..e5da6f79dd 100644 --- a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Create a custom Windows PE boot image with Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index 84cb6aa51b..96d8d3f119 100644 --- a/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -9,6 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Create an application to deploy with Windows 10 using Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md index 3a76b241e6..d06a6f7dc7 100644 --- a/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Deploy Windows 10 using PXE and Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md index ffe112508b..936611965a 100644 --- a/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md @@ -9,6 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Deploy Windows 10 with System Center 2012 R2 Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index 287279e92d..5765cc0355 100644 --- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -9,6 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Finalize the operating system configuration for Windows 10 deployment with Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md index 1f96c78273..b0878d4298 100644 --- a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Monitor the Windows 10 deployment with Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index 21491d5029..05a4969529 100644 --- a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -9,6 +9,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Prepare for Zero Touch Installation of Windows 10 with Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md index 92ef33ca52..1585e2bf48 100644 --- a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager diff --git a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md index 0ebf3c3fc2..93e54633fa 100644 --- a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index fbc54619d1..2942c63221 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: mobility author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Deploy Windows To Go in your organization diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index ff0a09c58c..64125f287f 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.localizationpriority: medium ms.date: 11/06/2018 author: greg-lindsay +ms.topic: article --- # Deploy Windows 10 diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json index 0b6ae0597d..45f759e8f4 100644 --- a/windows/deployment/docfx.json +++ b/windows/deployment/docfx.json @@ -48,6 +48,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "win-development" + "dest": "win-development", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index e3fbb8108f..70c6a4d641 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 02/13/2018 ms.localizationpriority: medium +ms.topic: article --- # MBR2GPT.EXE diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md index ecdf8207f7..9482f98808 100644 --- a/windows/deployment/planning/act-technical-reference.md +++ b/windows/deployment/planning/act-technical-reference.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: eross-msft ms.date: 04/19/2017 +ms.topic: article --- # Application Compatibility Toolkit (ACT) Technical Reference diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md index e5e9f24096..065c803658 100644 --- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md +++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Applying Filters to Data in the SUA Tool diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md index 4edb5f0c39..c83ee71cbf 100644 --- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md +++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Available Data Types and Operators in Compatibility Administrator diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md index 12f92216ce..aece2d16f5 100644 --- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md +++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md @@ -9,6 +9,7 @@ ms.pagetype: mobility ms.sitesec: library author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Best practice recommendations for Windows To Go diff --git a/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md b/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md index b7e31dc924..b603620138 100644 --- a/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md +++ b/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment.md @@ -7,6 +7,7 @@ ms.mktglfcycl: plan ms.sitesec: library author: TrudyHa ms.date: 07/19/2017 +ms.topic: article --- # Change history for Plan for Windows 10 deployment diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index f1037f7669..6d01bfbe37 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Compatibility Administrator User's Guide diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index c9f2ede6e2..3b562f4169 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Compatibility Fix Database Management Strategies and Deployment diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md index 1e50215024..67fc4948c5 100644 --- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md +++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md index 7dca25b239..fe4c17069c 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Creating a Custom Compatibility Fix in Compatibility Administrator diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md index 706cc96143..42398cd04a 100644 --- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Creating a Custom Compatibility Mode in Compatibility Administrator diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md index 08565d4d49..078f35d184 100644 --- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Creating an AppHelp Message in Compatibility Administrator diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index 5be20e25e5..9730a3defb 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -9,6 +9,7 @@ ms.pagetype: mobility ms.sitesec: library author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Deployment considerations for Windows To Go diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md index 4e1cae7893..0838cb2613 100644 --- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md +++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Enabling and Disabling Compatibility Fixes in Compatibility Administrator diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md index 3c962cdae2..8a5d6781f2 100644 --- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md +++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Fixing Applications by Using the SUA Tool diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md index 2281ce8859..c7f59cff36 100644 --- a/windows/deployment/planning/index.md +++ b/windows/deployment/planning/index.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.localizationpriority: medium author: TrudyHa ms.date: 07/27/2017 +ms.topic: article --- # Plan for Windows 10 deployment diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md index b4d640525b..37b7cdccf8 100644 --- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md +++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md index 008e895d2b..ec256fd6be 100644 --- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md +++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Managing Application-Compatibility Fixes and Custom Fix Databases diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md index a7400061d9..d93629a7ea 100644 --- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md +++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md @@ -9,6 +9,7 @@ ms.pagetype: mobility ms.sitesec: library author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Prepare your organization for Windows To Go diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md index 14766d839f..738bc1b205 100644 --- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Searching for Fixed Applications in Compatibility Administrator diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md index 3f3d270c30..4136dbdbc8 100644 --- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index f88b37f7b6..683018e1d1 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -9,6 +9,7 @@ ms.pagetype: mobility, security ms.sitesec: library author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Security and data protection considerations for Windows To Go diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md index 70bd453926..5c5c7979ff 100644 --- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md +++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Showing Messages Generated by the SUA Tool diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md index b5b1561470..60f54bb4b5 100644 --- a/windows/deployment/planning/sua-users-guide.md +++ b/windows/deployment/planning/sua-users-guide.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # SUA User's Guide diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md index ab699b8791..6a6e69b626 100644 --- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md +++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Tabs on the SUA Tool Interface diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md index 8a31fdc2ce..6b09e93b26 100644 --- a/windows/deployment/planning/testing-your-application-mitigation-packages.md +++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Testing Your Application Mitigation Packages diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md index 11128c476c..af5a8f1b79 100644 --- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md +++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Understanding and Using Compatibility Fixes diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md index a8365386e9..6595bdd558 100644 --- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md +++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Using the Compatibility Administrator Tool diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md index 3c8b3aa0da..7bfbdc5b72 100644 --- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md +++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Using the Sdbinst.exe Command-Line Tool diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md index d49309fb72..6ef273260e 100644 --- a/windows/deployment/planning/using-the-sua-tool.md +++ b/windows/deployment/planning/using-the-sua-tool.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Using the SUA Tool diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index 1ad5ba549c..db5b6a09f3 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Using the SUA Wizard diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md index fc4f7c6b99..afc0cf0afa 100644 --- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md +++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md @@ -8,6 +8,7 @@ ms.pagetype: appcompat ms.sitesec: library author: TrudyHa ms.date: 04/19/2017 +ms.topic: article --- # Viewing the Events Screen in Compatibility Administrator diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md index 916f6ac0c9..f31922410d 100644 --- a/windows/deployment/planning/windows-10-1803-removed-features.md +++ b/windows/deployment/planning/windows-10-1803-removed-features.md @@ -8,6 +8,7 @@ ms.sitesec: library author: lizap ms.author: elizapo ms.date: 08/16/2018 +ms.topic: article --- # Features removed or planned for replacement starting with Windows 10, version 1803 diff --git a/windows/deployment/planning/windows-10-1809-removed-features.md b/windows/deployment/planning/windows-10-1809-removed-features.md index 0c87d5a683..1204493c7c 100644 --- a/windows/deployment/planning/windows-10-1809-removed-features.md +++ b/windows/deployment/planning/windows-10-1809-removed-features.md @@ -8,6 +8,7 @@ ms.sitesec: library author: lizap ms.author: elizapo ms.date: 11/16/2018 +ms.topic: article --- # Features removed or planned for replacement starting with Windows 10, version 1809 diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md index 23adaa809b..1fe897263a 100644 --- a/windows/deployment/planning/windows-10-compatibility.md +++ b/windows/deployment/planning/windows-10-compatibility.md @@ -10,6 +10,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Windows 10 compatibility diff --git a/windows/deployment/planning/windows-10-creators-update-deprecation.md b/windows/deployment/planning/windows-10-creators-update-deprecation.md index 4103a10d65..9a87eca2b0 100644 --- a/windows/deployment/planning/windows-10-creators-update-deprecation.md +++ b/windows/deployment/planning/windows-10-creators-update-deprecation.md @@ -7,6 +7,7 @@ ms.localizationpriority: medium ms.sitesec: library author: lizap ms.date: 10/09/2017 +ms.topic: article --- # Features that are removed or deprecated in Windows 10 Creators Update diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md index 07622a5fb6..bb0ad7f659 100644 --- a/windows/deployment/planning/windows-10-deployment-considerations.md +++ b/windows/deployment/planning/windows-10-deployment-considerations.md @@ -9,6 +9,7 @@ ms.mktglfcycl: plan ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Windows 10 deployment considerations diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index 7dcb96facc..bebac9fa94 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.sitesec: library author: ms.date: 08/18/2017 +ms.topic: article --- # Windows 10 Enterprise: FAQ for IT professionals diff --git a/windows/deployment/planning/windows-10-fall-creators-deprecation.md b/windows/deployment/planning/windows-10-fall-creators-deprecation.md index 5b8b7ca418..cdb6eeb98d 100644 --- a/windows/deployment/planning/windows-10-fall-creators-deprecation.md +++ b/windows/deployment/planning/windows-10-fall-creators-deprecation.md @@ -7,6 +7,7 @@ ms.localizationpriority: medium ms.sitesec: library author: lizap ms.date: 10/30/2018 +ms.topic: article --- # Features that are removed or deprecated in Windows 10 Fall Creators Update diff --git a/windows/deployment/planning/windows-10-fall-creators-removed-features.md b/windows/deployment/planning/windows-10-fall-creators-removed-features.md index 9c04fcece6..cec3ba7407 100644 --- a/windows/deployment/planning/windows-10-fall-creators-removed-features.md +++ b/windows/deployment/planning/windows-10-fall-creators-removed-features.md @@ -7,6 +7,7 @@ ms.localizationpriority: medium ms.sitesec: library author: lizap ms.date: 10/09/2017 +ms.topic: article --- # Features removed or planned for replacement starting with Windows 10 Fall Creators Update (version 1709) diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index 83acd30a15..f1a6b4ae5c 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Windows 10 infrastructure requirements diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index bfadedc7cd..235406b45a 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -9,6 +9,7 @@ ms.pagetype: mobility ms.sitesec: library author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Windows To Go: frequently asked questions diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 1b3e1eb797..ca27c8a82f 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -9,6 +9,7 @@ ms.pagetype: mobility, edu ms.sitesec: library author: mtniehaus ms.date: 04/19/2017 +ms.topic: article --- # Windows To Go: feature overview diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md index 4c54a99d29..e6de252a4c 100644 --- a/windows/deployment/s-mode.md +++ b/windows/deployment/s-mode.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: deploy ms.date: 12/05/2018 author: jaimeo +ms.topic: article --- # Windows 10 in S mode - What is it? diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md index 4126e2c7cf..4f438b5701 100644 --- a/windows/deployment/update/PSFxWhitepaper.md +++ b/windows/deployment/update/PSFxWhitepaper.md @@ -9,6 +9,7 @@ author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 10/18/2018 +ms.topic: article --- # Windows Updates using forward and reverse differentials diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md index e5345fd55b..7a21b2cf52 100644 --- a/windows/deployment/update/WIP4Biz-intro.md +++ b/windows/deployment/update/WIP4Biz-intro.md @@ -9,6 +9,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 03/01/2018 +ms.topic: article --- # Introduction to the Windows Insider Program for Business diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md index 93a9df5c6f..85a1a19aaf 100644 --- a/windows/deployment/update/change-history-for-update-windows-10.md +++ b/windows/deployment/update/change-history-for-update-windows-10.md @@ -7,6 +7,7 @@ ms.sitesec: library author: DaniHalfin ms.author: daniha ms.date: 09/18/2018 +ms.topic: article --- # Change history for Update Windows 10 diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index e4a62129cf..5cab04e4ba 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -10,6 +10,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Get started with Device Health diff --git a/windows/deployment/update/device-health-monitor.md b/windows/deployment/update/device-health-monitor.md index 822409ea0f..87450cc71f 100644 --- a/windows/deployment/update/device-health-monitor.md +++ b/windows/deployment/update/device-health-monitor.md @@ -9,6 +9,8 @@ ms.localizationpriority: medium ms.pagetype: deploy author: jaimeo ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article --- # Monitor the health of devices with Device Health diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md index 26da341d39..e43a16c46f 100644 --- a/windows/deployment/update/device-health-using.md +++ b/windows/deployment/update/device-health-using.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Using Device Health diff --git a/windows/deployment/update/feature-update-conclusion.md b/windows/deployment/update/feature-update-conclusion.md index 7ad33b4c1c..925faca129 100644 --- a/windows/deployment/update/feature-update-conclusion.md +++ b/windows/deployment/update/feature-update-conclusion.md @@ -8,6 +8,8 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 07/09/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Conclusion diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md index d49f678bcf..1dd6d6e674 100644 --- a/windows/deployment/update/feature-update-maintenance-window.md +++ b/windows/deployment/update/feature-update-maintenance-window.md @@ -8,6 +8,8 @@ author: mcureton ms.localizationpriority: medium ms.author: mikecure ms.date: 07/09/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Deploy feature updates during maintenance windows diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md index 5c1cc4673a..eb6c6695aa 100644 --- a/windows/deployment/update/feature-update-mission-critical.md +++ b/windows/deployment/update/feature-update-mission-critical.md @@ -8,6 +8,8 @@ author: mcureton ms.localizationpriority: medium ms.author: mikecure ms.date: 07/10/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md index bcf74135cf..88f1e895d2 100644 --- a/windows/deployment/update/feature-update-user-install.md +++ b/windows/deployment/update/feature-update-user-install.md @@ -8,6 +8,8 @@ author: mcureton ms.localizationpriority: medium ms.author: mikecure ms.date: 07/10/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Deploy feature updates for user-initiated installations (during a fixed service window) diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index 4a2aa72c67..a87578d48a 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -8,15 +8,16 @@ ms.pagetype: article ms.author: elizapo author: lizap ms.localizationpriority: medium -ms.date: 10/18/2018 +ms.date: 03/13/2019 +ms.topic: article --- # How to make Features on Demand and language packs available when you're using WSUS/SCCM > Applies to: Windows 10 -As of Windows 10 version 1709, you cannot use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FOD) and language packs for Windows 10 clients locally. Instead, you can enforce a Group Policy setting that tells the clients to pull them directly from Windows Update. You can also host FOD and language packs on a network share, but starting with Windows 10 version 1809, language packs can only be installed from Windows Update. +As of Windows 10 version 1709, you cannot use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FOD) and language packs for Windows 10 clients locally. Instead, you can enforce a Group Policy setting that tells the clients to pull them directly from Windows Update. You can also host FOD and language packs on a network share, but starting with Windows 10 version 1809, FOD and language packs can only be installed from Windows Update. -For Windows domain environments running WSUS or SCCM, change the **Specify settings for optional component installation and component repair** policy to enable downloading language and FOD packs from Windows Update. This setting is located in `Computer Configuration\Administrative Templates\System` in the Group Policy Editor. +For Windows domain environments running WSUS or SCCM, change the **Specify settings for optional component installation and component repair** policy to enable downloading FOD and language packs from Windows Update. This setting is located in `Computer Configuration\Administrative Templates\System` in the Group Policy Editor. Changing this policy does not affect how other updates are distributed. They continue to come from WSUS or SCCM as you have scheduled them. diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 8436f310a4..72ac510693 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -8,6 +8,8 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # How does Windows Update work? diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md index 0cd39373d7..ebd4a10408 100644 --- a/windows/deployment/update/index.md +++ b/windows/deployment/update/index.md @@ -8,6 +8,7 @@ author: Jaimeo ms.localizationpriority: high ms.author: jaimeo ms.date: 04/06/2018 +ms.topic: article --- # Update Windows 10 in enterprise deployments diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index ba2f9a130f..900593d031 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -8,6 +8,8 @@ author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 11/29/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Servicing stack updates diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md index 0f4e2d8cdc..5929abad6f 100644 --- a/windows/deployment/update/update-compliance-delivery-optimization.md +++ b/windows/deployment/update/update-compliance-delivery-optimization.md @@ -9,6 +9,8 @@ author: jaimeo ms.author: jaimeo keywords: oms, operations management suite, optimization, downloads, updates, log analytics ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Delivery Optimization in Update Compliance diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md index d3eae3a9f1..4dbf3ca380 100644 --- a/windows/deployment/update/update-compliance-feature-update-status.md +++ b/windows/deployment/update/update-compliance-feature-update-status.md @@ -7,6 +7,8 @@ ms.sitesec: library ms.pagetype: deploy author: Jaimeo ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article --- # Feature Update Status diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index cd036990aa..4de6b50ffd 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: Jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Get started with Update Compliance diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 97a514dde4..5ce705a7fa 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: Jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Monitor Windows Updates with Update Compliance diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md index 0b76b9c8ac..54f7f8e186 100644 --- a/windows/deployment/update/update-compliance-need-attention.md +++ b/windows/deployment/update/update-compliance-need-attention.md @@ -7,6 +7,8 @@ ms.sitesec: library ms.pagetype: deploy author: Jaimeo ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article --- # Needs attention! diff --git a/windows/deployment/update/update-compliance-perspectives.md b/windows/deployment/update/update-compliance-perspectives.md index 38ad846be7..f0403b00c8 100644 --- a/windows/deployment/update/update-compliance-perspectives.md +++ b/windows/deployment/update/update-compliance-perspectives.md @@ -7,6 +7,8 @@ ms.sitesec: library ms.pagetype: deploy author: jaimeo ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article --- # Perspectives diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md index 45556de62c..8b8961fa18 100644 --- a/windows/deployment/update/update-compliance-security-update-status.md +++ b/windows/deployment/update/update-compliance-security-update-status.md @@ -7,6 +7,8 @@ ms.sitesec: library ms.pagetype: deploy author: Jaimeo ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article --- # Security Update Status diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index a30c60418b..356f7c7af8 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Use Update Compliance diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md index bc12b6797b..7a8e65c4a5 100644 --- a/windows/deployment/update/update-compliance-wd-av-status.md +++ b/windows/deployment/update/update-compliance-wd-av-status.md @@ -7,6 +7,8 @@ ms.sitesec: library ms.pagetype: deploy author: jaimeo ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article --- # Windows Defender AV Status diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index f155f00f4c..5181cd933e 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Configure BranchCache for Windows 10 updates diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index e4efb40317..83d145df77 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -7,6 +7,7 @@ ms.sitesec: library author: jaimeo ms.localizationpriority: medium ms.author: jaimeo +ms.topic: article --- # Configure Windows Update for Business diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index f82f1afa73..0318257814 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -9,6 +9,8 @@ author: JaimeO ms.localizationpriority: medium ms.author: jaimeo ms.date: 04/30/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Configure Delivery Optimization for Windows 10 updates diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index 10b578947d..badacbf568 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -8,6 +8,8 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/11/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Build deployment rings for Windows 10 updates diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index a0e4e4886c..4bbd1a7ddc 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Integrate Windows Update for Business with management solutions diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index b222321f5b..dab2336165 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 10/16/2017 +ms.topic: article --- # Deploy Windows 10 updates using System Center Configuration Manager diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 4f72bbeb5d..8b2a68dd3b 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 10/16/2017 +ms.topic: article --- # Deploy Windows 10 updates using Windows Server Update Services (WSUS) diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index ba0843abc3..9c63798bd2 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -7,6 +7,7 @@ ms.sitesec: library author: jaimeo ms.localizationpriority: medium ms.author: jaimeo +ms.topic: article --- # Deploy updates using Windows Update for Business diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md index 84d896d30a..e9493106b4 100644 --- a/windows/deployment/update/waas-mobile-updates.md +++ b/windows/deployment/update/waas-mobile-updates.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index a8a889c72c..60c1580556 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -7,6 +7,7 @@ author: lizap ms.author: elizapo ms.date: 12/19/2018 ms.localizationpriority: high +ms.topic: article --- # Windows as a service - More news diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index 0045989a89..d44fb4db2e 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 09/24/2018 +ms.topic: article --- # Optimize Windows 10 update delivery diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 3e82500cc3..218be1564a 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -9,6 +9,7 @@ author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 09/24/2018 +ms.topic: article --- # Overview of Windows as a service diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index ed003254cc..9ef541fce2 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -9,6 +9,7 @@ author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 10/17/2018 +ms.topic: article --- # Quick guide to Windows as a service diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 3a9036f170..c6eda60ace 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Manage device restarts after updates diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index aae22f0a1e..7a7dfcc5d0 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 10/13/2017 +ms.topic: article --- # Assign devices to servicing channels for Windows 10 updates diff --git a/windows/deployment/update/waas-servicing-differences.md b/windows/deployment/update/waas-servicing-differences.md index 27e3799565..5db6f96bc8 100644 --- a/windows/deployment/update/waas-servicing-differences.md +++ b/windows/deployment/update/waas-servicing-differences.md @@ -8,6 +8,8 @@ ms.sitesec: library author: KarenSimWindows ms.localizationpriority: medium ms.author: karensim +ms.topic: article +ms.collection: M365-modern-desktop --- # Understanding the differences between servicing Windows 10-era and legacy Windows operating systems diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 6041f964a6..ab220901a1 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -8,6 +8,7 @@ author: Jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 11/02/2018 +ms.topic: article --- # Prepare servicing strategy for Windows 10 updates diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index b44107bdd2..7749569b04 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Manage additional Windows Update settings diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index c400740a30..706d1cc4a6 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Walkthrough: use Group Policy to configure Windows Update for Business diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md index f32cbbedeb..e65e9b8d2d 100644 --- a/windows/deployment/update/waas-wufb-intune.md +++ b/windows/deployment/update/waas-wufb-intune.md @@ -8,6 +8,7 @@ author: jaimeo ms.localizationpriority: medium ms.author: jaimeo ms.date: 07/27/2017 +ms.topic: article --- # Walkthrough: use Microsoft Intune to configure Windows Update for Business diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index c11042619d..6be715e074 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Frequently asked questions and troubleshooting Windows Analytics @@ -77,12 +79,14 @@ If you have deployed images that have not been generalized, then many of them mi [![Device Reliability tile showing device count highlighted](images/device-reliability-device-count.png)](images/device-reliability-device-count.png) If you have devices that appear in other solutions, but not Device Health, follow these steps to investigate the issue: -1. Confirm that the devices are running Windows10. -2. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551). -3. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set). -4. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information. -5. Wait 48 hours for activity to appear in the reports. -6. If you need additional troubleshooting, contact Microsoft Support. +1. Using the Azure portal, remove the Device Health (appears as DeviceHealthProd on some pages) solution from your Log Analytics workspace. After completing this, add the Device Health solution to you workspace again. +2. Confirm that the devices are running Windows 10. +3. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551). +4. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set). +5. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information. +6. Remove the Device Health (appears as DeviceHealthProd on some pages) from your Log Analytics workspace +7. Wait 48 hours for activity to appear in the reports. +8. If you need additional troubleshooting, contact Microsoft Support. ### Device crashes not appearing in Device Health Device Reliability diff --git a/windows/deployment/update/windows-analytics-azure-portal.md b/windows/deployment/update/windows-analytics-azure-portal.md index 384738b8fa..7e923f2c27 100644 --- a/windows/deployment/update/windows-analytics-azure-portal.md +++ b/windows/deployment/update/windows-analytics-azure-portal.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Windows Analytics in the Azure Portal diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 849127c525..e5432caaa9 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Enrolling devices in Windows Analytics @@ -167,7 +169,7 @@ These policies are under Microsoft\Windows\DataCollection: | CommercialDataOptIn (in Windows 7 and Windows 8) | 1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. | -You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/ProviderID/CommercialID). For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation. +You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/*Provider ID*/CommercialID). (If you are using Microsoft Intune, use `MS DM Server` as the provider ID.) For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation. The corresponding preference registry values are available in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** and can be configured by the deployment script. If a given setting is configured by both preference registry settings and policy, the policy values will override. However, the **IEDataOptIn** setting is different--you can only set this with the preference registry keys: diff --git a/windows/deployment/update/windows-analytics-overview.md b/windows/deployment/update/windows-analytics-overview.md index d150f9e110..b3d29aa83c 100644 --- a/windows/deployment/update/windows-analytics-overview.md +++ b/windows/deployment/update/windows-analytics-overview.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.collection: M365-analytics +ms.topic: article --- # Windows Analytics overview diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md index 1ce1363b10..744f34d7a4 100644 --- a/windows/deployment/update/windows-analytics-privacy.md +++ b/windows/deployment/update/windows-analytics-privacy.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: high +ms.collection: M365-analytics +ms.topic: article --- # Windows Analytics and privacy diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index ad022440c3..f49645a75a 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -8,6 +8,7 @@ author: lizap ms.author: elizapo ms.date: 01/24/2019 ms.localizationpriority: high +ms.collection: M365-modern-desktop --- # Windows as a service @@ -24,6 +25,8 @@ Everyone wins when transparency is a top priority. We want you to know when upda The latest news:
    +
  • Data, insights and listening to improve the customer experience - March 6, 2019
    • +
  • Getting to know the Windows update history pages - February 21, 2019
  • Windows Update for Business and the retirement of SAC-T - February 14, 2019
  • Application compatibility in the Windows ecosystem - January 15, 2019
  • Windows monthly security and quality updates overview - January 10, 2019
    • diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index d507deedb3..8552724e85 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -8,6 +8,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.topic: article --- # Windows Update error codes by component diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index 25fd1a5279..d63d0500b4 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -8,6 +8,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.topic: article --- # Windows Update common errors and mitigation diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index b202854a46..b65bcc0c93 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -8,6 +8,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.topic: article --- # Windows Update log files diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index a89c60d9ec..18664e5161 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -8,6 +8,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.topic: article --- # Get started with Windows Update diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index eeac6b3852..66befc0f13 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -8,6 +8,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.topic: article --- # Windows Update - additional resources diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index c4202da9c9..5f09b45f16 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -8,6 +8,7 @@ author: kaushika-msft ms.localizationpriority: medium ms.author: elizapo ms.date: 09/18/2018 +ms.topic: article --- # Windows Update troubleshooting @@ -102,6 +103,7 @@ netsh winhttp set proxy ProxyServerName:PortNumber If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_MISMATCH error, or if you notice high CPU usage while updates are downloading, check the proxy configuration to permit HTTP RANGE requests to run. You may choose to apply a rule to permit HTTP RANGE requests for the following URLs: + *.download.windowsupdate.com *.dl.delivery.mp.microsoft.com *.emdl.ws.microsoft.com diff --git a/windows/deployment/update/wufb-autoupdate.md b/windows/deployment/update/wufb-autoupdate.md index d8cfc4631a..da64371629 100644 --- a/windows/deployment/update/wufb-autoupdate.md +++ b/windows/deployment/update/wufb-autoupdate.md @@ -8,6 +8,7 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 06/20/2018 +ms.topic: article --- # Set up Automatic Update in Windows Update for Business with group policies diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md index 899a052c51..6cdd0a1cc6 100644 --- a/windows/deployment/update/wufb-basics.md +++ b/windows/deployment/update/wufb-basics.md @@ -8,6 +8,7 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 06/20/2018 +ms.topic: article --- # Configure the Basic group policy for Windows Update for Business diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 833ec9e014..5d1f0ea0d5 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -8,6 +8,7 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 06/20/2018 +ms.topic: article --- # Enforcing compliance deadlines for updates diff --git a/windows/deployment/update/wufb-managedrivers.md b/windows/deployment/update/wufb-managedrivers.md index 5580d134d5..c49ed5ff8a 100644 --- a/windows/deployment/update/wufb-managedrivers.md +++ b/windows/deployment/update/wufb-managedrivers.md @@ -8,6 +8,7 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 06/21/2018 +ms.topic: article --- # Managing drivers, dual-managed environments, and Delivery Optimization with group policies diff --git a/windows/deployment/update/wufb-manageupdate.md b/windows/deployment/update/wufb-manageupdate.md index 648f63e398..84aa983ea8 100644 --- a/windows/deployment/update/wufb-manageupdate.md +++ b/windows/deployment/update/wufb-manageupdate.md @@ -8,6 +8,7 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 06/20/2018 +ms.topic: article --- # Manage feature and quality updates with group policies diff --git a/windows/deployment/update/wufb-onboard.md b/windows/deployment/update/wufb-onboard.md index dac150819b..022e4b177b 100644 --- a/windows/deployment/update/wufb-onboard.md +++ b/windows/deployment/update/wufb-onboard.md @@ -8,6 +8,7 @@ author: lizap ms.localizationpriority: medium ms.author: elizapo ms.date: 06/20/2018 +ms.topic: article --- # Onboarding to Windows Update for Business in Windows 10 diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index e68fbd4f41..1e62227e0d 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 03/30/2018 ms.localizationpriority: medium +ms.topic: article --- # Log files diff --git a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md index 73daaea76b..05ad622fed 100644 --- a/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md +++ b/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md @@ -4,6 +4,7 @@ description: Provides an overview of the process of managing Windows upgrades wi ms.prod: w10 author: greg-lindsay ms.date: 04/25/2017 +ms.topic: article --- # Manage Windows upgrades with Upgrade Readiness diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index fd3ae2a1d7..d8b5c9b9e4 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 05/03/2018 ms.localizationpriority: medium +ms.topic: article --- # Quick fixes diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 825c47fba7..3b660307e8 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 03/30/2018 ms.localizationpriority: medium +ms.topic: article --- # Resolution procedures diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 80c7484a85..3193a41095 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 04/18/2018 ms.localizationpriority: medium +ms.topic: article --- # Resolve Windows 10 upgrade errors : Technical information for IT Pros diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 8b8a90dcf1..9b97b16be8 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 12/18/2018 ms.localizationpriority: medium +ms.topic: article --- # SetupDiag diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index e856e35e36..a3241982d6 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 03/16/2018 ms.localizationpriority: medium +ms.topic: article --- # Submit Windows 10 upgrade errors using Feedback Hub diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index e363b4d807..e89aab650c 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.localizationpriority: medium +ms.topic: article --- # Troubleshooting upgrade errors diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 00d8d41bb4..398c6de350 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 08/18/2018 ms.localizationpriority: medium +ms.topic: article --- # Upgrade error codes diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md index 74c4a1b565..7c3bfe6c23 100644 --- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md +++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md @@ -3,6 +3,8 @@ title: Upgrade Readiness - Additional insights description: Explains additional features of Upgrade Readiness. ms.prod: w10 author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness - Additional insights diff --git a/windows/deployment/upgrade/upgrade-readiness-architecture.md b/windows/deployment/upgrade/upgrade-readiness-architecture.md index d0bf1ba221..bba456b2e9 100644 --- a/windows/deployment/upgrade/upgrade-readiness-architecture.md +++ b/windows/deployment/upgrade/upgrade-readiness-architecture.md @@ -3,6 +3,8 @@ title: Upgrade Readiness architecture (Windows 10) description: Describes Upgrade Readiness architecture. ms.prod: w10 author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness architecture diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md index 5be4b56f53..9753f76d40 100644 --- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md +++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md @@ -6,6 +6,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness data sharing diff --git a/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md b/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md index 96332bb317..38f7cf60aa 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md +++ b/windows/deployment/upgrade/upgrade-readiness-deploy-windows.md @@ -3,6 +3,8 @@ title: Upgrade Readiness - Get a list of computers that are upgrade ready (Windo description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness. ms.prod: w10 author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness - Step 3: Deploy Windows diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index ec7d59b862..3a7220e92f 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -6,6 +6,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness deployment script diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index 89b0ca53fe..58c217bda4 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -9,6 +9,8 @@ ms.pagetype: deploy author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.topic: article +ms.collection: M365-analytics --- # Get started with Upgrade Readiness diff --git a/windows/deployment/upgrade/upgrade-readiness-identify-apps.md b/windows/deployment/upgrade/upgrade-readiness-identify-apps.md index b089d65f7b..0d0bf625ef 100644 --- a/windows/deployment/upgrade/upgrade-readiness-identify-apps.md +++ b/windows/deployment/upgrade/upgrade-readiness-identify-apps.md @@ -3,6 +3,8 @@ title: Upgrade Readiness - Identify important apps (Windows 10) description: Describes how to prepare your environment so that you can use Upgrade Readiness to manage Windows upgrades. ms.prod: w10 author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness - Step 1: Identify important apps diff --git a/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md b/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md index e1e0bb0a7d..f84da4c3eb 100644 --- a/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md +++ b/windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md @@ -6,6 +6,8 @@ ms.localizationpriority: medium ms.prod: w10 author: jaimeo ms.author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness - Step 4: Monitor diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index e7f6a76085..dbae4ad42f 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -6,6 +6,8 @@ ms.prod: w10 author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness requirements diff --git a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md index 3c73b1ceb3..d6d2f7af15 100644 --- a/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md +++ b/windows/deployment/upgrade/upgrade-readiness-resolve-issues.md @@ -6,6 +6,8 @@ ms.prod: w10 author: jaimeo ms.author: jaimeo ms.localizationpriority: medium +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness - Step 2: Resolve app and driver issues diff --git a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md index 591cc06de3..24abb86fb6 100644 --- a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md +++ b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md @@ -3,6 +3,8 @@ title: Upgrade Readiness - Targeting a new operating system version description: Explains how to run Upgrade Readiness again to target a different operating system version or bulk-approve all apps from a given vendor ms.prod: w10 author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Targeting a new operating system version diff --git a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md index d3560f85ac..fb74ebaab1 100644 --- a/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md +++ b/windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md @@ -3,6 +3,8 @@ title: Upgrade Readiness - Upgrade Overview (Windows 10) description: Displays the total count of computers sharing data and upgraded. ms.prod: w10 author: jaimeo +ms.topic: article +ms.collection: M365-analytics --- # Upgrade Readiness - Upgrade overview diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 1954507487..d9763887fe 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.mktglfcycl: deploy author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Perform an in-place upgrade to Windows 10 using Configuration Manager diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md index d6cdab7ce2..7986e2b587 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md @@ -10,6 +10,7 @@ ms.sitesec: library ms.pagetype: mdt author: mtniehaus ms.date: 07/27/2017 +ms.topic: article --- # Perform an in-place upgrade to Windows 10 with MDT diff --git a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md index 8c687c4309..ed314a0bb8 100644 --- a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md +++ b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library -ms.pagetype: mdt -author: Jamiejdt -ms.date: 07/27/2017 +ms.pagetype: mdm +author: greg-lindsay +ms.topic: article --- # Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM) @@ -18,9 +18,15 @@ ms.date: 07/27/2017 - Windows 10 Mobile ## Summary -This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using Mobile Device Management (MDM). To determine if the device is eligible for an upgrade, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article. -The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in. +This article describes how system administrators can upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM). + +>[!IMPORTANT] +>If you are not a system administrator, see the [Windows 10 Mobile Upgrade & Updates](https://www.microsoft.com/windows/windows-10-mobile-upgrade) page for details about updating your Windows 8.1 Mobile device to Windows 10 Mobile using the [Upgrade Advisor](https://www.microsoft.com/store/p/upgrade-advisor/9nblggh0f5g4). + +## Upgrading with MDM + +The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. To determine if the device is eligible for an upgrade with MDM, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in. If you use a list of allowed applications (app whitelisting) with MDM, verify that system applications are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are [known issues](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whitelist) with app whitelisting that could adversely affect the device after you upgrade. @@ -89,7 +95,7 @@ The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterp We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device. -Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 mobile](https://www.microsoft.com/en/mobile/windows10) page. +Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 Mobile FAQ](https://support.microsoft.com/help/10599/windows-10-mobile-how-to-get) page. ### How to blacklist the Upgrade Advisor app diff --git a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md index 97bc60f3d0..5b149323f8 100644 --- a/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md +++ b/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -7,6 +7,7 @@ ms.prod: w10 author: jaimeo ms.author: jaimeo ms.date: 07/31/2018 +ms.topic: article --- # Use Upgrade Readiness to manage Windows upgrades diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 469b80ff01..7183dcd91c 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mobile author: greg-lindsay +ms.topic: article --- # Windows 10 edition upgrade diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index a1a57c4f21..6c780da774 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -7,6 +7,7 @@ ms.sitesec: library ms.localizationpriority: medium ms.pagetype: mobile author: greg-lindsay +ms.topic: article --- # Windows 10 upgrade paths diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 00ad7ccbf0..1b021674ca 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -9,6 +9,7 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 03/30/2018 ms.localizationpriority: medium +ms.topic: article --- # Windows error reporting diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index a16c0e1719..d5eff8daa4 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 11/17/2017 +ms.topic: article --- # Windows upgrade and migration considerations diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 7414694368..060c4485ec 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Getting Started with the User State Migration Tool (USMT) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 8f7ffec7b1..f80bc67ba2 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Migrate Application Settings diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 9d396de135..d019dc53f2 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Migration Store Types Overview diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index bb58e9867d..93bdc1523e 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Offline Migration Reference diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index b7c52607a1..0f29913dee 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Understanding Migration XML Files diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 40967a0ee3..5d26845936 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # USMT Best Practices diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 4551589ccd..fd3170f994 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Choose a Migration Store Type diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 53367d6cb0..9d5968c09d 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # User State Migration Tool (USMT) Command-line Syntax diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 67ac98fcad..753055a44c 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.date: 09/19/2017 author: greg-lindsay +ms.topic: article --- # Common Issues diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 0cf81e4fed..9610ddc0ca 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Common Migration Scenarios diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 549a863089..7a81795919 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Config.xml File diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index 5facab35e2..835c365684 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Conflicts and Precedence diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 69d78fbd54..7aa6d0c5d4 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Custom XML Examples diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index affa696a95..a07abab50d 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Customize USMT XML Files diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index bdae639513..224a7d5a1b 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Determine What to Migrate diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index ac8107db57..670edce731 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Estimate Migration Store Size diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 7f45010a75..3e8388b8b8 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Exclude Files and Settings diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index ff5a96e50d..90f1903e5d 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Extract Files from a Compressed USMT Migration Store diff --git a/windows/deployment/usmt/usmt-faq.md b/windows/deployment/usmt/usmt-faq.md index 42ff54b6cf..70d6e1b2f5 100644 --- a/windows/deployment/usmt/usmt-faq.md +++ b/windows/deployment/usmt/usmt-faq.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Frequently Asked Questions diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index 3cbed8dac0..ea9b591221 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # General Conventions diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 6c3a39cbad..2de6572380 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Hard-Link Migration Store diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index f5ebecc8eb..956abe0554 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # How USMT Works diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index f3e4659b75..57faa88dd9 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # User State Migration Tool (USMT) How-to topics diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index c924cce50b..134ae9d3a7 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Identify Applications Settings diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md index ded6a59f34..5070fe03e4 100644 --- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md +++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Identify File Types, Files, and Folders diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index 6695528a7c..28d95e4b3b 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Identify Operating System Settings diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index 58fe715cfb..5654585491 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Identify Users diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index 31cb94e46d..b3e26e37b3 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Include Files and Settings diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 522972b99b..760fbb96ed 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # LoadState Syntax diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index ba63a86235..3c71bf52ca 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Log Files diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index ea1fda6f15..c38ad5f818 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Migrate EFS Files and Certificates diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 5007823608..9fb4c1f48f 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Migrate User Accounts diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index f1e7205880..a177f4bccb 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Migration Store Encryption diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index 64dca2cedb..6cd2240e96 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 10/16/2017 +ms.topic: article --- # User State Migration Tool (USMT) Overview diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index d8cbeb6f28..aabd7f7072 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Plan Your Migration diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index e83a3bc015..7012dc5ff6 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Recognized Environment Variables diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index 782c80df15..6472bb3b6a 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # User State Migration Toolkit (USMT) Reference diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 6166d21bcd..c4d78425d6 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 05/03/2017 +ms.topic: article --- # USMT Requirements diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index b34f25672c..9f146337b3 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Reroute Files and Settings diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index bd334fc553..c934bdd8eb 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # USMT Resources diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 287ac6ffc7..0ec3d9f0f8 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Return Codes diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 2443952b25..ca8aab7167 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # ScanState Syntax diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index 352c1e7ae7..8386dcb426 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # User State Migration Tool (USMT) Technical Reference diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index 72194933a6..fd06ddddea 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Test Your Migration diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index ee6c7f1409..16bffa6816 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # User State Migration Tool (USMT) Overview Topics diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md index b3588b8bab..a3c18ef846 100644 --- a/windows/deployment/usmt/usmt-troubleshooting.md +++ b/windows/deployment/usmt/usmt-troubleshooting.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # User State Migration Tool (USMT) Troubleshooting diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md index 7d636d1d1a..1f7f57ce3e 100644 --- a/windows/deployment/usmt/usmt-utilities.md +++ b/windows/deployment/usmt/usmt-utilities.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # UsmtUtils Syntax diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index ab7bbe5661..90ad6b1407 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 09/12/2017 +ms.topic: article --- # What does USMT migrate? diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index 46ec2a4af2..edea901079 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # XML Elements Library diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index f613485b42..bf89e762e9 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # USMT XML Reference diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index 277b89ff90..273d230290 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # Verify the Condition of a Compressed Migration Store diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index a85b173f69..968c47e9bb 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 04/19/2017 +ms.topic: article --- # XML File Requirements diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index 63031ebeaa..52d00d7f17 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -9,6 +9,8 @@ ms.sitesec: library ms.pagetype: mdt ms.date: 05/17/2018 author: greg-lindsay +ms.topic: article +ms.collection: M365-modern-desktop --- # Configure VDA for Windows 10 Subscription Activation diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md index 394e9dbac2..feaadc8e47 100644 --- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Activate by Proxy an Active Directory Forest diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md index 9673148fa4..ea37d1ba1a 100644 --- a/windows/deployment/volume-activation/activate-forest-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Activate an Active Directory Forest Online diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 66f3559c4f..03e0029f83 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Activate using Active Directory-based activation diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index ebb0b5998f..dd8545387c 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 10/16/2017 +ms.topic: article --- # Activate using Key Management Service diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md index e6dadebd76..2747cb444b 100644 --- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md +++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Activate clients running Windows 10 diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md index 80c66dec36..f217d8827c 100644 --- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md +++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: greg-lindsay ms.date: 12/07/2018 +ms.topic: article --- # Active Directory-Based Activation overview diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md index d3f1736d57..3f226d854d 100644 --- a/windows/deployment/volume-activation/add-manage-products-vamt.md +++ b/windows/deployment/volume-activation/add-manage-products-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Add and Manage Products diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md index 14eb6d93b5..612916effe 100644 --- a/windows/deployment/volume-activation/add-remove-computers-vamt.md +++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library author: jdeckerms ms.pagetype: activation ms.date: 04/25/2017 +ms.topic: article --- # Add and Remove Computers diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md index dbc43dacd5..0168f3de62 100644 --- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md +++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Add and Remove a Product Key diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index 63b927fef1..09daa5dffb 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -10,7 +10,9 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- + # Appendix: Information sent to Microsoft during activation **Applies to** - Windows 10 diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index bc6d81502b..ce4dae56e7 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Configure Client Computers diff --git a/windows/deployment/volume-activation/images/sql-instance.png b/windows/deployment/volume-activation/images/sql-instance.png new file mode 100644 index 0000000000..379935e01c Binary files /dev/null and b/windows/deployment/volume-activation/images/sql-instance.png differ diff --git a/windows/deployment/volume-activation/images/vamt-db.png b/windows/deployment/volume-activation/images/vamt-db.png new file mode 100644 index 0000000000..6c353fe835 Binary files /dev/null and b/windows/deployment/volume-activation/images/vamt-db.png differ diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index 761457d1c2..6c5122845f 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Import and Export VAMT Data diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md index 2f86348791..cd82ce78a4 100644 --- a/windows/deployment/volume-activation/install-configure-vamt.md +++ b/windows/deployment/volume-activation/install-configure-vamt.md @@ -9,6 +9,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Install and Configure VAMT diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md index d5409b4409..2894ba4f88 100644 --- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md +++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md @@ -9,6 +9,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Install a KMS Client Key diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md index 47904029b2..fb7df4b2e4 100644 --- a/windows/deployment/volume-activation/install-product-key-vamt.md +++ b/windows/deployment/volume-activation/install-product-key-vamt.md @@ -9,6 +9,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Install a Product Key diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index cacf7ac0d0..a4905eb8ae 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -8,7 +8,8 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium -ms.date: 04/25/2018 +ms.date: 03/11/2019 +ms.topic: article --- # Install VAMT @@ -17,7 +18,7 @@ This topic describes how to install the Volume Activation Management Tool (VAMT) ## Install VAMT -You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10. +You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. >[!IMPORTANT]   >VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator.  @@ -25,24 +26,46 @@ You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK) >[!NOTE]   >The VAMT Microsoft Management Console snap-in ships as an x86 package. -To install SQL Server Express: -1. Install the Windows ADK. -2. Ensure that **Volume Activation Management Tool** is selected to be installed. -3. Click **Install**. +### Requirements + +- [Windows Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access and all updates applied +- [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036) +- [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express) + +### Install SQL Server 2017 Express + +1. Download and open the [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express) package. +2. Select **Basic**. +3. Accept the license terms. +4. Enter an install location or use the default path, and then select **Install**. +5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. + ![In this example, the instance name is SQLEXPRESS01](images/sql-instance.png) + +### Install VAMT using the ADK + +1. Download and open the [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036) package. +2. Enter an install location or use the default path, and then select **Next**. +3. Select a privacy setting, and then select **Next**. +4. Accept the license terms. +5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. (You can select additional features to install as well.) +6. On the completion page, select **Close**. + +### Configure VAMT to connect to SQL Server 2017 Express + +1. Open **Volume Active Management Tool 3.1** from the Start menu. +2. Enter the server instance name and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example. + + ![Server name is .\SQLEXPRESS and database name is VAMT](images/vamt-db.png) -## Select a Database -VAMT requires a SQL database. After you install VAMT, if you have a computer information list (CIL) that was created in a previous version of VAMT, you must import the list into a SQL database. If you do not have SQL installed, you can [download a free copy of Microsoft SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) and create a new database into which you can import the CIL. -You must configure SQL installation to allow remote connections and you must provide the corresponding server name in the format: *Machine Name\\SQL Server Name*. If a new VAMT database needs to be created, provide a name for the new database. ## Uninstall VAMT -To uninstall VAMT via the **Programs and Features** Control Panel: -1. Open the **Control Panel** and select **Programs and Features**. +To uninstall VAMT using the **Programs and Features** Control Panel: +1. Open **Control Panel** and select **Programs and Features**. 2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. -## Related topics -- [Install and Configure VAMT](install-configure-vamt.md) +     diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index d527c0e57a..da71484e83 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Introduction to VAMT diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index d399375158..9752481f0b 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Perform KMS Activation diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index 81d2deb8aa..c2c0095d04 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Perform Local Reactivation diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index 29aee68fac..480d593d6d 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Manage Activations diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index 4e51082561..356b2adbca 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Manage Product Keys diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index b71b5629d9..f2a1b046c1 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Manage VAMT Data diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index 1b8d6436f4..1b13e0e5ff 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: greg-lindsay ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Monitor activation diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index ec04a095dd..1342ffa177 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Perform Online Activation diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index d1cdff4f2f..26eb638a78 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 09/27/2017 +ms.topic: article --- # Plan for volume activation diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index 8b1fda4134..aab7a8768c 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Perform Proxy Activation diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index 54d63f20f6..719e036af3 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Remove Products diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 1b3ee09ca7..74bb58d089 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Scenario 3: KMS Client Activation diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index 04b2b6ea5d..ba55442b69 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Scenario 1: Online Activation diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index a57fcad150..e83331d22e 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Scenario 2: Proxy Activation diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index 81108e69e4..a114a8e286 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Update Product Status diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 16b38ae4ee..68c4c3cd66 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Use the Volume Activation Management Tool diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index ff1efca6bc..521f5ee32b 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Use VAMT in Windows PowerShell diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 99dd5123f7..19ce9dbba1 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # VAMT Known Issues diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index f595695c11..553111ae6f 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # VAMT Requirements diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 7678851556..f057e3302e 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # VAMT Step-by-Step Scenarios diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index 17df92c0e9..172989517e 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.date: 04/25/2017 +ms.topic: article --- # Volume Activation Management Tool (VAMT) Technical Reference diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 00cf4068f1..ebf9a48213 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -10,6 +10,7 @@ ms.pagetype: activation author: jdeckerms ms.localizationpriority: medium ms.date: 07/27/2017 +ms.topic: article --- # Volume Activation for Windows 10 diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 684ee94aa7..e9cd9edd07 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.sitesec: library ms.date: 11/06/2018 author: greg-lindsay +ms.topic: article --- # Windows 10 deployment scenarios diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md index 624e9bf703..0395575429 100644 --- a/windows/deployment/windows-10-deployment-tools-reference.md +++ b/windows/deployment/windows-10-deployment-tools-reference.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 07/12/2017 +ms.topic: article --- # Windows 10 deployment tools diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index b9b4727e55..ec368c30f1 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.date: 10/16/2017 +ms.topic: article --- # Windows 10 deployment tools diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index 2838a773e0..8419e4ccb1 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -9,6 +9,8 @@ ms.sitesec: library ms.pagetype: mdt ms.date: 08/24/2017 author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- # Windows 10 Enterprise E3 in CSP diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index 73593356e4..8fe7eba6f0 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -8,6 +8,8 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mdt author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- # Windows 10 Subscription Activation diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 23489fb3dd..ab9ff889c0 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.date: 10/20/2017 ms.sitesec: library author: greg-lindsay +ms.topic: article --- # Windows 10 volume license media diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md index 46a39d7a66..708ffc8476 100644 --- a/windows/deployment/windows-10-missing-fonts.md +++ b/windows/deployment/windows-10-missing-fonts.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium author: kaushika-msft ms.author: kaushika ms.date: 10/31/2017 +ms.topic: article --- # How to install fonts that are missing after upgrading to Windows 10 diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index 789488af22..340920f673 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -9,6 +9,7 @@ keywords: deployment, automate, tools, configure, mdt ms.localizationpriority: medium ms.date: 10/11/2017 author: greg-lindsay +ms.topic: article --- diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 804e016464..a83edcf57d 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -9,6 +9,7 @@ keywords: deployment, automate, tools, configure, sccm ms.localizationpriority: medium ms.date: 10/11/2017 author: greg-lindsay +ms.topic: article --- # Deploy Windows 10 in a test lab using System Center Configuration Manager diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 27aa69d26a..08755c35c9 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -9,6 +9,7 @@ keywords: deployment, automate, tools, configure, mdt, sccm ms.localizationpriority: medium ms.date: 11/16/2017 author: greg-lindsay +ms.topic: article --- # Step by step guide: Configure a test lab to deploy Windows 10 diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md index 2c2a9c2a25..2e66746137 100644 --- a/windows/deployment/windows-10-pro-in-s-mode.md +++ b/windows/deployment/windows-10-pro-in-s-mode.md @@ -8,6 +8,8 @@ ms.prod: w10 ms.sitesec: library ms.pagetype: deploy author: jaimeo +ms.collection: M365-modern-desktop +ms.topic: article --- # Switch to Windows 10 Pro or Enterprise from S mode diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md index 05a2b022ab..06d9b89385 100644 --- a/windows/deployment/windows-adk-scenarios-for-it-pros.md +++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.sitesec: library author: greg-lindsay ms.date: 07/27/2017 +ms.topic: article --- # Windows ADK for Windows 10 scenarios for IT Pros diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md index 32da345a29..35cd9c6cba 100644 --- a/windows/deployment/windows-autopilot/TOC.md +++ b/windows/deployment/windows-autopilot/TOC.md @@ -13,14 +13,15 @@ ### [Windows Autopilot Reset](windows-autopilot-reset.md) #### [Remote reset](windows-autopilot-reset-remote.md) #### [Local reset](windows-autopilot-reset-local.md) -## Administering Autopilot +## [Administering Autopilot](administer.md) ### [Configuring](configure-autopilot.md) #### [Adding devices](add-devices.md) #### [Creating profiles](profiles.md) #### [Enrollment status page](enrollment-status.md) #### [BitLocker encryption](bitlocker.md) -### [Administering Autopilot via Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles) +### [Administering Autopilot via Partner Center](https://docs.microsoft.com/en-us/partner-center/autopilot) ### [Administering Autopilot via Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot) +### [Administering Autopilot via Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles) ### [Administering Autopilot via Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa) ## Getting started ### [Demonstrate Autopilot deployment on a VM](demonstrate-deployment-on-vm.md) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index db20123f7a..853bcdd07b 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Adding devices to Windows Autopilot **Applies to** @@ -50,7 +53,7 @@ To use this script, you can download it from the PowerShell Gallery and run it o ```powershell md c:\\HWID Set-Location c:\\HWID -Set-ExecutionPolicy Unrestricted +Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted Install-Script -Name Get-WindowsAutoPilotInfo Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv ``` diff --git a/windows/deployment/windows-autopilot/administer.md b/windows/deployment/windows-autopilot/administer.md new file mode 100644 index 0000000000..402c3a2f7d --- /dev/null +++ b/windows/deployment/windows-autopilot/administer.md @@ -0,0 +1,69 @@ +--- +title: Administering Autopilot +description: A short description of methods for configuring Autopilot +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: low +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Administering Autopilot + +**Applies to: Windows 10** + +Several platforms are available to register devices with Windows Autopilot. A summary of each platform's capabilities is provided below. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Platform/Portal +Register devices? +Create/Assign profile +Acceptable DeviceID +
    OEM Direct APIYES - 1000 at a time maxNOTuple or PKID
    Partner CenterYES - 1000 at a time max\*YESTuple or PKID or 4K HH
    IntuneYES - 175 at a time maxYES\*4K HH
    Microsoft Store for BusinessYES - 1000 at a time maxYES4K HH
    Microsoft Business 365YES - 1000 at a time maxYES4K HH
    + +>*Microsoft recommended platform to use \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 850f631e72..a22b5336e7 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot FAQ **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/autopilot-support.md b/windows/deployment/windows-autopilot/autopilot-support.md index 65932a5cf6..370197bca0 100644 --- a/windows/deployment/windows-autopilot/autopilot-support.md +++ b/windows/deployment/windows-autopilot/autopilot-support.md @@ -10,6 +10,8 @@ ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay ms.date: 10/31/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Windows Autopilot support information diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md index ae47150794..cf06f0bc75 100644 --- a/windows/deployment/windows-autopilot/bitlocker.md +++ b/windows/deployment/windows-autopilot/bitlocker.md @@ -10,8 +10,11 @@ ms.pagetype: deploy ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Setting the BitLocker encryption algorithm for Autopilot devices With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins. diff --git a/windows/deployment/windows-autopilot/configure-autopilot.md b/windows/deployment/windows-autopilot/configure-autopilot.md index 2a35ccf721..988b5d91f2 100644 --- a/windows/deployment/windows-autopilot/configure-autopilot.md +++ b/windows/deployment/windows-autopilot/configure-autopilot.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Configure Autopilot deployment **Applies to** diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index f47603c201..85eae673e8 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Demonstrate Autopilot deployment on a VM **Applies to** diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md index 01a31ebad9..89e9a585ba 100644 --- a/windows/deployment/windows-autopilot/enrollment-status.md +++ b/windows/deployment/windows-autopilot/enrollment-status.md @@ -10,8 +10,11 @@ ms.pagetype: deploy ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot Enrollment Status page The Windows Autopilot Enrollment Status page displaying the status of the complete device configuration process. Incorporating feedback from customers, this provides information to the user to show that the device is being set up and can be configured to prevent access to the desktop until the configuration is complete. diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 72bca7e019..643cfeb6bd 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -10,6 +10,8 @@ ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay ms.date: 11/05/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- # Windows Autopilot for existing devices diff --git a/windows/deployment/windows-autopilot/intune-connector.md b/windows/deployment/windows-autopilot/intune-connector.md index 50ee521951..f557867c0b 100644 --- a/windows/deployment/windows-autopilot/intune-connector.md +++ b/windows/deployment/windows-autopilot/intune-connector.md @@ -10,6 +10,8 @@ ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay ms.date: 11/26/2018 +ms.collection: M365-modern-desktop +ms.topic: article --- diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md index 32455a34ad..8884be069a 100644 --- a/windows/deployment/windows-autopilot/profiles.md +++ b/windows/deployment/windows-autopilot/profiles.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Configure Autopilot profiles **Applies to** diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md index 5a5dcf695d..563dc03e5f 100644 --- a/windows/deployment/windows-autopilot/registration-auth.md +++ b/windows/deployment/windows-autopilot/registration-auth.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot customer consent **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md index 68138d4b86..be36013432 100644 --- a/windows/deployment/windows-autopilot/self-deploying.md +++ b/windows/deployment/windows-autopilot/self-deploying.md @@ -10,8 +10,11 @@ ms.pagetype: ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot Self-Deploying mode (Preview) **Applies to: Windows 10, version 1809 or later** diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md index 8a248dbf27..70fa92e2a5 100644 --- a/windows/deployment/windows-autopilot/troubleshooting.md +++ b/windows/deployment/windows-autopilot/troubleshooting.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Troubleshooting Windows Autopilot **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/user-driven-aad.md b/windows/deployment/windows-autopilot/user-driven-aad.md index 50dd79e58e..2058c34488 100644 --- a/windows/deployment/windows-autopilot/user-driven-aad.md +++ b/windows/deployment/windows-autopilot/user-driven-aad.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot user-driven mode for Azure Active Directory join **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md index 895992424d..2381c3b8c8 100644 --- a/windows/deployment/windows-autopilot/user-driven-hybrid.md +++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md @@ -9,9 +9,12 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot user-driven mode for hybrid Azure Active Directory join **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index efe36198a5..eb34848a9d 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -10,8 +10,11 @@ ms.pagetype: deploy author: greg-lindsay ms.date: 11/07/2018 ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot user-driven mode Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device. The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions: diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md index ed91b71732..9610dbb4af 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot configuration requirements **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md index f88d935d8c..aaae7ae596 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot licensing requirements **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md index 260b773472..dc3de62a1b 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot networking requirements **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index ae16b100af..fc304b4020 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot requirements **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md index 59ee22ba1a..ac25a597f7 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md @@ -10,8 +10,11 @@ ms.pagetype: ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Reset devices with local Windows Autopilot Reset **Applies to: Windows 10, version 1709 and above diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md index 991d7dd424..30fb733eb0 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md @@ -10,8 +10,11 @@ ms.pagetype: ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Reset devices with remote Windows Autopilot Reset (Preview) **Applies to: Windows 10, build 17672 or later** diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md index 05d45ae57a..1a5c9e982d 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md @@ -10,8 +10,11 @@ ms.pagetype: ms.localizationpriority: medium author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot Reset **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md index e59b199a77..d73e7bb81f 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Windows Autopilot scenarios **Applies to: Windows 10** diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md index e9043c8a72..bbbde28edc 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot.md +++ b/windows/deployment/windows-autopilot/windows-autopilot.md @@ -9,8 +9,11 @@ ms.sitesec: library ms.pagetype: deploy author: greg-lindsay ms.author: greg-lindsay +ms.collection: M365-modern-desktop +ms.topic: article --- + # Overview of Windows Autopilot **Applies to** diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 6ac888a69b..2682bbad0b 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -8,6 +8,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: mtniehaus ms.date: 07/12/2017 +ms.topic: article --- # Windows 10 deployment scenarios and tools diff --git a/windows/docfx.json b/windows/docfx.json index 9ac35033eb..0e7c823b17 100644 --- a/windows/docfx.json +++ b/windows/docfx.json @@ -25,6 +25,7 @@ "externalReference": [ ], "template": "op.html", - "dest": "windows" + "dest": "windows", + "markdownEngineName": "dfm" } } diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json index 8ef6442201..a44aea3b51 100644 --- a/windows/hub/docfx.json +++ b/windows/hub/docfx.json @@ -50,6 +50,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "windows-hub" + "dest": "windows-hub", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/hub/windows-10-landing.yml b/windows/hub/windows-10-landing.yml index 03923fa63f..9932c85367 100644 --- a/windows/hub/windows-10-landing.yml +++ b/windows/hub/windows-10-landing.yml @@ -57,7 +57,7 @@ sections: - type: markdown text: " Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
    - +

    **In-place upgrade**
    The simplest way to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
    Upgrade to Windows 10 with Configuration Manager
    Upgrade to Windows 10 with MDT
    **Traditional deployment**
    Some organizations may still need to opt for an image-based deployment of Windows 10.
    Deploy Windows 10 with Configuration Manager
    Deploy Windows 10 with MDT

    **Dynamic provisioning**
    With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
    Provisioning packages for Windows 10
    Build and apply a provisioning package
    Customize Windows 10 start and the taskbar
    **Other deployment scenarios**
    Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.
    Windows deployment for education environments
    Set up a shared or guest PC with Windows 10
    Sideload apps in Windows 10

    **In-place upgrade**
    The simplest way to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
    Upgrade to Windows 10 with Configuration Manager
    Upgrade to Windows 10 with MDT
    **Traditional deployment**
    Some organizations may still need to opt for an image-based deployment of Windows 10.
    Deploy Windows 10 with Configuration Manager
    Deploy Windows 10 with MDT

    **Dynamic provisioning**
    With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
    Provisioning packages for Windows 10
    Build and apply a provisioning package
    Customize Windows 10 start and the taskbar
    **Other deployment scenarios**
    Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.
    Windows deployment for education environments
    Set up a shared or guest PC with Windows 10
    Sideload apps in Windows 10
    " - title: Management and security diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index 326d9590b2..30e23dda88 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -4181,7 +4181,7 @@ The following fields are available: - **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RevisionNumber** The revision number of the specified piece of content. -- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. - **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). @@ -5077,7 +5077,7 @@ The following fields are available: - **RebootReason** Reason for the reboot. -## Windows Store events +## Microsoft Store events ### Microsoft.Windows.Store.Partner.ReportApplication diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 2e4fd66068..58818d2e66 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -4128,7 +4128,7 @@ The following fields are available: - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **RevisionNumber** Unique revision number of Update - **ServerId** Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **UpdateId** Unique Update ID @@ -4192,7 +4192,7 @@ The following fields are available: - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RevisionNumber** The revision number of the specified piece of content. -- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. - **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). @@ -5298,7 +5298,7 @@ The following fields are available: - **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). -## Windows Store events +## Microsoft Store events ### Microsoft.Windows.Store.Partner.ReportApplication diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 055c370bdd..2108b3c666 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -4934,7 +4934,7 @@ The following fields are available: - **FlightId** The specific id of the flight the device is getting - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) - **SystemBIOSMajorRelease** Major release version of the system bios - **SystemBIOSMinorRelease** Minor release version of the system bios - **UpdateId** Identifier associated with the specific piece of content @@ -4997,7 +4997,7 @@ The following fields are available: - **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RevisionNumber** The revision number of the specified piece of content. -- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. - **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). @@ -5988,7 +5988,7 @@ The following fields are available: - **PertProb** Constant used in algorithm for randomization. -## Windows Store events +## Microsoft Store events ### Microsoft.Windows.Store.StoreActivating diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index f2bfe87d9d..f8a042ef3d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -1,8092 +1,7536 @@ ---- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. -title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -localizationpriority: high -author: brianlic-msft -ms.author: brianlic -manager: dansimp -ms.collection: M365-security-compliance -ms.topic: article -audience: ITPro -ms.date: 03/05/2019 ---- - - -# Windows 10, version 1809 basic level Windows diagnostic events and fields - - **Applies to** - -- Windows 10, version 1809 - - -The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. - -The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. - -Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. - -You can learn more about Windows functional and diagnostic data through these articles: - - -- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) -- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) -- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) -- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) - - - - -## Account trace logging provider events - -### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General - -This event provides information about application properties to indicate the successful execution. - -The following fields are available: - -- **AppMode** Indicates the mode the app is being currently run around privileges. -- **ExitCode** Indicates the exit code of the app. -- **Help** Indicates if the app needs to be launched in the help mode. -- **ParseError** Indicates if there was a parse error during the execution. -- **RightsAcquired** Indicates if the right privileges were acquired for successful execution. -- **RightsWereEnabled** Indicates if the right privileges were enabled for successful execution. -- **TestMode** Indicates whether the app is being run in test mode. - - -### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount - -This event provides information about the properties of user accounts in the Administrator group. - -The following fields are available: - -- **Internal** Indicates the internal property associated with the count group. -- **LastError** The error code (if applicable) for the cause of the failure to get the count of the user account. -- **Result** The HResult error. - - -## AppLocker events - -### Microsoft.Windows.Security.AppLockerCSP.ActivityStoppedAutomatically - -Automatically closed activity for start/stop operations that aren't explicitly closed. - - - -### Microsoft.Windows.Security.AppLockerCSP.AddParams - -Parameters passed to Add function of the AppLockerCSP Node. - -The following fields are available: - -- **child** The child URI of the node to add. -- **uri** URI of the node relative to %SYSTEM32%/AppLocker. - - -### Microsoft.Windows.Security.AppLockerCSP.AddStart - -Start of "Add" Operation for the AppLockerCSP Node. - - - -### Microsoft.Windows.Security.AppLockerCSP.AddStop - -End of "Add" Operation for AppLockerCSP Node. - -The following fields are available: - -- **hr** The HRESULT returned by Add function in AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback - -Result of the 'Rollback' operation in AppLockerCSP. - -The following fields are available: - -- **oldId** Previous id for the CSP transaction. -- **txId** Current id for the CSP transaction. - - -### Microsoft.Windows.Security.AppLockerCSP.ClearParams - -Parameters passed to the "Clear" operation for AppLockerCSP. - -The following fields are available: - -- **uri** The URI relative to the %SYSTEM32%\AppLocker folder. - - -### Microsoft.Windows.Security.AppLockerCSP.ClearStart - -Start of the "Clear" operation for the AppLockerCSP Node. - - - -### Microsoft.Windows.Security.AppLockerCSP.ClearStop - -End of the "Clear" operation for the AppLockerCSP node. - -The following fields are available: - -- **hr** HRESULT reported at the end of the 'Clear' function. - - -### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart - -Start of the "ConfigManagerNotification" operation for AppLockerCSP. - -The following fields are available: - -- **NotifyState** State sent by ConfigManager to AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop - -End of the "ConfigManagerNotification" operation for AppLockerCSP. - -The following fields are available: - -- **hr** HRESULT returned by the ConfigManagerNotification function in AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams - -Parameters passed to the CreateNodeInstance function of the AppLockerCSP node. - -The following fields are available: - -- **NodeId** NodeId passed to CreateNodeInstance. -- **nodeOps** NodeOperations parameter passed to CreateNodeInstance. -- **uri** URI passed to CreateNodeInstance, relative to %SYSTEM32%\AppLocker. - - -### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart - -Start of the "CreateNodeInstance" operation for the AppLockerCSP node. - - - -### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop - -End of the "CreateNodeInstance" operation for the AppLockerCSP node - -The following fields are available: - -- **hr** HRESULT returned by the CreateNodeInstance function in AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams - -Parameters passed to the DeleteChild function of the AppLockerCSP node. - -The following fields are available: - -- **child** The child URI of the node to delete. -- **uri** URI relative to %SYSTEM32%\AppLocker. - - -### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart - -Start of the "DeleteChild" operation for the AppLockerCSP node. - - - -### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop - -End of the "DeleteChild" operation for the AppLockerCSP node. - -The following fields are available: - -- **hr** HRESULT returned by the DeleteChild function in AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies - -Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present. - -The following fields are available: - -- **uri** URI relative to %SYSTEM32%\AppLocker. - - -### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams - -Parameters passed to the GetChildNodeNames function of the AppLockerCSP node. - -The following fields are available: - -- **uri** URI relative to %SYSTEM32%/AppLocker for MDM node. - - -### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart - -Start of the "GetChildNodeNames" operation for the AppLockerCSP node. - - - -### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop - -End of the "GetChildNodeNames" operation for the AppLockerCSP node. - -The following fields are available: - -- **child[0]** If function succeeded, the first child's name, else "NA". -- **count** If function succeeded, the number of child node names returned by the function, else 0. -- **hr** HRESULT returned by the GetChildNodeNames function of AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.GetLatestId - -The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID). - -The following fields are available: - -- **dirId** The latest directory identifier found by GetLatestId. -- **id** The id returned by GetLatestId if id > 0 - otherwise the dirId parameter. - - -### Microsoft.Windows.Security.AppLockerCSP.HResultException - -HRESULT thrown by any arbitrary function in AppLockerCSP. - -The following fields are available: - -- **file** File in the OS code base in which the exception occurs. -- **function** Function in the OS code base in which the exception occurs. -- **hr** HRESULT that is reported. -- **line** Line in the file in the OS code base in which the exception occurs. - - -### Microsoft.Windows.Security.AppLockerCSP.SetValueParams - -Parameters passed to the SetValue function of the AppLockerCSP node. - -The following fields are available: - -- **dataLength** Length of the value to set. -- **uri** The node URI to that should contain the value, relative to %SYSTEM32%\AppLocker. - - -### Microsoft.Windows.Security.AppLockerCSP.SetValueStart - -Start of the "SetValue" operation for the AppLockerCSP node. - - - -### Microsoft.Windows.Security.AppLockerCSP.SetValueStop - -End of the "SetValue" operation for the AppLockerCSP node. - -The following fields are available: - -- **hr** HRESULT returned by the SetValue function in AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies - -EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed. - -The following fields are available: - -- **uri** URI for node relative to %SYSTEM32%/AppLocker. - - -## Appraiser events - -### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount - -This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. - -The following fields are available: - -- **DatasourceApplicationFile_19ASetup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_19H1** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS3Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS4Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS5Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_TH1** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_TH2** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_19ASetup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS5** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS5Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_TH1** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_TH2** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_19ASetup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_19H1** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. -- **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_RS5** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_RS5Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_TH1** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS3Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS3Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS3Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_19ASetup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_19H1** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. -- **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. -- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. -- **DatasourceSystemBios_RS3Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS4Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS5** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS5Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_TH1** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_TH2** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_19H1** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_TH1** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_TH2** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS5** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_TH1** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_TH2** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_19H1** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS5** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_TH1** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. -- **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. -- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. -- **DecisionMatchingInfoBlock_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_RS4** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1803 present on this device. -- **DecisionMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. -- **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. -- **DecisionMatchingInfoPassive_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. -- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. -- **DecisionMatchingInfoPostUpgrade_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_19ASetup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_19H1** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. -- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. -- **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. -- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. -- **DecisionMediaCenter_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_RS4** The total DecisionMediaCenter objects targeting Windows 10 version 1803 present on this device. -- **DecisionMediaCenter_RS4Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_RS5Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_TH1** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_TH2** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_19ASetup** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. -- **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. -- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. -- **DecisionSystemBios_RS3Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device. -- **DecisionSystemBios_RS4Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_RS5** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_RS5Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_TH1** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. -- **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. -- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryDeviceContainer** A count of device container objects in cache. -- **InventoryDevicePnp** A count of device Plug and Play objects in cache. -- **InventoryDriverBinary** A count of driver binary objects in cache. -- **InventoryDriverPackage** A count of device objects in cache. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. -- **InventoryMediaCenter** The count of the number of this particular object type present on this device. -- **InventorySystemBios** The count of the number of this particular object type present on this device. -- **InventorySystemMachine** The count of the number of this particular object type present on this device. -- **InventorySystemProcessor** The count of the number of this particular object type present on this device. -- **InventoryTest** The count of the number of this particular object type present on this device. -- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. -- **PCFP** The count of the number of this particular object type present on this device. -- **SystemMemory** The count of the number of this particular object type present on this device. -- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. -- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The total number of objects of this type present on this device. -- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. -- **SystemProcessorSse2** The total number of objects of this type present on this device. -- **SystemTouch** The count of the number of this particular object type present on this device. -- **SystemWim** The total number of objects of this type present on this device. -- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. -- **SystemWlan** The total number of objects of this type present on this device. -- **Wmdrm_19ASetup** The count of the number of this particular object type present on this device. -- **Wmdrm_19H1** The count of the number of this particular object type present on this device. -- **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. -- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. -- **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. -- **Wmdrm_RS3Setup** The count of the number of this particular object type present on this device. -- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device. -- **Wmdrm_RS4Setup** The count of the number of this particular object type present on this device. -- **Wmdrm_RS5** The count of the number of this particular object type present on this device. -- **Wmdrm_RS5Setup** The count of the number of this particular object type present on this device. -- **Wmdrm_TH1** The count of the number of this particular object type present on this device. -- **Wmdrm_TH2** The count of the number of this particular object type present on this device. - - -### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd - -Represents the basic metadata about specific application files installed on the system. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file that is generating the events. -- **AvDisplayName** If the app is an anti-virus app, this is its display name. -- **CompatModelIndex** The compatibility prediction for this file. -- **HasCitData** Indicates whether the file is present in CIT data. -- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file. -- **IsAv** Is the file an anti-virus reporting EXE? -- **ResolveAttempted** This will always be an empty string when sending telemetry. -- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. - - -### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove - -This event indicates that the DatasourceApplicationFile object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync - -This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd - -This event sends compatibility data for a Plug and Play device, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **ActiveNetworkConnection** Indicates whether the device is an active network device. -- **AppraiserVersion** The version of the appraiser file generating the events. -- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system. -- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available. -- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string -- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data. -- **IsBootCritical** Indicates whether the device boot is critical. -- **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device. -- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. -- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. -- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update. - - -### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove - -This event indicates that the DatasourceDevicePnp object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync - -This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd - -This event sends compatibility database data about driver packages to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync - -This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd - -This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove - -This event indicates that the DataSourceMatchingInfoBlock object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync - -This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd - -This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove - -This event indicates that the DataSourceMatchingInfoPassive object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync - -This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd - -This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove - -This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync - -This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd - -This event sends compatibility database information about the BIOS to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove - -This event indicates that the DatasourceSystemBios object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync - -This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd - -This event sends compatibility decision data about a file to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file that is generating the events. -- **BlockAlreadyInbox** The uplevel runtime block on the file already existed on the current OS. -- **BlockingApplication** Indicates whether there are any application issues that interfere with the upgrade due to the file in question. -- **DisplayGenericMessage** Will be a generic message be shown for this file? -- **DisplayGenericMessageGated** Indicates whether a generic message be shown for this file. -- **HardBlock** This file is blocked in the SDB. -- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB? -- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode? -- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade? -- **NeedsDismissAction** Will the file cause an action that can be dimissed? -- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app. -- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade? -- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app. -- **NeedsUninstallAction** The file must be uninstalled to complete the upgrade. -- **SdbBlockUpgrade** The file is tagged as blocking upgrade in the SDB, -- **SdbBlockUpgradeCanReinstall** The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade. -- **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed. -- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade. -- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade. -- **SoftBlock** The file is softblocked in the SDB and has a warning. - - -### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove - -This event indicates Indicates that the DecisionApplicationFile object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync - -This event indicates that a new set of DecisionApplicationFileAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd - -This event sends compatibility decision data about a PNP device to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. -- **AssociatedDriverIsBlocked** Is the driver associated with this PNP device blocked? -- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate? -- **BlockAssociatedDriver** Should the driver associated with this PNP device be blocked? -- **BlockingDevice** Is this PNP device blocking upgrade? -- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and does not have a driver included with the OS? -- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork** Is this PNP device the only active network device? -- **DisplayGenericMessage** Will a generic message be shown during Setup for this PNP device? -- **DisplayGenericMessageGated** Indicates whether a generic message will be shown during Setup for this PNP device. -- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? -- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? -- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there is a driver block on the device that has been overridden? -- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? -- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? -- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? -- **SdbDriverBlockOverridden** Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden? - - -### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove - -This event indicates that the DecisionDevicePnp object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync - -The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd - -This event sends decision data about driver package compatibility to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. -- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for this driver package. -- **DriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? -- **DriverIsDeviceBlocked** Was the driver package was blocked because of a device block? -- **DriverIsDriverBlocked** Is the driver package blocked because of a driver block? -- **DriverIsTroubleshooterBlocked** Indicates whether the driver package is blocked because of a troubleshooter block. -- **DriverShouldNotMigrate** Should the driver package be migrated during upgrade? -- **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? - - -### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove - -This event indicates that the DecisionDriverPackage object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync - -This event indicates that a new set of DecisionDriverPackageAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd - -This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. -- **BlockingApplication** Are there are any application issues that interfere with upgrade due to matching info blocks? -- **DisplayGenericMessage** Will a generic message be shown for this block? -- **NeedsUninstallAction** Does the user need to take an action in setup due to a matching info block? -- **SdbBlockUpgrade** Is a matching info block blocking upgrade? -- **SdbBlockUpgradeCanReinstall** Is a matching info block blocking upgrade, but has the can reinstall tag? -- **SdbBlockUpgradeUntilUpdate** Is a matching info block blocking upgrade but has the until update tag? - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove - -This event indicates that the DecisionMatchingInfoBlock object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync - -This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd - -This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks? -- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks. -- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade? - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove - -This event Indicates that the DecisionMatchingInfoPassive object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync - -This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd - -This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app? -- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade? -- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app? -- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade). - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove - -This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync - -This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd - -This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **BlockingApplication** Is there any application issues that interfere with upgrade due to Windows Media Center? -- **MediaCenterActivelyUsed** If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true? -- **MediaCenterIndicators** Do any indicators imply that Windows Media Center is in active use? -- **MediaCenterInUse** Is Windows Media Center actively being used? -- **MediaCenterPaidOrActivelyUsed** Is Windows Media Center actively being used or is it running on a supported edition? -- **NeedsDismissAction** Are there any actions that can be dismissed coming from Windows Media Center? - - -### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove - -This event indicates that the DecisionMediaCenter object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync - -This event indicates that a new set of DecisionMediaCenterAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd - -This event sends compatibility decision data about the BIOS to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **Blocking** Is the device blocked from upgrade due to a BIOS block? -- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for the bios. -- **HasBiosBlock** Does the device have a BIOS block? - - -### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove - -This event indicates that the DecisionSystemBios object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync - -This event indicates that a new set of DecisionSystemBiosAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.GatedRegChange - -This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date. - -The following fields are available: - -- **NewData** The data in the registry value after the scan completed. -- **OldData** The previous data in the registry value before the scan ran. -- **PCFP** An ID for the system calculated by hashing hardware identifiers. -- **RegKey** The registry key name for which a result is being sent. -- **RegValue** The registry value for which a result is being sent. -- **Time** The client time of the event. - - -### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd - -This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **AvDisplayName** If the app is an antivirus app, this is its display name. -- **AvProductState** Indicates whether the antivirus program is turned on and the signatures are up to date. -- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64. -- **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets. -- **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets. -- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata. -- **CompanyName** The company name of the vendor who developed this file. -- **FileId** A hash that uniquely identifies a file. -- **FileVersion** The File version field from the file metadata under Properties -> Details. -- **HasUpgradeExe** Indicates whether the antivirus app has an upgrade.exe file. -- **IsAv** Indicates whether the file an antivirus reporting EXE. -- **LinkDate** The date and time that this file was linked on. -- **LowerCaseLongPath** The full file path to the file that was inventoried on the device. -- **Name** The name of the file that was inventoried. -- **ProductName** The Product name field from the file metadata under Properties -> Details. -- **ProductVersion** The Product version field from the file metadata under Properties -> Details. -- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it. -- **Size** The size of the file (in hexadecimal bytes). - - -### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove - -This event indicates that the InventoryApplicationFile object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync - -This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd - -This event sends data about the number of language packs installed on the system, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **HasLanguagePack** Indicates whether this device has 2 or more language packs. -- **LanguagePackCount** The number of language packs are installed. - - -### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove - -This event indicates that the InventoryLanguagePack object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync - -This event indicates that a new set of InventoryLanguagePackAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd - -This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **EverLaunched** Has Windows Media Center ever been launched? -- **HasConfiguredTv** Has the user configured a TV tuner through Windows Media Center? -- **HasExtendedUserAccounts** Are any Windows Media Center Extender user accounts configured? -- **HasWatchedFolders** Are any folders configured for Windows Media Center to watch? -- **IsDefaultLauncher** Is Windows Media Center the default app for opening music or video files? -- **IsPaid** Is the user running a Windows Media Center edition that implies they paid for Windows Media Center? -- **IsSupported** Does the running OS support Windows Media Center? - - -### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove - -This event indicates that the InventoryMediaCenter object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync - -This event indicates that a new set of InventoryMediaCenterAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd - -This event sends basic metadata about the BIOS to determine whether it has a compatibility block. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **biosDate** The release date of the BIOS in UTC format. -- **BiosDate** The release date of the BIOS in UTC format. -- **biosName** The name field from Win32_BIOS. -- **BiosName** The name field from Win32_BIOS. -- **manufacturer** The manufacturer field from Win32_ComputerSystem. -- **Manufacturer** The manufacturer field from Win32_ComputerSystem. -- **model** The model field from Win32_ComputerSystem. -- **Model** The model field from Win32_ComputerSystem. - - -### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove - -This event indicates that the InventorySystemBios object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync - -This event indicates that a new set of InventorySystemBiosAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd - -This event is only runs during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. Is critical to understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **BootCritical** Is the driver package marked as boot critical? -- **Build** The build value from the driver package. -- **CatalogFile** The name of the catalog file within the driver package. -- **Class** The device class from the driver package. -- **ClassGuid** The device class unique ID from the driver package. -- **Date** The date from the driver package. -- **Inbox** Is the driver package of a driver that is included with Windows? -- **OriginalName** The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU. -- **Provider** The provider of the driver package. -- **PublishedName** The name of the INF file after it was renamed. -- **Revision** The revision of the driver package. -- **SignatureStatus** Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2. -- **VersionMajor** The major version of the driver package. -- **VersionMinor** The minor version of the driver package. - - -### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove - -This event indicates that the InventoryUplevelDriverPackage object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync - -This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.RunContext - -This event indicates what should be expected in the data payload. - -The following fields are available: - -- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. -- **AppraiserProcess** The name of the process that launched Appraiser. -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **CensusId** A unique hardware identifier. -- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. -- **PCFP** An ID for the system calculated by hashing hardware identifiers. -- **Subcontext** Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan. -- **Time** The client time of the event. - - -### Microsoft.Windows.Appraiser.General.SystemMemoryAdd - -This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **Blocking** Is the device from upgrade due to memory restrictions? -- **MemoryRequirementViolated** Was a memory requirement violated? -- **pageFile** The current committed memory limit for the system or the current process, whichever is smaller (in bytes). -- **ram** The amount of memory on the device. -- **ramKB** The amount of memory (in KB). -- **virtual** The size of the user-mode portion of the virtual address space of the calling process (in bytes). -- **virtualKB** The amount of virtual memory (in KB). - - -### Microsoft.Windows.Appraiser.General.SystemMemoryRemove - -This event that the SystemMemory object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync - -This event indicates that a new set of SystemMemoryAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd - -This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **Blocking** Is the upgrade blocked due to the processor? -- **CompareExchange128Support** Does the CPU support CompareExchange128? - - -### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove - -This event indicates that the SystemProcessorCompareExchange object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync - -This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd - -This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file generating the events. -- **Blocking** Is the upgrade blocked due to the processor? -- **LahfSahfSupport** Does the CPU support LAHF/SAHF? - - -### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove - -This event indicates that the SystemProcessorLahfSahf object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync - -This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd - -This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **Blocking** Is the upgrade blocked due to the processor? -- **NXDriverResult** The result of the driver used to do a non-deterministic check for NX support. -- **NXProcessorSupport** Does the processor support NX? - - -### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove - -This event indicates that the SystemProcessorNx object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync - -This event indicates that a new set of SystemProcessorNxAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd - -This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **Blocking** Is the upgrade blocked due to the processor? -- **PrefetchWSupport** Does the processor support PrefetchW? - - -### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove - -This event indicates that the SystemProcessorPrefetchW object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync - -This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add - -This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **Blocking** Is the upgrade blocked due to the processor? -- **SSE2ProcessorSupport** Does the processor support SSE2? - - -### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove - -This event indicates that the SystemProcessorSse2 object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync - -This event indicates that a new set of SystemProcessorSse2Add events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemTouchAdd - -This event sends data indicating whether the system supports touch, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **IntegratedTouchDigitizerPresent** Is there an integrated touch digitizer? -- **MaximumTouches** The maximum number of touch points supported by the device hardware. - - -### Microsoft.Windows.Appraiser.General.SystemTouchRemove - -This event indicates that the SystemTouch object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemTouchStartSync - -This event indicates that a new set of SystemTouchAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemWimAdd - -This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **IsWimBoot** Is the current operating system running from a compressed WIM file? -- **RegistryWimBootValue** The raw value from the registry that is used to indicate if the device is running from a WIM. - - -### Microsoft.Windows.Appraiser.General.SystemWimRemove - -This event indicates that the SystemWim object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemWimStartSync - -This event indicates that a new set of SystemWimAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd - -This event sends data indicating whether the current operating system is activated, to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **WindowsIsLicensedApiValue** The result from the API that's used to indicate if operating system is activated. -- **WindowsNotActivatedDecision** Is the current operating system activated? - - -### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove - -This event indicates that the SystemWindowsActivationStatus object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync - -This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemWlanAdd - -This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **Blocking** Is the upgrade blocked because of an emulated WLAN driver? -- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block? -- **WlanEmulatedDriver** Does the device have an emulated WLAN driver? -- **WlanExists** Does the device support WLAN at all? -- **WlanModulePresent** Are any WLAN modules present? -- **WlanNativeDriver** Does the device have a non-emulated WLAN driver? - - -### Microsoft.Windows.Appraiser.General.SystemWlanRemove - -This event indicates that the SystemWlan object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.SystemWlanStartSync - -This event indicates that a new set of SystemWlanAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.TelemetryRunHealth - -This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date. - -The following fields are available: - -- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. -- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. -- **AppraiserProcess** The name of the process that launched Appraiser. -- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. -- **AuxFinal** Obsolete, always set to false. -- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. -- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. -- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. -- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. -- **InboxDataVersion** The original version of the data files before retrieving any newer version. -- **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated. -- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent. -- **PCFP** An ID for the system calculated by hashing hardware identifiers. -- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. -- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. -- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. -- **RunDate** The date that the telemetry run was stated, expressed as a filetime. -- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. -- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. -- **RunResult** The hresult of the Appraiser telemetry run. -- **ScheduledUploadDay** The day scheduled for the upload. -- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. -- **StoreHandleIsNotNull** Obsolete, always set to false -- **TelementrySent** Indicates if telemetry was successfully sent. -- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. -- **Time** The client time of the event. -- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. -- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. - - -### Microsoft.Windows.Appraiser.General.WmdrmAdd - -This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **BlockingApplication** Same as NeedsDismissAction. -- **NeedsDismissAction** Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation. -- **WmdrmApiResult** Raw value of the API used to gather DRM state. -- **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs. -- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased. -- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed. -- **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses. -- **WmdrmPurchased** Indicates if the system has any files with permanent licenses. - - -### Microsoft.Windows.Appraiser.General.WmdrmRemove - -This event indicates that the Wmdrm object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.WmdrmStartSync - -This event indicates that a new set of WmdrmAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -## Census events - -### Census.App - -Provides information on IE and Census versions running on the device - -The following fields are available: - -- **AppraiserEnterpriseErrorCode** The error code of the last Appraiser enterprise run. -- **AppraiserErrorCode** The error code of the last Appraiser run. -- **AppraiserRunEndTimeStamp** The end time of the last Appraiser run. -- **AppraiserRunIsInProgressOrCrashed** Flag that indicates if the Appraiser run is in progress or has crashed. -- **AppraiserRunStartTimeStamp** The start time of the last Appraiser run. -- **AppraiserTaskEnabled** Whether the Appraiser task is enabled. -- **AppraiserTaskExitCode** The Appraiser task exist code. -- **AppraiserTaskLastRun** The last runtime for the Appraiser task. -- **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** The version of Internet Explorer that is running on the device. - - -### Census.Battery - -This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date. - -The following fields are available: - -- **InternalBatteryCapablities** Represents information about what the battery is capable of doing. -- **InternalBatteryCapacityCurrent** Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear. -- **InternalBatteryCapacityDesign** Represents the theoretical capacity of the battery when new, in mWh. -- **InternalBatteryNumberOfCharges** Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance. -- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value. - - -### Census.Camera - -This event sends data about the resolution of cameras on the device, to help keep Windows up to date. - -The following fields are available: - -- **FrontFacingCameraResolution** Represents the resolution of the front facing camera in megapixels. If a front facing camera does not exist, then the value is 0. -- **RearFacingCameraResolution** Represents the resolution of the rear facing camera in megapixels. If a rear facing camera does not exist, then the value is 0. - - -### Census.Enterprise - -This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. - -The following fields are available: - -- **AADDeviceId** Azure Active Directory device ID. -- **AzureOSIDPresent** Represents the field used to identify an Azure machine. -- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. -- **CDJType** Represents the type of cloud domain joined for the machine. -- **CommercialId** Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers. -- **ContainerType** The type of container, such as process or virtual machine hosted. -- **EnrollmentType** Defines the type of MDM enrollment on the device. -- **HashedDomain** The hashed representation of the user domain used for login. -- **IsCloudDomainJoined** Is this device joined to an Azure Active Directory (AAD) tenant? true/false -- **IsDERequirementMet** Represents if the device can do device encryption. -- **IsDeviceProtected** Represents if Device protected by BitLocker/Device Encryption -- **IsDomainJoined** Indicates whether a machine is joined to a domain. -- **IsEDPEnabled** Represents if Enterprise data protected on the device. -- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. -- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID -- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. -- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier - - -### Census.Firmware - -This event sends data about the BIOS and startup embedded in the device, to help keep Windows up to date. - -The following fields are available: - -- **FirmwareManufacturer** Represents the manufacturer of the device's firmware (BIOS). -- **FirmwareReleaseDate** Represents the date the current firmware was released. -- **FirmwareType** Represents the firmware type. The various types can be unknown, BIOS, UEFI. -- **FirmwareVersion** Represents the version of the current firmware. - - -### Census.Flighting - -This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up to date. - -The following fields are available: - -- **DeviceSampleRate** The telemetry sample rate assigned to the device. -- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. -- **FlightIds** A list of the different Windows Insider builds on this device. -- **FlightingBranchName** The name of the Windows Insider branch currently used by the device. -- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program. -- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device. -- **SSRK** Retrieves the mobile targeting settings. - - -### Census.Hardware - -This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up to date. - -The following fields are available: - -- **ActiveMicCount** The number of active microphones attached to the device. -- **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36. -- **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields. -- **D3DMaxFeatureLevel** Supported Direct3D version. -- **DeviceColor** Indicates a color of the device. -- **DeviceForm** Indicates the form as per the device classification. -- **DeviceName** The device name that is set by the user. -- **DigitizerSupport** Is a digitizer supported? -- **DUID** The device unique ID. -- **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation). -- **InventoryId** The device ID used for compatibility testing. -- **Magnetometer** Indicates whether the device has a magnetometer (a mechanical component that works like a compass). -- **NFCProximity** Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.) -- **OEMDigitalMarkerFileName** The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device. -- **OEMManufacturerName** The device manufacturer name. The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date. -- **OEMModelBaseBoard** The baseboard model used by the OEM. -- **OEMModelBaseBoardVersion** Differentiates between developer and retail devices. -- **OEMModelName** The device model name. -- **OEMModelNumber** The device model number. -- **OEMModelSKU** The device edition that is defined by the manufacturer. -- **OEMModelSystemFamily** The system family set on the device by an OEM. -- **OEMModelSystemVersion** The system model version set on the device by the OEM. -- **OEMOptionalIdentifier** A Microsoft assigned value that represents a specific OEM subsidiary. -- **OEMSerialNumber** The serial number of the device that is set by the manufacturer. -- **PhoneManufacturer** The friendly name of the phone manufacturer. -- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device. -- **SoCName** The firmware manufacturer of the device. -- **StudyID** Used to identify retail and non-retail device. -- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced. -- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions. -- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. -- **TPMManufacturerId** The ID of the TPM manufacturer. -- **TPMManufacturerVersion** The version of the TPM manufacturer. -- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. -- **VoiceSupported** Does the device have a cellular radio capable of making voice calls? - - -### Census.Memory - -This event sends data about the memory on the device, including ROM and RAM, to help keep Windows up to date. - -The following fields are available: - -- **TotalPhysicalRAM** Represents the physical memory (in MB). -- **TotalVisibleMemory** Represents the memory that is not reserved by the system. - - -### Census.Network - -This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors), to help keep Windows up to date. - -The following fields are available: - -- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage. -- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage. -- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. -- **MCC1** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. -- **MEID** Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. -- **MNC0** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. -- **MNC1** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. -- **MobileOperatorBilling** Represents the telephone company that provides services for mobile phone users. -- **MobileOperatorCommercialized** Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US. -- **MobileOperatorNetwork0** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage. -- **MobileOperatorNetwork1** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage. -- **NetworkAdapterGUID** The GUID of the primary network adapter. -- **NetworkCost** Represents the network cost associated with a connection. -- **SPN0** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage. -- **SPN1** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage. - - -### Census.OS - -This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device, to help keep Windows up to date. - -The following fields are available: - -- **ActivationChannel** Retrieves the retail license key or Volume license key for a machine. -- **AssignedAccessStatus** Kiosk configuration mode. -- **CompactOS** Indicates if the Compact OS feature from Win10 is enabled. -- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy. -- **DeviceTimeZone** The time zone that is set on the device. Example: Pacific Standard Time -- **GenuineState** Retrieves the ID Value specifying the OS Genuine check. -- **InstallationType** Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update). -- **InstallLanguage** The first language installed on the user machine. -- **IsDeviceRetailDemo** Retrieves if the device is running in demo mode. -- **IsEduData** Returns Boolean if the education data policy is enabled. -- **IsPortableOperatingSystem** Retrieves whether OS is running Windows-To-Go -- **IsSecureBootEnabled** Retrieves whether Boot chain is signed under UEFI. -- **LanguagePacks** The list of language packages installed on the device. -- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store. -- **OA3xOriginalProductKey** Retrieves the License key stamped by the OEM to the machine. -- **OSEdition** Retrieves the version of the current OS. -- **OSInstallType** Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc -- **OSOOBEDateTime** Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC). -- **OSSKU** Retrieves the Friendly Name of OS Edition. -- **OSSubscriptionStatus** Represents the existing status for enterprise subscription feature for PRO machines. -- **OSSubscriptionTypeId** Returns boolean for enterprise subscription feature for selected PRO machines. -- **OSTimeZoneBiasInMins** Retrieves the time zone set on machine. -- **OSUILocale** Retrieves the locale of the UI that is currently used by the OS. -- **ProductActivationResult** Returns Boolean if the OS Activation was successful. -- **ProductActivationTime** Returns the OS Activation time for tracking piracy issues. -- **ProductKeyID2** Retrieves the License key if the machine is updated with a new license key. -- **RACw7Id** Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability. -- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy. -- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy. -- **ServiceProductKeyID** Retrieves the License key of the KMS -- **SharedPCMode** Returns Boolean for education devices used as shared cart -- **Signature** Retrieves if it is a signature machine sold by Microsoft store. -- **SLICStatus** Whether a SLIC table exists on the device. -- **SLICVersion** Returns OS type/version from SLIC table. - - -### Census.PrivacySettings - -This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. - -The following fields are available: - -- **Activity** Current state of the activity history setting. -- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. -- **ActivityHistoryCollection** Current state of the activity history collection setting. -- **AdvertisingId** Current state of the advertising ID setting. -- **AppDiagnostics** Current state of the app diagnostics setting. -- **Appointments** Current state of the calendar setting. -- **Bluetooth** Current state of the Bluetooth capability setting. -- **BluetoothSync** Current state of the Bluetooth sync capability setting. -- **BroadFileSystemAccess** Current state of the broad file system access setting. -- **CellularData** Current state of the cellular data capability setting. -- **Chat** Current state of the chat setting. -- **Contacts** Current state of the contacts setting. -- **DocumentsLibrary** Current state of the documents library setting. -- **Email** Current state of the email setting. -- **FindMyDevice** Current state of the "find my device" setting. -- **GazeInput** Current state of the gaze input setting. -- **HumanInterfaceDevice** Current state of the human interface device setting. -- **InkTypeImprovement** Current state of the improve inking and typing setting. -- **Location** Current state of the location setting. -- **LocationHistory** Current state of the location history setting. -- **LocationHistoryCloudSync** Current state of the location history cloud sync setting. -- **LocationHistoryOnTimeline** Current state of the location history on timeline setting. -- **Microphone** Current state of the microphone setting. -- **PhoneCall** Current state of the phone call setting. -- **PhoneCallHistory** Current state of the call history setting. -- **PicturesLibrary** Current state of the pictures library setting. -- **Radios** Current state of the radios setting. -- **SensorsCustom** Current state of the custom sensor setting. -- **SerialCommunication** Current state of the serial communication setting. -- **Sms** Current state of the text messaging setting. -- **SpeechPersonalization** Current state of the speech services setting. -- **USB** Current state of the USB setting. -- **UserAccountInformation** Current state of the account information setting. -- **UserDataTasks** Current state of the tasks setting. -- **UserNotificationListener** Current state of the notifications setting. -- **VideosLibrary** Current state of the videos library setting. -- **Webcam** Current state of the camera setting. -- **WiFiDirect** Current state of the Wi-Fi direct setting. - - -### Census.Processor - -Provides information on several important data points about Processor settings - -The following fields are available: - -- **KvaShadow** This is the micro code information of the processor. -- **MMSettingOverride** Microcode setting of the processor. -- **MMSettingOverrideMask** Microcode setting override of the processor. -- **PreviousUpdateRevision** Previous microcode revision -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. -- **ProcessorClockSpeed** Clock speed of the processor in MHz. -- **ProcessorCores** Number of logical cores in the processor. -- **ProcessorIdentifier** Processor Identifier of a manufacturer. -- **ProcessorManufacturer** Name of the processor manufacturer. -- **ProcessorModel** Name of the processor model. -- **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** The microcode revision. -- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status -- **SocketCount** Count of CPU sockets. -- **SpeculationControl** Indicates whether the system has enabled protections needed to validate the speculation control vulnerability. - - -### Census.Security - -This event provides information on about security settings used to help keep Windows up to date and secure. - -The following fields are available: - -- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard. -- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. -- **DGState** This field summarizes the Device Guard state. -- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. -- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. -- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. -- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. -- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. -- **SModeState** The Windows S mode trail state. -- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. - - -### Census.Speech - -This event is used to gather basic speech settings on the device. - -The following fields are available: - -- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked. -- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities. -- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user. -- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices. -- **KeyVer** Version information for the census speech event. -- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS). -- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities. -- **RemotelyManaged** Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities. -- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice. -- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device. -- **SpeechServicesValueSource** Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference. - - -### Census.Storage - -This event sends data about the total capacity of the system volume and primary disk, to help keep Windows up to date. - -The following fields are available: - -- **PrimaryDiskTotalCapacity** Retrieves the amount of disk space on the primary disk of the device in MB. -- **PrimaryDiskType** Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any). -- **StorageReservePassedPolicy** Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device. -- **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB. - - -### Census.Userdefault - -This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date. - -The following fields are available: - -- **CalendarType** The calendar identifiers that are used to specify different calendars. -- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf. -- **DefaultBrowserProgId** The ProgramId of the current user's default browser. -- **LongDateFormat** The long date format the user has selected. -- **ShortDateFormat** The short date format the user has selected. - - -### Census.UserDisplay - -This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system, to help keep Windows up to date. - -The following fields are available: - -- **InternalPrimaryDisplayLogicalDPIX** Retrieves the logical DPI in the x-direction of the internal display. -- **InternalPrimaryDisplayLogicalDPIY** Retrieves the logical DPI in the y-direction of the internal display. -- **InternalPrimaryDisplayPhysicalDPIX** Retrieves the physical DPI in the x-direction of the internal display. -- **InternalPrimaryDisplayPhysicalDPIY** Retrieves the physical DPI in the y-direction of the internal display. -- **InternalPrimaryDisplayResolutionHorizontal** Retrieves the number of pixels in the horizontal direction of the internal display. -- **InternalPrimaryDisplayResolutionVertical** Retrieves the number of pixels in the vertical direction of the internal display. -- **InternalPrimaryDisplaySizePhysicalH** Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches . -- **InternalPrimaryDisplaySizePhysicalY** Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches -- **NumberofExternalDisplays** Retrieves the number of external displays connected to the machine -- **NumberofInternalDisplays** Retrieves the number of internal displays in a machine. -- **VRAMDedicated** Retrieves the video RAM in MB. -- **VRAMDedicatedSystem** Retrieves the amount of memory on the dedicated video card. -- **VRAMSharedSystem** Retrieves the amount of RAM memory that the video card can use. - - -### Census.UserNLS - -This event sends data about the default app language, input, and display language preferences set by the user, to help keep Windows up to date. - -The following fields are available: - -- **DefaultAppLanguage** The current user Default App Language. -- **DisplayLanguage** The current user preferred Windows Display Language. -- **HomeLocation** The current user location, which is populated using GetUserGeoId() function. -- **KeyboardInputLanguages** The Keyboard input languages installed on the device. -- **SpeechInputLanguages** The Speech Input languages installed on the device. - - -### Census.UserPrivacySettings - -This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. - -The following fields are available: - -- **Activity** Current state of the activity history setting. -- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. -- **ActivityHistoryCollection** Current state of the activity history collection setting. -- **AdvertisingId** Current state of the advertising ID setting. -- **AppDiagnostics** Current state of the app diagnostics setting. -- **Appointments** Current state of the calendar setting. -- **Bluetooth** Current state of the Bluetooth capability setting. -- **BluetoothSync** Current state of the Bluetooth sync capability setting. -- **BroadFileSystemAccess** Current state of the broad file system access setting. -- **CellularData** Current state of the cellular data capability setting. -- **Chat** Current state of the chat setting. -- **Contacts** Current state of the contacts setting. -- **DocumentsLibrary** Current state of the documents library setting. -- **Email** Current state of the email setting. -- **GazeInput** Current state of the gaze input setting. -- **HumanInterfaceDevice** Current state of the human interface device setting. -- **InkTypeImprovement** Current state of the improve inking and typing setting. -- **InkTypePersonalization** Current state of the inking and typing personalization setting. -- **Location** Current state of the location setting. -- **LocationHistory** Current state of the location history setting. -- **LocationHistoryCloudSync** Current state of the location history cloud synchronization setting. -- **LocationHistoryOnTimeline** Current state of the location history on timeline setting. -- **Microphone** Current state of the microphone setting. -- **PhoneCall** Current state of the phone call setting. -- **PhoneCallHistory** Current state of the call history setting. -- **PicturesLibrary** Current state of the pictures library setting. -- **Radios** Current state of the radios setting. -- **SensorsCustom** Current state of the custom sensor setting. -- **SerialCommunication** Current state of the serial communication setting. -- **Sms** Current state of the text messaging setting. -- **SpeechPersonalization** Current state of the speech services setting. -- **USB** Current state of the USB setting. -- **UserAccountInformation** Current state of the account information setting. -- **UserDataTasks** Current state of the tasks setting. -- **UserNotificationListener** Current state of the notifications setting. -- **VideosLibrary** Current state of the videos library setting. -- **Webcam** Current state of the camera setting. -- **WiFiDirect** Current state of the Wi-Fi direct setting. - - -### Census.VM - -This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date. - -The following fields are available: - -- **CloudService** Indicates which cloud service, if any, that this virtual machine is running within. -- **HyperVisor** Retrieves whether the current OS is running on top of a Hypervisor. -- **IOMMUPresent** Represents if an input/output memory management unit (IOMMU) is present. -- **IsVDI** Is the device using Virtual Desktop Infrastructure? -- **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors. -- **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware. -- **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware. - - -### Census.WU - -This event sends data about the Windows update server and other App store policies, to help keep Windows up to date. - -The following fields are available: - -- **AppraiserGatedStatus** Indicates whether a device has been gated for upgrading. -- **AppStoreAutoUpdate** Retrieves the Appstore settings for auto upgrade. (Enable/Disabled). -- **AppStoreAutoUpdateMDM** Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured -- **AppStoreAutoUpdatePolicy** Retrieves the Microsoft Store App Auto Update group policy setting -- **DelayUpgrade** Retrieves the Windows upgrade flag for delaying upgrades. -- **OSAssessmentFeatureOutOfDate** How many days has it been since a the last feature update was released but the device did not install it? -- **OSAssessmentForFeatureUpdate** Is the device is on the latest feature update? -- **OSAssessmentForQualityUpdate** Is the device on the latest quality update? -- **OSAssessmentForSecurityUpdate** Is the device on the latest security update? -- **OSAssessmentQualityOutOfDate** How many days has it been since a the last quality update was released but the device did not install it? -- **OSAssessmentReleaseInfoTime** The freshness of release information used to perform an assessment. -- **OSRollbackCount** The number of times feature updates have rolled back on the device. -- **OSRolledBack** A flag that represents when a feature update has rolled back during setup. -- **OSUninstalled** A flag that represents when a feature update is uninstalled on a device . -- **OSWUAutoUpdateOptions** Retrieves the auto update settings on the device. -- **OSWUAutoUpdateOptionsSource** The source of auto update setting that appears in the OSWUAutoUpdateOptions field. For example: Group Policy (GP), Mobile Device Management (MDM), and Default. -- **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently. -- **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). -- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. -- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. -- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. -- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused. -- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). - - -### Census.Xbox - -This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date. - -The following fields are available: - -- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console. -- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console. -- **XboxLiveDeviceId** Retrieves the unique device ID of the console. -- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft. - - -## Common data extensions - -### Common Data Extensions.app - -Describes the properties of the running application. This extension could be populated by a client app or a web app. - -The following fields are available: - -- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. -- **env** The environment from which the event was logged. -- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. -- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. -- **locale** The locale of the app. -- **name** The name of the app. -- **userId** The userID as known by the application. -- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. - - -### Common Data Extensions.container - -Describes the properties of the container for events logged within a container. - -The following fields are available: - -- **epoch** An ID that's incremented for each SDK initialization. -- **localId** The device ID as known by the client. -- **osVer** The operating system version. -- **seq** An ID that's incremented for each event. -- **type** The container type. Examples: Process or VMHost - - -### Common Data Extensions.cs - -Describes properties related to the schema of the event. - -The following fields are available: - -- **sig** A common schema signature that identifies new and modified event schemas. - - -### Common Data Extensions.device - -Describes the device-related fields. - -The following fields are available: - -- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. -- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId -- **make** Device manufacturer. -- **model** Device model. - - -### Common Data Extensions.Envelope - -Represents an envelope that contains all of the common data extensions. - -The following fields are available: - -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. -- **data** Represents the optional unique diagnostic data for a particular event schema. -- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). -- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). -- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). -- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). -- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). -- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts). -- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). -- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). -- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). -- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). -- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. -- **iKey** Represents an ID for applications or other logical groupings of events. -- **name** Represents the uniquely qualified name for the event. -- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. -- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. -- **ver** Represents the major and minor version of the extension. - - -### Common Data Extensions.os - -Describes some properties of the operating system. - -The following fields are available: - -- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. -- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. -- **locale** Represents the locale of the operating system. -- **name** Represents the operating system name. -- **ver** Represents the major and minor version of the extension. - - -### Common Data Extensions.receipts - -Represents various time information as provided by the client and helps for debugging purposes. - -The following fields are available: - -- **originalTime** The original event time. -- **uploadTime** The time the event was uploaded. - - -### Common Data Extensions.sdk - -Used by platform specific libraries to record fields that are required for a specific SDK. - -The following fields are available: - -- **epoch** An ID that is incremented for each SDK initialization. -- **installId** An ID that's created during the initialization of the SDK for the first time. -- **libVer** The SDK version. -- **seq** An ID that is incremented for each event. - - -### Common Data Extensions.user - -Describes the fields related to a user. - -The following fields are available: - -- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. -- **locale** The language and region. -- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. - - -### Common Data Extensions.utc - -Describes the properties that could be populated by a logging library on Windows. - -The following fields are available: - -- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. -- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number -- **cat** Represents a bitmask of the ETW Keywords associated with the event. -- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. -- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. -- **flags** Represents the bitmap that captures various Windows specific flags. -- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence -- **op** Represents the ETW Op Code. -- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. -- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. -- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. - - -### Common Data Extensions.xbl - -Describes the fields that are related to XBOX Live. - -The following fields are available: - -- **claims** Any additional claims whose short claim name hasn't been added to this structure. -- **did** XBOX device ID -- **dty** XBOX device type -- **dvr** The version of the operating system on the device. -- **eid** A unique ID that represents the developer entity. -- **exp** Expiration time -- **ip** The IP address of the client device. -- **nbf** Not before time -- **pid** A comma separated list of PUIDs listed as base10 numbers. -- **sbx** XBOX sandbox identifier -- **sid** The service instance ID. -- **sty** The service type. -- **tid** The XBOX Live title ID. -- **tvr** The XBOX Live title version. -- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. -- **xid** A list of base10-encoded XBOX User IDs. - - -## Common data fields - -### Ms.Device.DeviceInventoryChange - -Describes the installation state for all hardware and software components available on a particular device. - -The following fields are available: - -- **action** The change that was invoked on a device inventory object. -- **inventoryId** Device ID used for Compatibility testing -- **objectInstanceId** Object identity which is unique within the device scope. -- **objectType** Indicates the object type that the event applies to. -- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. - - -## Compatibility events - -### Microsoft.Windows.Compatibility.Apphelp.SdbFix - -Product instrumentation for helping debug/troubleshoot issues with inbox compatibility components. - -The following fields are available: - -- **AppName** Name of the application impacted by SDB. -- **FixID** SDB GUID. -- **Flags** List of flags applied. -- **ImageName** Name of file. - - -## Component-based servicing events - -### CbsServicingProvider.CbsCapabilityEnumeration - -This event reports on the results of scanning for optional Windows content on Windows Update. - -The following fields are available: - -- **architecture** Indicates the scan was limited to the specified architecture. -- **capabilityCount** The number of optional content packages found during the scan. -- **clientId** The name of the application requesting the optional content. -- **duration** The amount of time it took to complete the scan. -- **hrStatus** The HReturn code of the scan. -- **language** Indicates the scan was limited to the specified language. -- **majorVersion** Indicates the scan was limited to the specified major version. -- **minorVersion** Indicates the scan was limited to the specified minor version. -- **namespace** Indicates the scan was limited to packages in the specified namespace. -- **sourceFilter** A bitmask indicating the scan checked for locally available optional content. -- **stackBuild** The build number of the servicing stack. -- **stackMajorVersion** The major version number of the servicing stack. -- **stackMinorVersion** The minor version number of the servicing stack. -- **stackRevision** The revision number of the servicing stack. - - -### CbsServicingProvider.CbsCapabilitySessionFinalize - -This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. - -The following fields are available: - -- **capabilities** The names of the optional content packages that were installed. -- **clientId** The name of the application requesting the optional content. -- **currentID** The ID of the current install session. -- **downloadSource** The source of the download. -- **highestState** The highest final install state of the optional content. -- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version. -- **hrStatus** The HReturn code of the install operation. -- **rebootCount** The number of reboots required to complete the install. -- **retryID** The session ID that will be used to retry a failed operation. -- **retryStatus** Indicates whether the install will be retried in the event of failure. -- **stackBuild** The build number of the servicing stack. -- **stackMajorVersion** The major version number of the servicing stack. -- **stackMinorVersion** The minor version number of the servicing stack. -- **stackRevision** The revision number of the servicing stack. - - -### CbsServicingProvider.CbsCapabilitySessionPended - -This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date. - -The following fields are available: - -- **clientId** The name of the application requesting the optional content. -- **pendingDecision** Indicates the cause of reboot, if applicable. - - -### CbsServicingProvider.CbsLateAcquisition - -This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date. - -The following fields are available: - -- **Features** The list of feature packages that could not be updated. -- **RetryID** The ID identifying the retry attempt to update the listed packages. - - -### CbsServicingProvider.CbsPackageRemoval - -This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date. - -The following fields are available: - -- **buildVersion** The build number of the security update being uninstalled. -- **clientId** The name of the application requesting the uninstall. -- **currentStateEnd** The final state of the update after the operation. -- **failureDetails** Information about the cause of a failure, if applicable. -- **failureSourceEnd** The stage during the uninstall where the failure occurred. -- **hrStatusEnd** The overall exit code of the operation. -- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image. -- **majorVersion** The major version number of the security update being uninstalled. -- **minorVersion** The minor version number of the security update being uninstalled. -- **originalState** The starting state of the update before the operation. -- **pendingDecision** Indicates the cause of reboot, if applicable. -- **primitiveExecutionContext** The state during system startup when the uninstall was completed. -- **revisionVersion** The revision number of the security update being uninstalled. -- **transactionCanceled** Indicates whether the uninstall was cancelled. - - -### CbsServicingProvider.CbsQualityUpdateInstall - -This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date. - -The following fields are available: - -- **buildVersion** The build version number of the update package. -- **clientId** The name of the application requesting the optional content. -- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device. -- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure. -- **currentStateEnd** The final state of the package after the operation has completed. -- **doqTimeSeconds** The time in seconds spent updating drivers. -- **executeTimeSeconds** The number of seconds required to execute the install. -- **failureDetails** The driver or installer that caused the update to fail. -- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred. -- **hrStatusEnd** The return code of the install operation. -- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file. -- **majorVersion** The major version number of the update package. -- **minorVersion** The minor version number of the update package. -- **originalState** The starting state of the package. -- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation. -- **planTimeSeconds** The time in seconds required to plan the update operations. -- **poqTimeSeconds** The time in seconds processing file and registry operations. -- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update. -- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot. -- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed. -- **rebootCount** The number of reboots required to install the update. -- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update. -- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update. -- **revisionVersion** The revision version number of the update package. -- **rptTimeSeconds** The time in seconds spent executing installer plugins. -- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update. -- **stackRevision** The revision number of the servicing stack. -- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update. - - -## Deployment extensions - -### DeploymentTelemetry.Deployment_End - -This event indicates that a Deployment 360 API has completed. - -The following fields are available: - -- **ClientId** Client ID of the user utilizing the D360 API. -- **ErrorCode** Error code of action. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **Mode** Phase in upgrade. -- **RelatedCV** The correction vector (CV) of any other related events -- **Result** End result of the action. - - -### DeploymentTelemetry.Deployment_SetupBoxLaunch - -This event indicates that the Deployment 360 APIs have launched Setup Box. - -The following fields are available: - -- **ClientId** The client ID of the user utilizing the D360 API. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **Quiet** Whether Setup will run in quiet mode or full mode. -- **RelatedCV** The correlation vector (CV) of any other related events. -- **SetupMode** The current setup phase. - - -### DeploymentTelemetry.Deployment_SetupBoxResult - -This event indicates that the Deployment 360 APIs have received a return from Setup Box. - -The following fields are available: - -- **ClientId** Client ID of the user utilizing the D360 API. -- **ErrorCode** Error code of the action. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **Quiet** Indicates whether Setup will run in quiet mode or full mode. -- **RelatedCV** The correlation vector (CV) of any other related events. -- **SetupMode** The current Setup phase. - - -### DeploymentTelemetry.Deployment_Start - -This event indicates that a Deployment 360 API has been called. - -The following fields are available: - -- **ClientId** Client ID of the user utilizing the D360 API. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **Mode** The current phase of the upgrade. -- **RelatedCV** The correlation vector (CV) of any other related events. - - -## Diagnostic data events - -### TelClientSynthetic.AuthorizationInfo_RuntimeTransition - -This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect. - -The following fields are available: - -- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise. -- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise. -- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise. -- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise. -- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise. -- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise. -- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise. -- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise. -- **CanReportScenarios** True if we can report scenario completions, false otherwise. -- **PreviousPermissions** Bitmask of previous telemetry state. -- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise. - - -### TelClientSynthetic.AuthorizationInfo_Startup - -Fired by UTC at startup to signal what data we are allowed to collect. - -The following fields are available: - -- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise. -- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise. -- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise. -- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise. -- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise. -- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise. -- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise. -- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise. -- **CanReportScenarios** True if we can report scenario completions, false otherwise. -- **PreviousPermissions** Bitmask of previous telemetry state. -- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise. - - -### TelClientSynthetic.ConnectivityHeartBeat_0 - -This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. - -The following fields are available: - -- **CensusExitCode** Returns last execution codes from census client run. -- **CensusStartTime** Returns timestamp corresponding to last successful census run. -- **CensusTaskEnabled** Returns Boolean value for the census task (Enable/Disable) on client machine. -- **LastConnectivityLossTime** Retrieves the last time the device lost free network. -- **NetworkState** Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network. -- **NoNetworkTime** Retrieves the time spent with no network (since the last time) in seconds. -- **RestrictedNetworkTime** Retrieves the time spent on a metered (cost restricted) network in seconds. - - -### TelClientSynthetic.HeartBeat_5 - -This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. - -The following fields are available: - -- **AgentConnectaonErrorsCount** No content is currently available. -- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **AudioInMS** No content is currently available. -- **AudioOutMS** No content is currently available. -- **BackgroundMouseSec** No content is currently available. -- **CensusExitCode** The last exit code of the Census task. -- **CensusStartTime** Time of last Census run. -- **CensusTaskEnabled** True if Census is enabled, false otherwise. -- **Com`ressedBytesUploaded** No content is currently available. -- **CompressedBytesUploaded** Number of compressed bytes uploaded. -- **CompressedBytesUtyPropagatedSec** No content is currently available. -- **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. -- **CriticalDataDbDro`pedCount** No content is currently available. -- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrot4leDroppedCount** No content is currently available. -- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling. -- **CriticalOverflowAntersCounter** No content is currently available. -- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. -- **CriticalOverflowEuntestCounter** No content is currently available. -- **CriticalOverflowIntersCounter** No content is currently available. -- **CrivicalOverflowEntersCounter** No content is currently available. -- **DbCriticalDroppedCount** Total number of dropped critical events in event DB. -- **DbDboppedFullCount** No content is currently available. -- **DbDroppedCount** Number of events dropped due to DB fullness. -- **DbDroppedFailureCount** Number of events dropped due to DB failures. -- **DbDroppeDFailureCount** No content is currently available. -- **DbDroppedFailureCountAgentC** No content is currently available. -- **DbDroppedFullCount** Number of events dropped due to DB fullness. -- **DecodingDroppedCount** Number of events dropped due to decoding failures. -- **eettingsHttpAttempts** No content is currently available. -- **eettingsHttpFailures** No content is currently available. -- **EnteringCriticalOverfl** No content is currently available. -- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. -- **EtwDroppedBufferCount** Number of buffers dropped in the UTC ETW session. -- **EtwDroppedBuffinCount** No content is currently available. -- **EtwDroppedCoent** No content is currently available. -- **EtwDroppedCount** Number of events dropped at ETW layer of telemetry client. -- **EventSequence** No content is currently available. -- **EventsPersistedCkunt** No content is currently available. -- **EventsPersistedCount** Number of events that reached the PersistEvent stage. -- **EventsPtesistedCount** No content is currently available. -- **EventStoreLifetimeResetCo}nter** No content is currently available. -- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC. -- **EventStoReLifetimeResetCounter** No content is currently available. -- **EventStoreRese|Counter** No content is currently available. -- **EventStoreReseSizeSum** No content is currently available. -- **EventStoreResetCounter** Number of times event DB was reset. -- **EventStoreResetdingSum** No content is currently available. -- **EventStoreResetSizesum** No content is currently available. -- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance. -- **EventStoreResettCounter** No content is currently available. -- **EventSubStoreResetCounter** Number of times event DB was reset. -- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. -- **EventsUploaded** Number of events uploaded. -- **FellTriggerBufferDroppedCount** No content is currently available. -- **Flags** Flags indicating device state such as network state, battery state, and opt-in state. -- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full. -- **FullTriggerBuffinDroppedCount** No content is currently available. -- **FullTrihgerBufferDroppedCount** No content is currently available. -- **HeartBeatSequenceNumber** The sequence number of this heartbeat. -- **Inv,:3tyttpCodeCount** No content is currently available. -- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. -- **isDefault** No content is currently available. -- **isSuccessful** No content is currently available. -- **Las4Inv(lidttpode** No content is currently available. -- **LastAgentConnectionErroeType** No content is currently available. -- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. -- **LastEventSingOffender** No content is currently available. -- **LastEventsizeOffender** No content is currently available. -- **LastEventSizeOffender** Event name of last event which exceeded max event size. -- **LastEventSizeOffinder** No content is currently available. -- **LastInv,:3tyttpCode** No content is currently available. -- **LastInvali$HttpCode** No content is currently available. -- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe. -- **MaxInUseAcenarioCounter** No content is currently available. -- **MaxInUseS75}arioCounter** No content is currently available. -- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. -- **MaxxrseSum** No content is currently available. -- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). -- **PrivacyBlockedCount** The number of events blocked due to privacy settings or tags. -- **renderTrigger** No content is currently available. -- **repeatedUploadFailureDropped** No content is currently available. -- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer. -- **RepeatedUploadFailureerDropp** No content is currently available. -- **result** No content is currently available. -- **SettingsHtt0Att%mpt2** No content is currently available. -- **SettingsHttpAtMempts** No content is currently available. -- **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** The number of failures from contacting the OneSettings service. -- **SettingsyttpAttempts** No content is currently available. -- **SettingsyttpFailures** No content is currently available. -- **SinceFirstInteractivityMS** No content is currently available. -- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. -- **TopUploaderErrors** List of top errors received from the upload endpoint. -- **U0loaderErrorCount** No content is currently available. -- **unteingCriticalOverflowDroppedCounter** No content is currently available. -- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **UploaderErrorCount** Number of errors received from the upload endpoint. -- **ViewFlags** No content is currently available. -- **VobtexHttpResponseFailures** No content is currently available. -- **Vor5exFailuresTimeout** No content is currently available. -- **Vor5exHttpAttempts** No content is currently available. -- **Vor5exHttpFailures4xx** No content is currently available. -- **Vor5exHttpFailures5xx** No content is currently available. -- **Vor5exHttpResponseFailures** No content is currently available. -- **Vor5exHttpResponsesWithDroppedEvents** No content is currently available. -- **VordexHttpAttempts** No content is currently available. -- **VortehFailuresTimeout** No content is currently available. -- **VortexFailuresTimeout** The number of timeout failures received from Vortex. -- **VortexHttpAtMempts** No content is currently available. -- **VortexHttpAttempts** Number of attempts to contact Vortex. -- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. -- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. -- **VortexHttpResmonseFailures** No content is currently available. -- **VortexHttpResmonsesWithDroppedEvents** No content is currently available. -- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. -- **VortexHttpResponsesWihDroppedEvents** No content is currently available. -- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. -- **VortexHttpResponsesWitherDroppEvents** No content is currently available. -- **VortexHvtpAttempts** No content is currently available. -- **VortexyttpAttempts** No content is currently available. -- **VortexyttpFailures4xx** No content is currently available. -- **VortexyttpFailures5xx** No content is currently available. -- **VortexyttpResponseFailures** No content is currently available. -- **VortexyttpResponsesWithDroppedEvents** No content is currently available. - - -### TelClientSynthetic.HeartBeat_Aria_5 - -This event is the telemetry client ARIA heartbeat. - -The following fields are available: - -- **CompressedBytesUploaded** Number of compressed bytes uploaded. -- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database. -- **DbCriticalDroppedCount** Total number of dropped critical events in event database. -- **DbDroppedCount** Number of events dropped at the database layer. -- **DbDroppedFailureCount** Number of events dropped due to database failures. -- **DbDroppedFullCount** Number of events dropped due to database being full. -- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. -- **EventsPersistedCount** Number of events that reached the PersistEvent stage. -- **EventStoreLifetimeResetCounter** Number of times the event store has been reset. -- **EventStoreResetCounter** Number of times the event store has been reset during this heartbeat. -- **EventStoreResetSizeSum** Size of event store reset in bytes. -- **EventsUploaded** Number of events uploaded. -- **HeartBeatSequenceNumber** The sequence number of this heartbeat. -- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. -- **LastEventSizeOffender** Event name of last event which exceeded max event size. -- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **PreviousHeartBeatTime** The FILETIME of the previous heartbeat fire. -- **PrivacyBlockedCount** No content is currently available. -- **repeatedUploadFailureDropped** No content is currently available. -- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer. -- **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting OneSettings service. -- **TopUploaderErrors** List of top errors received from the upload endpoint. -- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **UploaderErrorCount** Number of errors received from the upload endpoint. -- **VortexFailuresTimeout** Number of time out failures received from Vortex. -- **VortexHttpAttempts** Number of attempts to contact Vortex. -- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. -- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. -- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. -- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. - - -### TelClientSynthetic.HeartBeat_Seville_5 - -This event is sent by the universal telemetry client (UTC) as a heartbeat signal for Sense. - -The following fields are available: - -- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host or agent channel. -- **CompressedBytesUploaded** Number of compressed bytes uploaded. -- **ConsumerDroppedCount** Number of events dropped at consumer layer of the telemetry client. -- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling. -- **CriticalDroppedCount** No content is currently available. -- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database. -- **DailyUploadQuotaInBytes** Daily upload quota for Sense in bytes (only in in-proc mode). -- **DbCriticalDroppedCount** Total number of dropped critical events in event database. -- **DbDroppedCount** Number of events dropped due to database being full. -- **DbDroppedFailureCount** Number of events dropped due to database failures. -- **DbDroppedFullCount** Number of events dropped due to database being full. -- **DecodingDroppedCount** Number of events dropped due to decoding failures. -- **DiskSizeInBytes** Size of event store for Sense in bytes (only in in-proc mode). -- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. -- **EtwDroppedBufferCount** Number of buffers dropped in the universal telemetry client (UTC) event tracing for Windows (ETW) session. -- **EtwDroppedCount** Number of events dropped at the event tracing for Windows (ETW) layer of telemetry client. -- **EventsPersistedCount** Number of events that reached the PersistEvent stage. -- **EventStoreLifetimeResetCounter** Number of times event the database was reset for the lifetime of the universal telemetry client (UTC). -- **EventStoreResetCounter** Number of times the event database was reset. -- **EventStoreResetSizeSum** Total size of the event database across all resets reports in this instance. -- **EventsUploaded** Number of events uploaded. -- **Flags** Flags indicating device state, such as network state, battery state, and opt-in state. -- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full. -- **HeartBeatSequenceNumber** The sequence number of this heartbeat. -- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. -- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. -- **LastEventSizeOffender** Event name of last event which exceeded the maximum event size. -- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. -- **NormalUploadTimerMillis** Number of milliseconds between each upload of normal events for SENSE (only in in-proc mode). -- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). -- **RepeatedUploadFailureDropped** Number of events lost due to repeated failed uploaded attempts. -- **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting the OneSettings service. -- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. -- **TopUploaderErrors** Top uploader errors, grouped by endpoint and error type. -- **UploaderDroppedCount** Number of events dropped at the uploader layer of the telemetry client. -- **UploaderErrorCount** Number of input for the TopUploaderErrors mode estimation. -- **VortexFailuresTimeout** Number of time out failures received from Vortex. -- **VortexHttpAttempts** Number of attempts to contact Vortex. -- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. -- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. -- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. -- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. - - -## Direct to update events - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability - -Event to indicate that the Coordinator CheckApplicability call succeeded. - -The following fields are available: - -- **ApplicabilityResult** Result of CheckApplicability function. -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **IsDeviceAADDomainJoined** No content is currently available. -- **IsDeviceADDomainJoined** No content is currently available. -- **IsDeviceCloverTrail** No content is currently available. -- **IsDeviceFeatureUpdatingPaused** No content is currently available. -- **IsDeviceNetworkMetered** No content is currently available. -- **IsDeviceOobeBlocked** No content is currently available. -- **IsDeviceRequireUpdateApproval** No content is currently available. -- **IsDeviceSccmManaged** No content is currently available. -- **IsDeviceUninstallActive** No content is currently available. -- **IsDeviceUpdateNotificationLevel** No content is currently available. -- **IsDeviceUpdateServiceManaged** No content is currently available. -- **IsDeviceZeroExhaust** No content is currently available. -- **IsGreaterThanMaxRetry** No content is currently available. -- **IsVolumeLicensed** No content is currently available. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure - -This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call. - -The following fields are available: - -- **CampaignID** ID of the campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call. - -The following fields are available: - -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess - -This event indicates that the Coordinator Cleanup call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess - -This event indicates that the Coordinator Commit call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure - -This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Download call that will be ignored. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess - -This event indicates that the Coordinator Download call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator HandleShutdown call. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinate version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownSuccess - -This event indicates that the Coordinator HandleShutdown call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Initialize call. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess - -This event indicates that the Coordinator Initialize call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Install call. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure - -This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess - -This event indicates that the Coordinator Install call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack - -This event indicates that the Coordinator's progress callback has been called. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **DeployPhase** Current Deploy Phase. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess - -This event indicates that the Coordinator SetCommitReady call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiNotShown - -This event indicates that the Coordinator WaitForRebootUi call succeeded. - -The following fields are available: - -- **CampaignID** Campaign ID being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection - -This event indicates that the user selected an option on the Reboot UI. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **rebootUiSelection** Selection on the Reboot UI. - - -### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess - -This event indicates that the Coordinator WaitForRebootUi call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicabilityInternal call. - -The following fields are available: - -- **CampaignID** ID of the campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess - -This event indicates that the Handler CheckApplicabilityInternal call succeeded. - -The following fields are available: - -- **ApplicabilityResult** The result of the applicability check. -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess - -This event indicates that the Handler CheckApplicability call succeeded. - -The following fields are available: - -- **ApplicabilityResult** The result code indicating whether the update is applicable. -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **CV_new** New correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess - -This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **CV_new** New correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess - -This event indicates that the Handler Commit call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run.run -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **CV_new** New correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure - -This event indicates that the Handler Download and Extract cab call failed. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **DownloadAndExtractCabFunction_failureReason** Reason why the update download and extract process failed. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess - -This event indicates that the Handler Download and Extract cab call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess - -This event indicates that the Handler Download call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extract. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess - -This event indicates that the Handler Initialize call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extraction. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess - -This event indicates that the Coordinator Install call succeeded. - -The following fields are available: - -- **CampaignID** ID of the update campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess - -This event indicates that the Handler SetCommitReady call succeeded. - -The following fields are available: - -- **CampaignID** ID of the campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure - -This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call. - -The following fields are available: - -- **CampaignID** The ID of the campaigning being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. -- **hResult** The HRESULT of the failure. - - -### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess - -This event indicates that the Handler WaitForRebootUi call succeeded. - -The following fields are available: - -- **CampaignID** ID of the campaign being run. -- **ClientID** ID of the client receiving the update. -- **CoordinatorVersion** Coordinator version of Direct to Update. -- **CV** Correlation vector. - - -## DxgKernelTelemetry events - -### DxgKrnlTelemetry.GPUAdapterInventoryV2 - -This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. - -The following fields are available: - -- **~ersion** No content is currently available. -- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. -- **aiCeqId** No content is currently available. -- **aiseqId** No content is currently available. -- **aiSeqId** The event sequence ID. -- **bo** No content is currently available. -- **bootId** The system boot ID. -- **BrigesMessVersionViaDDI** No content is currently available. -- **BrightnessversionViaDDI** No content is currently available. -- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. -- **BrightnessVersionViaDtI** No content is currently available. -- **BrightnessVerskonViaDDI** No content is currently available. -- **BrightnessVersmonViaDDI** No content is currently available. -- **BrighvnessVessionViaDDI@WDDMVersionDisplayAdapterLuid** No content is currently available. -- **BrihhtnessVersionViaDDI** No content is currently available. -- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. -- **ComtutePreemptionLevelTelInvEvntTrigger** No content is currently available. -- **DedicatedSys4emMemoryB** No content is currently available. -- **DedicatedSystemMemmryB** No content is currently available. -- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). -- **DedicatedSystemMemosyB** No content is currently available. -- **DedicatedvideoMemoryB** No content is currently available. -- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). -- **DedicatedVmdeoMemoryB** No content is currently available. -- **DedicatefVideoMemor{B** No content is currently available. -- **DisplayAdapterLuid** The display adapter LUID. -- **DisplayAdaptevLuid** No content is currently available. -- **Dri6erVebsion** No content is currently available. -- **DriferDate** No content is currently available. -- **DriverDate** The date of the display driver. -- **DriverDEte** No content is currently available. -- **DriverRalk** No content is currently available. -- **DriverRank** The rank of the display driver. -- **DriverVersion** The display driver version. -- **DriverVgrsion** No content is currently available. -- **DrivezVersion** No content is currently available. -- **DrivgrRank** No content is currently available. -- **DX10EMDFilePath** No content is currently available. -- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. -- **DX10UMDFileTath** No content is currently available. -- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. -- **DX11UMDFileTath** No content is currently available. -- **DX11UMDFmlePath** No content is currently available. -- **Dx11UMDVilePath** No content is currently available. -- **DX12UMDFilePaph** No content is currently available. -- **Dx12UMDFilePath** No content is currently available. -- **DX12UMDfilePath** No content is currently available. -- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. -- **DX12UMDFileTath** No content is currently available. -- **DX15UMDFilePath** No content is currently available. -- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. -- **DX9UMDFileTath** No content is currently available. -- **DX9UMDFmlePath** No content is currently available. -- **GP]DeviceID** No content is currently available. -- **GPEDeviceID** No content is currently available. -- **GPUDeviceID** The GPU device ID. -- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. -- **GPURevisionID** The GPU revision ID. -- **GPURevmsionID** No content is currently available. -- **GPUVendorID** The GPU vendor ID. -- **I3LDA** No content is currently available. -- **I3SoftwAreDåvice** No content is currently available. -- **InterfacaId** No content is currently available. -- **InterfaceId** The GPU interface ID. -- **IsDisplayDevice** Does the GPU have displaying capabilities? -- **IsDisplayDevmce** No content is currently available. -- **IsDmsplayDevice** No content is currently available. -- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. -- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? -- **IsHybridDiscrgte** No content is currently available. -- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? -- **IsLDA** Is the GPU comprised of Linked Display Adapters? -- **IslidHttpDevice** No content is currently available. -- **IsMiracastScWported** No content is currently available. -- **IsMiracastStpported** No content is currently available. -- **IsMiracastSupported** Does the GPU support Miracast? -- **IsMismatc`LDA** No content is currently available. -- **IsMismatchLdA** No content is currently available. -- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? -- **IsMIsmatchLDA** No content is currently available. -- **IsMPOScWported** No content is currently available. -- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? -- **IsMsMiracastScWported** No content is currently available. -- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? -- **IsMsMiracastSupposted** No content is currently available. -- **IsPostAdapter** Is this GPU the POST GPU in the device? -- **IsRemovable** TRUE if the adapter supports being disabled or removed. -- **IsRemovrue,** No content is currently available. -- **IsRenderDevice** Does the GPU have rendering capabilities? -- **IsSoftwareDevice** Is this a software implementation of the GPU? -- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. -- **KMDFileTath** No content is currently available. -- **KMDFmlePath** No content is currently available. -- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? -- **MeasuruEnab|ed** No content is currently available. -- **MsHybridDiscrete** Indicates whether the adapter is a discrete adapter in a hybrid configuration. -- **NumVadPnTargets** No content is currently available. -- **NumvidPnSources** No content is currently available. -- **NumVidPnSources** The number of supported display output sources. -- **NumVidPnTapgets** No content is currently available. -- **NumVidPnTargets** The number of supported display output targets. -- **ShabedSystemMemoryB** No content is currently available. -- **SharedQystemMemoryB** No content is currently available. -- **SharedRystemMemoRyB** No content is currently available. -- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). -- **SubFendorID** No content is currently available. -- **SubSystemAD** No content is currently available. -- **SubSystemID** The subsystem ID. -- **SubSysve}IDEPURevhsionID** No content is currently available. -- **SubVendorID** The GPU sub vendor ID. -- **Teleme|ryEnabled** No content is currently available. -- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? -- **TelInvEvntTragger** No content is currently available. -- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) -- **TelInvEvntTrihger** No content is currently available. -- **version** The event version. -- **W6DMVersion** No content is currently available. -- **wDDMVersion** No content is currently available. -- **WDDMVersion** The Windows Display Driver Model version. - - -## Failover Clustering events - -### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 - -This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. - -The following fields are available: - -- **autoAssignSite** The cluster parameter: auto site. -- **autoBalancerLevel** The cluster parameter: auto balancer level. -- **autoBalancerMode** The cluster parameter: auto balancer mode. -- **blockCacheSize** The configured size of the block cache. -- **ClusterAdConfiguration** The ad configuration of the cluster. -- **clusterAdType** The cluster parameter: mgmt_point_type. -- **clusterDumpPolicy** The cluster configured dump policy. -- **clusterFunctionalLevel** The current cluster functional level. -- **clusterGuid** The unique identifier for the cluster. -- **clusterWitnessType** The witness type the cluster is configured for. -- **countNodesInSite** The number of nodes in the cluster. -- **crossSiteDelay** The cluster parameter: CrossSiteDelay. -- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. -- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. -- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. -- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. -- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. -- **csvResourceCount** The number of resources in the cluster. -- **currentNodeSite** The name configured for the current site for the cluster. -- **dasModeBusType** The direct storage bus type of the storage spaces. -- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. -- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. -- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. -- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. -- **genAppNames** The win32 service name of a clustered service. -- **genSvcNames** The command line of a clustered genapp. -- **hangRecoveryAction** The cluster parameter: hang recovery action. -- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. -- **isCalabria** Specifies whether storage spaces direct is enabled. -- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. -- **isRunningDownLevel** Identifies if the current node is running down-level. -- **logLevel** Specifies the granularity that is logged in the cluster log. -- **logSize** Specifies the size of the cluster log. -- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. -- **minNeverPreempt** The cluster parameter: minimum never preempt. -- **minPreemptor** The cluster parameter: minimum preemptor priority. -- **netftIpsecEnabled** The parameter: netftIpsecEnabled. -- **NodeCount** The number of nodes in the cluster. -- **nodeId** The current node number in the cluster. -- **nodeResourceCounts** Specifies the number of node resources. -- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. -- **numberOfSites** The number of different sites. -- **numNodesInNoSite** The number of nodes not belonging to a site. -- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. -- **preferredSite** The preferred site location. -- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. -- **quarantineDuration** The quarantine duration. -- **quarantineThreshold** The quarantine threshold. -- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. -- **resiliencyLevel** Specifies the level of resiliency. -- **resourceCounts** Specifies the number of resources. -- **resourceTypeCounts** Specifies the number of resource types in the cluster. -- **resourceTypes** Data representative of each resource type. -- **resourceTypesPath** Data representative of the DLL path for each resource type. -- **sameSubnetDelay** The cluster parameter: same subnet delay. -- **sameSubnetThreshold** The cluster parameter: same subnet threshold. -- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). -- **securityLevel** The cluster parameter: security level. -- **securityLevelForStorage** The cluster parameter: security level for storage. -- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. -- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. -- **upNodeCount** Specifies the number of nodes that are up (online). -- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. -- **vmIsolationTime** The cluster parameter: VM isolation time. -- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. - - -## Fault Reporting events - -### Microsoft.Windows.FaultReporting.AppCrashEvent - -This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event. - -The following fields are available: - -- **AppName** The name of the app that has crashed. -- **AppQessionGuid** No content is currently available. -- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. -- **AppTiieStamp** No content is currently available. -- **AppTiíeStamp** No content is currently available. -- **AppTimeStamp** The date/time stamp of the app. -- **AppTimeSTamp** No content is currently available. -- **AppVerrion** No content is currently available. -- **AppVersioj** No content is currently available. -- **AppVersion** The version of the app that has crashed. -- **BeportId** No content is currently available. -- **Blags** No content is currently available. -- **ExceptionCode** The exception code returned by the process that has crashed. -- **ExceptionOffset** The address where the exception had occurred. -- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. -- **FriefdlyAppName** No content is currently available. -- **Friendly@ppName** No content is currently available. -- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name. -- **FriendlyporName** No content is currently available. -- **IsFatal** True/False to indicate whether the crash resulted in process termination. -- **ModFame** No content is currently available. -- **ModName** Exception module name (e.g. bar.dll). -- **ModTimeStamp** The date/time stamp of the module. -- **ModVersion** The version of the module that has crashed. -- **MxceptionOffset** No content is currently available. -- **PackageFullName** Store application identity. -- **PackageFunlName** No content is currently available. -- **PackageRelativeAppId** Store application identity. -- **PackageRelativeporId** No content is currently available. -- **PeportId** No content is currently available. -- **porName** No content is currently available. -- **porSessionGuid** No content is currently available. -- **porTimeStamp** No content is currently available. -- **porVersion** No content is currently available. -- **ProbessCreateTime** No content is currently available. -- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. -- **ProcessCreateTame** No content is currently available. -- **ProcessCreateTime** The time of creation of the process that has crashed. -- **processId** No content is currently available. -- **ProcessId** The ID of the process that has crashed. -- **ReportHd** No content is currently available. -- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. -- **T!rgetAppId** No content is currently available. -- **TargetAorId** No content is currently available. -- **TargetAorVer** No content is currently available. -- **TargetAppId** The kernel reported AppId of the application being reported. -- **TargetAppVer** The specific version of the application being reported -- **TargetAsId** The sequence number for the hanging process. - - -## Feature update events - -### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered - -This event indicates that the uninstall was properly configured and that a system reboot was initiated. - - - -### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked - -This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems. - - - -## Hang Reporting events - -### Microsoft.Windows.HangReporting.AppHangEvent - -This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events. - -The following fields are available: - -- **AppName** The name of the app that has hung. -- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. -- **AppVersion** The version of the app that has hung. -- **ApSession'uid** No content is currently available. -- **ÇaitingO.PackagefelativeuppId** No content is currently available. -- **IsF!tal** No content is currently available. -- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report. -- **PackageFullName** Store application identity. -- **PackageRelativeAppId** Store application identity. -- **PfocessArghitectuve** No content is currently available. -- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. -- **ProcessCreateTime** The time of creation of the process that has hung. -- **ProcessId** The ID of the process that has hung. -- **RepoftId** No content is currently available. -- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. -- **TargepAppVer** No content is currently available. -- **TargetA#Id** No content is currently available. -- **TargetAppId** The kernel reported AppId of the application being reported. -- **TargetAppIt** No content is currently available. -- **TargetAppVer** The specific version of the application being reported. -- **TargetAsId** The sequence number for the hanging process. -- **TypeCode** Bitmap describing the hang type. -- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application. -- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting. -- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting. -- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. - - -## Inventory events - -### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum - -This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. - -The following fields are available: - -- **Device** A count of device objects in cache. -- **DeviceCensus** A count of device census objects in cache. -- **DriverPackageExtended** A count of driverpackageextended objects in cache. -- **File** A count of file objects in cache. -- **FileSigningInfo** A count of file signing objects in cache. -- **Generic** A count of generic objects in cache. -- **HwItem** A count of hwitem objects in cache. -- **InventoryApplication** A count of application objects in cache. -- **InventoryApplicationAppV** A count of application AppV objects in cache. -- **InventoryApplicationDriver** A count of application driver objects in cache -- **InventoryApplicationFile** A count of application file objects in cache. -- **InventoryApplicationFramework** A count of application framework objects in cache -- **InventoryApplicationShortcut** A count of application shortcut objects in cache -- **InventoryDeviceContainer** A count of device container objects in cache. -- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache. -- **InventoryDeviceMediaClass** A count of device media objects in cache. -- **InventoryDevicePnp** A count of device Plug and Play objects in cache. -- **InventoryDeviceUsbHubClass** A count of device usb objects in cache -- **InventoryDriverBinary** A count of driver binary objects in cache. -- **InventoryDriverPackage** A count of device objects in cache. -- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache -- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. -- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache -- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache -- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache -- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache -- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache -- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache -- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache -- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache -- **Metadata** A count of metadata objects in cache. -- **Orphan** A count of orphan file objects in cache. -- **Programs** A count of program objects in cache. - - -### Microsoft.Windows.Inventory.Core.AmiTelCacheFileInfo - -Diagnostic data about the inventory cache. - -The following fields are available: - -- **CacheFileSize** Size of the cache. -- **InventoryVersion** Inventory version of the cache. -- **TempCacheCount** Number of temp caches created. -- **TempCacheDeletedCount** Number of temp caches deleted. - - -### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions - -This event sends inventory component versions for the Device Inventory data. - -The following fields are available: - -- **aeinv** The version of the App inventory component. -- **devinv** The file version of the Device inventory component. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd - -This event sends basic metadata about an application on the system to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **HiddenArp** Indicates whether a program hides itself from showing up in ARP. -- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics). -- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00 -- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. -- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array. -- **InventoryVersion** The version of the inventory file generating the events. -- **InwtallDateFromLinkFile** No content is currently available. -- **Language** The language code of the program. -- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. -- **MsiProductCode** A GUID that describe the MSI Product. -- **Name** The name of the application. -- **OsVersionAtInstallTime** No content is currently available. -- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. -- **PackageFullFame** No content is currently available. -- **PackageFullName** The package full name for a Store application. -- **ProgramInstanceId** A hash of the file IDs in an app. -- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. -- **RootDirPath** The path to the root directory where the program was installed. -- **Source** How the program was installed (for example, ARP, MSI, Appx). -- **ß_TlgCV__** No content is currently available. -- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. -- **StoreporType** No content is currently available. -- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. -- **Version** The version number of the program. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd - -This event represents what drivers an application installs. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory component. -- **ProgramIds** The unique program identifier the driver is associated with. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync - -The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory component. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd - -This event provides the basic metadata about the frameworks an application may depend on. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **FileId** A hash that uniquely identifies a file. -- **Frameworks** The list of frameworks this file depends on. -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync - -This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove - -This event indicates that a new set of InventoryDevicePnpAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync - -This event indicates that a new set of InventoryApplicationAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd - -This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Categories** A comma separated list of functional categories in which the container belongs. -- **DiscoveryMe|hod** No content is currently available. -- **DiscoveryMethod** The discovery method for the device container. -- **FriendlyName** The name of the device container. -- **InventoryVersion** The version of the inventory file generating the events. -- **IsActive** Is the device connected, or has it been seen in the last 14 days? -- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. -- **IsMachineContainer** Is the container the root device itself? -- **IsNetworked** Is this a networked device? -- **IsPaired** Does the device container require pairing? -- **Manufacturer** The manufacturer name for the device container. -- **ModelId** A unique model ID. -- **ModelName** The model name. -- **ModelNumber** The model number for the device container. -- **PrimaryCategory** The primary category for the device container. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove - -This event indicates that the InventoryDeviceContainer object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync - -This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd - -This event retrieves information about what sensor interfaces are available on the device. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Accelerometer3D** Indicates if an Accelerator3D sensor is found. -- **ActivityDetection** Indicates if an Activity Detection sensor is found. -- **AmbientLight** Indicates if an Ambient Light sensor is found. -- **Barometer** Indicates if a Barometer sensor is found. -- **Custom** Indicates if a Custom sensor is found. -- **EnergyMeter** Indicates if an Energy sensor is found. -- **FloorElevation** Indicates if a Floor Elevation sensor is found. -- **GeomagneticOrientation** Indicates if a Geo Magnetic Orientation sensor is found. -- **GravityVector** Indicates if a Gravity Detector sensor is found. -- **Gyrometer3D** Indicates if a Gyrometer3D sensor is found. -- **Humidity** Indicates if a Humidity sensor is found. -- **InventoryVersion** The version of the inventory file generating the events. -- **LinearAccelerometer** Indicates if a Linear Accelerometer sensor is found. -- **Magnetometer3D** Indicates if a Magnetometer3D sensor is found. -- **Orientation** Indicates if an Orientation sensor is found. -- **Pedometer** Indicates if a Pedometer sensor is found. -- **Proximity** Indicates if a Proximity sensor is found. -- **RelativeOrientation** Indicates if a Relative Orientation sensor is found. -- **SimpleDeviceOrientation** Indicates if a Simple Device Orientation sensor is found. -- **Temperature** Indicates if a Temperature sensor is found. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync - -This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd - -This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **audio.captureDriver** Audio device capture driver. Example: hdaudio.inf:db04a16ce4e8d6ee:HdAudModel:10.0.14887.1000:hdaudio\func_01 -- **audio.renderDriver** Audio device render driver. Example: hdaudio.inf:db04a16ce4e8d6ee:HdAudModel:10.0.14889.1001:hdaudio\func_01 -- **Audio_CaptureDriver** The Audio device capture driver endpoint. -- **Audio_RenderDriver** The Audio device render driver endpoint. -- **Audio_RenideDriver** No content is currently available. -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove - -This event indicates that the InventoryDeviceMediaClassRemove object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync - -This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd - -This event represents the basic metadata about a plug and play (PNP) device and its associated driver. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **basedata** No content is currently available. See [basedata](#basedata). -- **BusReportedDescription** The description of the device reported by the bux. -- **BusReportelDescription** No content is currently available. -- **Class** The device setup class of the driver loaded for the device. -- **ClassGuid** The device class unique identifier of the driver package loaded on the device. -- **COMPID** The list of “Compatible IDs” for this device. -- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. -- **Description** The description of the device. -- **DeviceInterfaceClasses** The device interfaces that this device implements. -- **DeviceSta|e** No content is currently available. -- **DeviceState** Identifies the current state of the parent (main) device. -- **Driver^erDate** No content is currently available. -- **DriverId** The unique identifier for the installed driver. -- **DriverName** The name of the driver image file. -- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. -- **DriverVerDate** The date associated with the driver installed on the device. -- **DriverVerVersion** The version number of the driver installed on the device. -- **Enumerator** Identifies the bus that enumerated the device. -- **ExtendedInfs** The extended INF file names. -- **HWID** A list of hardware IDs for the device. -- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). -- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx -- **Inven|oryVersion** No content is currently available. -- **InvenPoryVersion** No content is currently available. -- **InventoryVersion** The version number of the inventory process generating the events. -- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. -- **LowerFilters** The identifiers of the Lower filters installed for the device. -- **LowerFiltevs** No content is currently available. -- **Manufacturer** The manufacturer of the device. -- **Manunacturer** No content is currently available. -- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. -- **Model** Identifies the model of the device. -- **P** No content is currently available. -- **ParentId** The Device Instance ID of the parent of the device. -- **Pro~ider** No content is currently available. -- **ProblemCode** The error code currently returned by the device, if applicable. -- **ProblemGode** No content is currently available. -- **Provider** Identifies the device provider. -- **Sedvice** No content is currently available. -- **Service** The name of the device service. -- **STACKID** The list of hardware IDs for the stack. -- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. -- **UpperFilters** The identifiers of the Upper filters installed for the device. - - -### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove - -This event indicates that the InventoryDevicePnpRemove object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **baseata** No content is currently available. See [baseata](#baseata). -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync - -This event indicates that a new set of InventoryDevicePnpAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd - -This event sends basic metadata about the USB hubs on the device. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. -- **TotalUserConnectablePorts** Total number of connectable USB ports. -- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports. - - -### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync - -This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. - -This event includes fields from [Ms.De~ice.DeviceInventoryChange](#msde~icedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd - -This event provides the basic metadata about driver binaries running on the system. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **DriverCheckSum** The checksum of the driver file. -- **DriverCompany** The company name that developed the driver. -- **DriverInBox** Is the driver included with the operating system? -- **DriverIsKernelMode** Is it a kernel mode driver? -- **DriverName** The file name of the driver. -- **DriverPackage[trongName** No content is currently available. -- **DriverPackageStrongName** The strong name of the driver package -- **DriverSigned** The strong name of the driver package -- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file. -- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000. -- **DriverVersion** The version of the driver file. -- **DriverVype** No content is currently available. -- **DrkverIsKernelMode** No content is currently available. -- **ImageSize** The size of the driver file. -- **Inf** The name of the INF file. -- **InventoryVersion** The version of the inventory file generating the events. -- **InvgntoryVersion** No content is currently available. -- **Product** The product name that is included in the driver file. -- **ProductVersion** The product version that is included in the driver file. -- **Service** The name of the service that is installed for the device. -- **WdfVersion** The Windows Driver Framework version. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove - -This event indicates that the InventoryDriverBinary object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync - -This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd - -This event sends basic metadata about drive packages installed on the system to help keep Windows up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Class** The class name for the device driver. -- **ClassGuid** The class GUID for the device driver. -- **Date** The driver package date. -- **Directory** The path to the driver package. -- **DriverInBox** Is the driver included with the operating system? -- **Inf** The INF name of the driver package. -- **InventoryVersion** The version of the inventory file generating the events. -- **InwentoryVersion** No content is currently available. -- **Provider** The provider for the driver package. -- **SubmissionId** The HLK submission ID for the driver package. -- **Version** The version of the driver package. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove - -This event indicates that the InventoryDriverPackageRemove object is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync - -This event indicates that a new set of InventoryDriverPackageAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory file generating the events. - - -### Microsoft.Windows.Inventory.Core.StartUtcJsonTrace - -This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin. - - - -### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace - -This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end. - - - -### Microsoft.Windows.Inventory.General.AppHealthStaticAdd - -This event sends details collected for a specific application on the source device. - -The following fields are available: - -- **AhaVersion** The binary version of the App Health Analyzer tool. -- **ApplicationErrors** The count of application errors from the event log. -- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit). -- **device_level** Various JRE/JAVA versions installed on a particular device. -- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type. -- **Jar** Flag to determine if an app has a Java JAR file dependency. -- **Jre** Flag to determine if an app has JRE framework dependency. -- **Jre_version** JRE versions an app has declared framework dependency for. -- **Name** Name of the application. -- **NonDPIAware** Flag to determine if an app is non-DPI aware. -- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location. -- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution. -- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution. -- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility. -- **VB6** Flag to determine if an app is based on VB6 framework. -- **VB6v2** Additional flag to determine if an app is based on VB6 framework. -- **Version** Version of the application. -- **VersionCheck** Flag to determine if an app has a static dependency on OS version. -- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version. - - -### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync - -This event indicates the beginning of a series of AppHealthStaticAdd events. - -The following fields are available: - -- **AllowTelemetry** Indicates the presence of the 'allowtelemetry' command line argument. -- **CommandLineArgs** Command line arguments passed when launching the App Health Analyzer executable. -- **Enhanced** Indicates the presence of the 'enhanced' command line argument. -- **StartTime** UTC date and time at which this event was sent. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd - -Provides data on the installed Office Add-ins. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **AddinCLSID** The class identifier key for the Microsoft Office add-in. -- **AddInCLSID** The class identifier key for the Microsoft Office add-in. -- **AddInId** The identifier for the Microsoft Office add-in. -- **AddinType** The type of the Microsoft Office add-in. -- **BinFileTimestamp** The timestamp of the Office add-in. -- **BinFileVersion** The version of the Microsoft Office add-in. -- **Description** Description of the Microsoft Office add-in. -- **FileId** The file identifier of the Microsoft Office add-in. -- **FileSize** The file size of the Microsoft Office add-in. -- **FriendlyName** The friendly name for the Microsoft Office add-in. -- **FullPath** The full path to the Microsoft Office add-in. -- **InventoryVersion** The version of the inventory binary generating the events. -- **LoadBehavior** Integer that describes the load behavior. -- **LoadTime** Load time for the Office add-in. -- **OfficeApplication** The Microsoft Office application associated with the add-in. -- **OfficeArchitecture** The architecture of the add-in. -- **OfficeVersion** The Microsoft Office version for this add-in. -- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in. -- **ProductCompany** The name of the company associated with the Office add-in. -- **ProductName** The product name associated with the Microsoft Office add-in. -- **ProductVersion** The version associated with the Office add-in. -- **ProgramId** The unique program identifier of the Microsoft Office add-in. -- **Provider** Name of the provider for this add-in. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove - -Indicates that this particular data object represented by the objectInstanceId is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync - -This event indicates that a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd - -Provides data on the Office identifiers. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. -- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device -- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device -- **OMID** Identifier for the Office SQM Machine -- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit -- **OTenantId** Unique GUID representing the Microsoft O365 Tenant -- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 -- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync - -Diagnostic event to indicate a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd - -Provides data on Office-related Internet Explorer features. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. -- **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature. -- **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files. -- **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) -- **OIeMimeSniffing** Flag indicating which Microsoft Office products have this setting enabled. Determines a file's type by examining its bit signature. Windows Internet Explorer uses this information to determine how to render the file. The FEATURE_MIME_SNIFFING feature, when enabled, allows to be set differently for each security zone by using the URLACTION_FEATURE_MIME_SNIFFING URL action flag -- **OIeNoAxInstall** Flag indicating which Microsoft Office products have this setting enabled. When a webpage attempts to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request. When a webpage tries to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request -- **OIeNoDownload** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_RESTRICT_FILEDOWNLOAD feature blocks file download requests that navigate to a resource, that display a file download dialog box, or that are not initiated explicitly by a user action (for example, a mouse click or key press). Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) -- **OIeObjectCaching** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_OBJECT_CACHING feature prevents webpages from accessing or instantiating ActiveX controls cached from different domains or security contexts -- **OIePasswordDisable** Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTPS protocols. URLs using other protocols, such as FTP, still allow usernames and passwords -- **OIeSafeBind** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SAFE_BINDTOOBJECT feature performs additional safety checks when calling MonikerBindToObject to create and initialize Microsoft ActiveX controls. Specifically, prevent the control from being created if COMPAT_EVIL_DONT_LOAD is in the registry for the control -- **OIeSecurityBand** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SECURITYBAND feature controls the display of the Internet Explorer Information bar. When enabled, the Information bar appears when file download or code installation is restricted -- **OIeUncSaveCheck** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_UNC_SAVEDFILECHECK feature enables the Mark of the Web (MOTW) for local files loaded from network locations that have been shared by using the Universal Naming Convention (UNC) -- **OIeValidateUrl** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_VALIDATE_NAVIGATE_URL feature control prevents Windows Internet Explorer from navigating to a badly formed URL -- **OIeWebOcPopup** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior -- **OIeWinRestrict** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows -- **OIeZoneElevate** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync - -Diagnostic event to indicate a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd - -This event provides insight data on the installed Office products - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. -- **OfficeApplication** The name of the Office application. -- **OfficeArchitecture** The bitness of the Office application. -- **OfficeVersion** The version of the Office application. -- **Value** The insights collected about this entity. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove - -Indicates that this particular data object represented by the objectInstanceId is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync - -This diagnostic event indicates that a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd - -Describes Office Products installed. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. -- **OC2rApps** A GUID the describes the Office Click-To-Run apps -- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus -- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word -- **OProductCodes** A GUID that describes the Office MSI products - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync - -Diagnostic event to indicate a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd - -This event describes various Office settings - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **BrowserFlags** Browser flags for Office-related products -- **ExchangeProviderFlags** Provider policies for Office Exchange -- **InventoryVersion** The version of the inventory binary generating the events. -- **SharedComputerLicensing** Office shared computer licensing policies - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync - -Indicates a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd - -This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Design** Count of files with design issues found. -- **Design_x64** Count of files with 64 bit design issues found. -- **DuplicateVBA** Count of files with duplicate VBA code. -- **HasVBA** Count of files with VBA code. -- **Inaccessible** Count of files that were inaccessible for scanning. -- **InventoryVersion** The version of the inventory binary generating the events. -- **Issues** Count of files with issues detected. -- **Issues_x64** Count of files with 64-bit issues detected. -- **IssuesNone** Count of files with no issues detected. -- **IssuesNone_x64** Count of files with no 64-bit issues detected. -- **Locked** Count of files that were locked, preventing scanning. -- **NoVBA** Count of files with no VBA inside. -- **Protected** Count of files that were password protected, preventing scanning. -- **RemLimited** Count of files that require limited remediation changes. -- **RemLimited_x64** Count of files that require limited remediation changes for 64-bit issues. -- **RemSignificant** Count of files that require significant remediation changes. -- **RemSignificant_x64** Count of files that require significant remediation changes for 64-bit issues. -- **Score** Overall compatibility score calculated for scanned content. -- **Score_x64** Overall 64-bit compatibility score calculated for scanned content. -- **Total** Total number of files scanned. -- **Validation** Count of files that require additional manual validation. -- **Validation_x64** Count of files that require additional manual validation for 64-bit issues. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARemove - -Indicates that this particular data object represented by the objectInstanceId is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsAdd - -This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Count** Count of total Microsoft Office VBA rule violations -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsRemove - -Indicates that this particular data object represented by the objectInstanceId is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync - -This event indicates that a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync - -Diagnostic event to indicate a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **InventoryVersion** The version of the inventory binary generating the events. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd - -Provides data on Unified Update Platform (UUP) products and what version they are at. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Identifier** UUP identifier -- **LastActivatedVersion** Last activated version -- **PreviousVersion** Previous version -- **Source** UUP source -- **Version** UUP version - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove - -Indicates that this particular data object represented by the objectInstanceId is no longer present. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync - -Diagnostic event to indicate a new sync is being generated for this object type. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - - - -### Microsoft.Windows.Inventory.Indicators.Checksum - -This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. - -The following fields are available: - -- **CensusId** A unique hardware identifier. -- **ChecksumDictionary** A count of each operating system indicator. -- **PCFP** Equivalent to the InventoryId field that is found in other core events. - - -### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd - -These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up to date. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **IndicatorValue** The indicator value. -- **Value** Describes an operating system indicator that may be relevant for the device upgrade. - - -### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove - -This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - - - -### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync - -This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - - - -## Kernel events - -### IO - -This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup. - -The following fields are available: - -- **BytesRead** The total number of bytes read from or read by the OS upon system startup. -- **BytesWritten** The total number of bytes written to or written by the OS upon system startup. -- **f** No content is currently available. See [f](#f). - - -### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch - -OS information collected during Boot, used to evaluate the success of the upgrade process. - -The following fields are available: - -- **BootApplicationId** This field tells us what the OS Loader Application Identifier is. -- **BootAttemptCount** The number of consecutive times the boot manager has attempted to boot into this operating system. -- **BootSequence** The current Boot ID, used to correlate events related to a particular boot session. -- **BootStatusPolicy** Identifies the applicable Boot Status Policy. -- **BootType** Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume"). -- **EventTimestamp** Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made. -- **FirmwareResetReasonEmbeddedController** Reason for system reset provided by firmware. -- **FirmwareResetReasonEmbeddedControllerAdditional** Additional information on system reset reason provided by firmware if needed. -- **FirmwareResetReasonEmbeddedControln09eddedBootSequence** No content is currently available. -- **FirmwareResetReasonPch** Reason for system reset provided by firmware. -- **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed. -- **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware. -- **IO** Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io). -- **LastBootSucceeded** Flag indicating whether the last boot was successful. -- **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful. -- **MaxAbove4GbFr6eRange** No content is currently available. -- **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb. -- **MaxBelow4GbFr6eRange** No content is currently available. -- **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb. -- **MeasuredLaun#hPrepared** No content is currently available. -- **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement). -- **MeasuredLaunchResume** This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation. -- **MenuPolicy** Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.). -- **recoveryEnabled** No content is currently available. -- **Recoveryenabled** No content is currently available. -- **RecoveryEnabled** Indicates whether recovery is enabled. -- **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot. -- **TcbLaunch** Indicates whether the Trusted Computing Base was used during the boot flow. -- **UserInputTime** The amount of time the loader application spent waiting for user input. - - -## Miracast events - -### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd - -This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session - -The following fields are available: - -- **AudioChannelCount** The number of audio channels. -- **AudioSampleRate** The sample rate of audio in terms of samples per second. -- **AudioSubtype** The unique subtype identifier of the audio codec (encoding method) used for audio encoding. -- **AverageBitrate** The average video bitrate used during the Miracast session, in bits per second. -- **AverageDataRate** The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second. -- **AveragePacketSendTimeInMs** The average time required for the network to send a sample, in milliseconds. -- **ConnectorType** The type of connector used during the Miracast session. -- **EncodeAverageTimeMS** The average time to encode a frame of video, in milliseconds. -- **EncodeCount** The count of total frames encoded in the session. -- **EncodeMaxTimeMS** The maximum time to encode a frame, in milliseconds. -- **EncodeMinTimeMS** The minimum time to encode a frame, in milliseconds. -- **EncoderCreationTimeInMs** The time required to create the video encoder, in milliseconds. -- **ErrorSource** Identifies the component that encountered an error that caused a disconnect, if applicable. -- **FirstFrameTime** The time (tick count) when the first frame is sent. -- **FirstLatencyMode** The first latency mode. -- **FrameAverageTimeMS** Average time to process an entire frame, in milliseconds. -- **FrameCount** The total number of frames processed. -- **FrameMaxTimeMS** The maximum time required to process an entire frame, in milliseconds. -- **FrameMinTimeMS** The minimum time required to process an entire frame, in milliseconds. -- **Glitches** The number of frames that failed to be delivered on time. -- **HardwareCursorEnabled** Indicates if hardware cursor was enabled when the connection ended. -- **HDCPState** The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended. -- **HighestBitrate** The highest video bitrate used during the Miracast session, in bits per second. -- **HighestDataRate** The highest available bandwidth reported by the WiFi driver, in bits per second. -- **LastLatencyMode** The last reported latency mode. -- **LogTimeReference** The reference time, in tick counts. -- **LowestBitrate** The lowest video bitrate used during the Miracast session, in bits per second. -- **LowestDataRate** The lowest video bitrate used during the Miracast session, in bits per second. -- **MediaErrorCode** The error code reported by the media session, if applicable. -- **MiracastEntry** The time (tick count) when the Miracast driver was first loaded. -- **MiracastM1** The time (tick count) when the M1 request was sent. -- **MiracastM2** The time (tick count) when the M2 request was sent. -- **MiracastM3** The time (tick count) when the M3 request was sent. -- **MiracastM4** The time (tick count) when the M4 request was sent. -- **MiracastM5** The time (tick count) when the M5 request was sent. -- **MiracastM6** The time (tick count) when the M6 request was sent. -- **MiracastM7** The time (tick count) when the M7 request was sent. -- **MiracastSessionState** The state of the Miracast session when the connection ended. -- **MiracastStreaming** The time (tick count) when the Miracast session first started processing frames. -- **ProfileCount** The count of profiles generated from the receiver M4 response. -- **ProfileCountAfterFiltering** The count of profiles after filtering based on available bandwidth and encoder capabilities. -- **RefreshRate** The refresh rate set on the remote display. -- **RotationSupported** Indicates if the Miracast receiver supports display rotation. -- **RTSPSessionId** The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session. -- **SessionGuid** The unique identifier of to correlate various Miracast events from a session. -- **SinkHadEdid** Indicates if the Miracast receiver reported an EDID. -- **SupportMicrosoftColorSpaceConversion** Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver. -- **SupportsMicrosoftDiagnostics** Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension. -- **SupportsMicrosoftFormatChange** Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension. -- **SupportsMicrosoftLatencyManagement** Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension. -- **SupportsMicrosoftRTCP** Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension. -- **SupportsMicrosoftVideoFormats** Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution. -- **SupportsWiDi** Indicates whether Miracast receiver supports Intel WiDi extensions. -- **TeardownErrorCode** The error code reason for teardown provided by the receiver, if applicable. -- **TeardownErrorReason** The text string reason for teardown provided by the receiver, if applicable. -- **UIBCEndState** Indicates whether UIBC was enabled when the connection ended. -- **UIBCEverEnabled** Indicates whether UIBC was ever enabled. -- **UIBCStatus** The result code reported by the UIBC setup process. -- **VideoBitrate** The starting bitrate for the video encoder. -- **VideoCodecLevel** The encoding level used for encoding, specific to the video subtype. -- **VideoHeight** The height of encoded video frames. -- **VideoSubtype** The unique subtype identifier of the video codec (encoding method) used for video encoding. -- **VideoWidth** The width of encoded video frames. -- **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol. - - -## OneDrive events - -### Microsoft.OneDrive.Sync.Setup.APIOperation - -This event includes basic data about install and uninstall OneDrive API operations. - -The following fields are available: - -- **APIName** The name of the API. -- **Duration** How long the operation took. -- **IsSuccess** Was the operation successful? -- **Res}ltCode** No content is currently available. -- **ResultCode** The result code. -- **ScenarioName** The name of the scenario. - - -### Microsoft.OneDrive.Sync.Setup.EndExperience - -This event includes a success or failure summary of the installation. - -The following fields are available: - -- **APIName** The name of the API. -- **HResult** HResult of the operation -- **IsSuccess** Whether the operation is successful or not -- **ScenarioName** The name of the scenario. - - -### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation - -This event is related to the OS version when the OS is upgraded with OneDrive installed. - -The following fields are available: - -- **CurrentOneDriveVersion** The current version of OneDrive. -- **CurrentOSBuildBranch** The current branch of the operating system. -- **CurrentOSBuildNumber** The current build number of the operating system. -- **CurrentOSVersion** The current version of the operating system. -- **HResult** The HResult of the operation. -- **SourceOSBuildBranch** The source branch of the operating system. -- **SourceOSBuildNumber** The source build number of the operating system. -- **SourceOSVersion** The source version of the operating system. - - -### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation - -This event is related to registering or unregistering the OneDrive update task. - -The following fields are available: - -- **APIName** The name of the API. -- **IsSuccess** Was the operation successful? -- **RegisterNewTaskResult** The HResult of the RegisterNewTask operation. -- **ScenarioName** The name of the scenario. -- **UnregisterOldTaskResult** The HResult of the UnregisterOldTask operation. - - -### Microsoft.OneDrive.Sync.Updater.ComponentInstallState - -This event includes basic data about the installation state of dependent OneDrive components. - -The following fields are available: - -- **ComponentName** The name of the dependent component. -- **isInstalled** Is the dependent component installed? - - -### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus - -This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken - -The following fields are available: - -- **32bit** The status of the OneDrive overlay icon on a 32-bit operating system. -- **64bit** The status of the OneDrive overlay icon on a 64-bit operating system. - - -### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult - -This event sends information describing the result of the update. - -The following fields are available: - -- **hr** The HResult of the operation. -- **IsLoggingEnabled** Indicates whether logging is enabled for the updater. -- **UpdaterVersion** The version of the updater. - - -### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult - -This event determines the status when downloading the OneDrive update configuration file. - -The following fields are available: - -- **hr** The HResult of the operation. - - -### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus - -This event determines the error code that was returned when verifying Internet connectivity. - -The following fields are available: - -- **winInetError** The HResult of the operation. - - -## Privacy consent logging events - -### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted - -This event is used to determine whether the user successfully completed the privacy consent experience. - -The following fields are available: - -- **presentationVersion** Which display version of the privacy consent experience the user completed -- **privacyConsentState** The current state of the privacy consent experience -- **settingsVersion** Which setting version of the privacy consent experience the user completed -- **userOobeExitReason** The exit reason of the privacy consent experience - - -### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus - -Event tells us effectiveness of new privacy experience. - -The following fields are available: - -- **isAdmin** whether the person who is logging in is an admin -- **isExistingUser** whether the account existed in a downlevel OS -- **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** whether the user has most restrictive UAC controls -- **privacyConsentState** whether the user has completed privacy experience -- **userRegionCode** The current user's region setting - - -### wilActivity - -This event provides a Windows Internal Library context used for Product and Service diagnostics. - -The following fields are available: - -- **callContext** The function where the failure occurred. -- **currentContextId** The ID of the current call context where the failure occurred. -- **currentContextMessage** The message of the current call context where the failure occurred. -- **currentContextName** The name of the current call context where the failure occurred. -- **failureCount** The number of failures for this failure ID. -- **failureId** The ID of the failure that occurred. -- **failureType** The type of the failure that occurred. -- **fileName** The file name where the failure occurred. -- **function** The function where the failure occurred. -- **hresult** The HResult of the overall activity. -- **lineNumber** The line number where the failure occurred. -- **message** The message of the failure that occurred. -- **module** The module where the failure occurred. -- **originatingContextId** The ID of the originating call context that resulted in the failure. -- **originatingContextMessage** The message of the originating call context that resulted in the failure. -- **originatingContextName** The name of the originating call context that resulted in the failure. -- **threadId** The ID of the thread on which the activity is executing. - - -## Sediment events - -### Microsoft.Windows.Sediment.Info.DetailedState - -This event is sent when detailed state information is needed from an update trial run. - -The following fields are available: - -- **Data** Data relevant to the state, such as what percent of disk space the directory takes up. -- **Id** Identifies the trial being run, such as a disk related trial. -- **ReleaseVer** The version of the component. -- **State** The state of the reporting data from the trial, such as the top-level directory analysis. -- **Time** The time the event was fired. - - -### Microsoft.Windows.Sediment.Info.Error - -This event indicates an error in the updater payload. This information assists in keeping Windows up to date. - -The following fields are available: - -- **FailureType** The type of error encountered. -- **FileName** The code file in which the error occurred. -- **HResult** The failure error code. -- **LineNumber** The line number in the code file at which the error occurred. -- **ReleaseVer** The version information for the component in which the error occurred. -- **Time** The system time at which the error occurred. - - -### Microsoft.Windows.Sediment.Info.PhaseChange - -The event indicates progress made by the updater. This information assists in keeping Windows up to date. - -The following fields are available: - -- **NewPhase** The phase of progress made. -- **ReleaseVer** The version information for the component in which the change occurred. -- **Time** The system time at which the phase chance occurred. - - -## Setup events - -### SetupPlatformTel.SetupPlatformTelActivityEvent - -This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date. - -The following fields are available: - -- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. -- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. -- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time - - -### SetupPlatformTel.SetupPlatformTelActivityStarted - -This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. - -The following fields are available: - -- **Name** The name of the dynamic update type. Example: GDR driver - - -### SetupPlatformTel.SetupPlatformTelActivityStopped - -This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. - - - -### SetupPlatformTel.SetupPlatformTelEvent - -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. - -The following fields are available: - -- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. -- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. -- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time. - - -## Software update events - -### SoftwareUpdateClientTelemetry.CheckForUpdates - -Scan process event on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded). - -The following fields are available: - -- **[yncType** No content is currently available. -- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. -- **ActivityMatghingId** No content is currently available. -- **AllowCachedResu~ts** No content is currently available. -- **AllowCachedResults** Indicates if the scan allowed using cached results. -- **ApplicableUpdateinfo** No content is currently available. -- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **BranchReadinessLevel** The servicing branch configured on the device. -- **BranchRQadinessLevel** No content is currently available. -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **CadlerApplicationName** No content is currently available. -- **CallerApplicafionName** No content is currently available. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CallerApplicationRame** No content is currently available. -- **canDurapionInSeconds** No content is currently available. -- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. -- **CcanDurationInSeconds** No content is currently available. -- **CcanEnqueueTime** No content is currently available. -- **CcanProps** No content is currently available. -- **CClienVersion** No content is currently available. -- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. -- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **Clientversion** No content is currently available. -- **ClientVersion** The version number of the software distribution client. -- **ClientVersiOn** No content is currently available. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0. -- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown -- **ContusCode** No content is currently available. -- **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). -- **DeferredUpdates** Update IDs which are currently being deferred until a later time -- **DeviceModel** What is the device model. -- **DrivarExclusionPolicy** No content is currently available. -- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. -- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled. -- **DriverSyncPassPerformed** Were drivers scanned this time? -- **DriverSyncPassPerformud** No content is currently available. -- **e:4|SInstanceID** No content is currently available. -- **e:4|SScenario** No content is currently available. -- **E~entScenario** No content is currently available. -- **eallerApplicationName** No content is currently available. -- **eClienVersion** No content is currently available. -- **Even5InstanceID** No content is currently available. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventScenari0** No content is currently available. -- **Eventscenario** No content is currently available. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **EventScenário** No content is currently available. -- **EventScenavio** No content is currently available. -- **ExtendedContusCode** No content is currently available. -- **ExtendedMetadataCabUrl** Hostname that is used to download an update. -- **ExtendedSsatusCode** No content is currently available. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. -- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. -- **FeapureUpdatePause** No content is currently available. -- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days). -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days). -- **FeatureUpdatePawse** No content is currently available. -- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). -- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). -- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **I{WUfBDualScanEnabled** No content is currently available. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **IPVersion** Indicates whether the download took place over IPv4 or IPv6 -- **IsWUfBDtyUScanEnabled** No content is currently available. -- **IsWUfBDualCcanEnabled** No content is currently available. -- **IsWUfbDualScanEnabled** No content is currently available. -- **IsWUfBDualscanEnabled** No content is currently available. -- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. -- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **IsWUMcBederatedScanDisabled** No content is currently available. -- **IsWUMcDualScanEnabled** No content is currently available. -- **IsWUMcEnabled** No content is currently available. -- **ITVersion** No content is currently available. -- **ityUpdatePausDeferral** No content is currently available. -- **IwWUfBDualScanEnabled** No content is currently available. -- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce -- **MSIError** The last error that was encountered during a scan for updates. -- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 -- **NueFailedMetadataSignatures** No content is currently available. -- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete -- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked -- **NumberOfApplicationsCategoryScanEvalunted** No content is currently available. -- **NumberOfLo-l** No content is currently available. -- **NumberOfLoop** The number of round trips the scan required -- **NumberOfNewUpdadesFromServiceSync** No content is currently available. -- **NumberOfNewupdatesFromServiceSync** No content is currently available. -- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan -- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan -- **NumberOfUpdatesEvalunted** No content is currently available. -- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down. -- **Online** Indicates if this was an online scan. -- **PaeseFeatureUpdatesEndTime** No content is currently available. -- **Pau³eQualityUpdatesStartTime** No content is currently available. -- **PausedUpdates** A list of UpdateIds which that currently being paused. -- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window. -- **PauseFeatureUpdatesSsartTime** No content is currently available. -- **PauseFeatureUpdatesSta2tTime** No content is currently available. -- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window. -- **PauseFeatureUpdatesStartTiMe** No content is currently available. -- **PauseityUpdatePaussEndTime** No content is currently available. -- **PauseityUpdatePaussStartTime** No content is currently available. -- **PauseQualityUpdatesDndTime** No content is currently available. -- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window. -- **PauseQualityUpdatesSsartTime** No content is currently available. -- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. -- **PauseQualityUpdatEsStartTime** No content is currently available. -- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced. -- **ProceosName** No content is currently available. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. -- **ProcessNcme** No content is currently available. -- **ProcessRame** No content is currently available. -- **QualityUpdateDefe2ral** No content is currently available. -- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). -- **QualityUplatePausmPeriod** No content is currently available. -- **QualityWpdatePause** No content is currently available. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RelntedCV** No content is currently available. -- **ScanDSrationInSeconds** No content is currently available. -- **ScanDurationInSeconds** The number of seconds a scan took -- **ScanEnqueueTime** The number of seconds it took to initialize a scan -- **ScanProps** This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates). -- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.). -- **ServiceGuld** No content is currently available. -- **ServiceUrl** The environment URL a device is configured to scan with -- **ShippingMobileOperator** The mobile operator that a device shipped on. -- **SsatusCode** No content is currently available. -- **StatusCodd** No content is currently available. -- **statusCode** No content is currently available. -- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). -- **Synctate** No content is currently available. -- **SyncType** Describes the type of scan the event was -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. -- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. -- **TotalNumMetadaTaSignatures** No content is currently available. -- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. -- **WebServicmRetryMethods** No content is currently available. -- **WUDericeID** No content is currently available. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **WUDewiceID** No content is currently available. - - -### SoftwareUpdateClientTelemetry.Commit - -This event tracks the commit process post the update installation when software update client is trying to update the device. - -The following fields are available: - -- **BiosFamily** Device family as defined in the system BIOS -- **BiosName** Name of the system BIOS -- **BiosReleaseDate** Release date of the system BIOS -- **BiosSKUNumber** Device SKU as defined in the system BIOS -- **BIOSVendor** Vendor of the system BIOS -- **BiosVersion** Version of the system BIOS -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRevisionNumbe2** No content is currently available. -- **BundleRevisionNumber** Identifies the revision number of the content bundle -- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client -- **ClientVersion** Version number of the software distribution client -- **DeploymentProviderMode** The mode of operation of the update deployment provider. -- **DeviceModel** Device model as defined in the system bios -- **EventInstanceID** A globally unique identifier for event instance -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". -- **FlightId** The specific id of the flight the device is getting -- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) -- **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) -- **SystemBIOSMajorRelease** Major release version of the system bios -- **SystemBIOSMinorRelease** Minor release version of the system bios -- **UpdateId** Identifier associated with the specific piece of content -- **WUDeviceID** Unique device id controlled by the software distribution client - - -### SoftwareUpdateClientTelemetry.Download - -Download process event for target update on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded). - -The following fields are available: - -- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. -- **AppXBlockHalhFailures** No content is currently available. -- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download of the app payload. -- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXBoockHashFailures** No content is currently available. -- **AppXDownloadScope** Indicates the scope of the download for application content. -- **AppXScope** Indicates the scope of the app download. -- **AppXScopr** No content is currently available. -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. -- **BundleId** Identifier associated with the specific content bundle. -- **BundleRepeatFailCoqnt** No content is currently available. -- **BundleRepeatFailCoun.** No content is currently available. -- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. -- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download. -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). -- **BytesDownnoaded** No content is currently available. -- **CachedEngineVersion** The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable. -- **CallerApplicationname** No content is currently available. -- **CallerApplicationName** The name provided by the application that initiated API calls into the software distribution client. -- **CallerApplictionaName** No content is currently available. -- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download. -- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. -- **CDNCotntryCode** No content is currently available. -- **CDNCoun.ryCdel** No content is currently available. -- **CDNCoundryCode** No content is currently available. -- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. -- **CDNd** No content is currently available. -- **CDNId** ID which defines which CDN the software distribution client downloaded the content from. -- **ClientVersion** The version number of the software distribution client. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. -- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle. -- **CtatusCode** No content is currently available. -- **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** The model of the device. -- **DownhoadProps** No content is currently available. -- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **DownloadProps** Information about the download operation properties in the form of a bitmask. -- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads. -- **DownloedPriority** No content is currently available. -- **DventInstanceID** No content is currently available. -- **e:4|SInstanceID** No content is currently available. -- **e:4|SScenario** No content is currently available. -- **E:4|State** No content is currently available. -- **EöentInstanceID** No content is currently available. -- **Eve.tScenario** No content is currently available. -- **EventInst.9ceID** No content is currently available. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventPype** No content is currently available. -- **EventScanario** No content is currently available. -- **eventScenario** No content is currently available. -- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed. -- **EventType** Identifies the type of the event (Child, Bundle, or Driver). -- **EventTypr** No content is currently available. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **ExtendedtartusCdel** No content is currently available. -- **FeatureUpdatePaser** No content is currently available. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **Fli.c9BuildNumber** No content is currently available. -- **Fli.c9Id** No content is currently available. -- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). -- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight. -- **FlightId** The specific ID of the flight (pre-release build) the device is getting. -- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). -- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). -- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **HospName** No content is currently available. -- **HostName** The hostname URL the content is downloading from. -- **Hst.Name** No content is currently available. -- **IPVersion** Indicates whether the download took place over IPv4 or IPv6. -- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update -- **IsWQfBEnabled** No content is currently available. -- **IsWUfBDualCcanEnabled** No content is currently available. -- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. -- **IsWUfBEnablad** No content is currently available. -- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. -- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) -- **NetworkCst.** No content is currently available. -- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." -- **NetworkRestrictiontartus** No content is currently available. -- **oadPriority** No content is currently available. -- **PackageFullName** The package name of the content. -- **PegulationResult** No content is currently available. -- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. -- **PostDnldDime** No content is currently available. -- **PostDnldTime** Time (in seconds) taken to signal download completion after the last job completed downloading the payload. -- **ProcessName** The process name of the application that initiated API calls, in the event where CallerApplicationName was not provided. -- **Pst.DnldTime** No content is currently available. -- **PvocessName** No content is currently available. -- **QpdateId** No content is currently available. -- **QualityreUpdaPause** No content is currently available. -- **QualityUpdatePaser** No content is currently available. -- **QualityUpdatePatse** No content is currently available. -- **QualityUpdatePausa** No content is currently available. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RdvisionNumber** No content is currently available. -- **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background. -- **ReguiationResult** No content is currently available. -- **RegulationReason** The reason that the update is regulated -- **regulationResult** No content is currently available. -- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. -- **RegulatIonResult** No content is currently available. -- **ReiatedCV** No content is currently available. -- **RelatedCS** No content is currently available. -- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. -- **RelntedCV** No content is currently available. -- **RepeatFailCoun.** No content is currently available. -- **RepeatFailCount** Indicates whether this specific content has previously failed. -- **RepeatFailFlag** Indicates whether this specific content previously failed to download. -- **RevisionNumber** The revision number of the specified piece of content. -- **SericeCGuid** No content is currently available. -- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). -- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. -- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. -- **SizeCalcTime** Time (in seconds) taken to calculate the total download size of the payload. -- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TargetMetadataVersion** The version of the currently downloading (or most recently downloaded) package. -- **tartusCdel** No content is currently available. -- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. -- **tizeCalcTime** No content is currently available. -- **TotalExpectedBytes** The total size (in Bytes) expected to be downloaded. -- **UpdateId** An identifier associated with the specific piece of content. -- **UpdateID** An identifier associated with the specific piece of content. -- **UpdateImporEvent** No content is currently available. -- **UpdateImpornstan** No content is currently available. -- **UpdateImport.9ce** No content is currently available. -- **UpdateImportance** Indicates whether the content was marked as Important, Recommended, or Optional. -- **UsedDO** Indicates whether the download used the Delivery Optimization (DO) service. -- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. -- **WUDericeID** No content is currently available. -- **WUDeviceId** No content is currently available. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **WUDviceCID** No content is currently available. - - -### SoftwareUpdateClientTelemetry.DownloadCheckpoint - -This event provides a checkpoint between each of the Windows Update download phases for UUP content - -The following fields are available: - -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client -- **ClientVersion** The version number of the software distribution client -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed -- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver" -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough -- **FileId** A hash that uniquely identifies a file -- **FileName** Name of the downloaded file -- **FlightId** The unique identifier for each flight -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RevisionNumber** Unique revision number of Update -- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.) -- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult) -- **UpdateId** Unique Update ID -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue - - -### SoftwareUpdateClientTelemetry.DownloadHeartbeat - -This event allows tracking of ongoing downloads and contains data to explain the current state of the download - -The following fields are available: - -- **BytesTotal** Total bytes to transfer for this content -- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat -- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client -- **ClientVersion** The version number of the software distribution client -- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat -- **CurrentError** Last (transient) error encountered by the active download -- **DownloadFlags** Flags indicating if power state is ignored -- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing) -- **EventType** Possible values are "Child", "Bundle", or "Driver" -- **FlightId** The unique identifier for each flight -- **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered" -- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any -- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any -- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) -- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one -- **ResumeCount** Number of times this active download has resumed from a suspended state -- **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) -- **SuspendCount** Number of times this active download has entered a suspended state -- **SuspendReason** Last reason for why this active download entered a suspended state -- **UpdateId** Identifier associated with the specific piece of content -- **WUDeviceID** Unique device id controlled by the software distribution client - - -### SoftwareUpdateClientTelemetry.Install - -This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date. - -The following fields are available: - -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRepeatFailCoun.** No content is currently available. -- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. -- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install. -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CallerApplictionaName** No content is currently available. -- **ClientVersion** The version number of the software distribution client. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0. -- **CSIErrorType** The stage of CBS installation where it failed. -- **CSIErrorTypr** No content is currently available. -- **CurrentMobileOperator** The mobile operator to which the device is currently connected. -- **DeploymentProviderMode** The mode of operation of the update deployment provider. -- **DeviceModel** The device model. -- **DriverPingBack** Contains information about the previous driver and system state. -- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required. -- **DriverRecoverySds** No content is currently available. -- **EvåntInstanceID** No content is currently available. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventInstapceID** No content is currently available. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. -- **EventTypr** No content is currently available. -- **ExtendedErrorCdel** No content is currently available. -- **ExtendedErrorCode** The extended error code. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough. -- **ExtendedtartusCdel** No content is currently available. -- **FeatureUpdatePaser** No content is currently available. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FlightBranch** The branch that a device is on if participating in the Windows Insider Program. -- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **FlightRing** The ring that a device is on if participating in the Windows Insider Program. -- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update). -- **HandlerTypr** No content is currently available. -- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **InstallProps** A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update. -- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. -- **IsFirmware** Indicates whether this update is a firmware update. -- **IsKcfBDualScanEnabled** No content is currently available. -- **IsKcfBEnabled** No content is currently available. -- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. -- **IsSuccessFailurePst.Reboot** No content is currently available. -- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. -- **IsWufBEnabled** No content is currently available. -- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. -- **IsWVfBDualScanEnabled** No content is currently available. -- **IsWVfBEnabled** No content is currently available. -- **lundleId** No content is currently available. -- **lundleRepeatFailCount** No content is currently available. -- **lundleRevisionNumber** No content is currently available. -- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. -- **MsiAction** The stage of MSI installation where it failed. -- **MsiProductCdel** No content is currently available. -- **MsiProductCode** The unique identifier of the MSI installer. -- **PackageBullName** No content is currently available. -- **PackageFullName** The package name of the content being installed. -- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided. -- **QualityUpdatePaser** No content is currently available. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RepeatFailCoun.** No content is currently available. -- **RepeatFailCount** Indicates whether this specific piece of content has previously failed. -- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install. -- **RevisionNumber** The revision number of this specific piece of content. -- **SericeCGuid** No content is currently available. -- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). -- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. -- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult). -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersaon** No content is currently available. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TargetingVession** No content is currently available. -- **tartusCdel** No content is currently available. -- **TransactionCdel** No content is currently available. -- **TransactionCode** The ID that represents a given MSI installation. -- **UpdateId** Unique update ID. -- **UpdateID** An identifier associated with the specific piece of content. -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UpdateImportapce** No content is currently available. -- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive. -- **WUDdviceID** No content is currently available. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **WUDevi'eID** No content is currently available. -- **WUDviceCID** No content is currently available. - - -### SoftwareUpdateClientTelemetry.Revert - -Revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). - -The following fields are available: - -- **BundleId** Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found. -- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **ClientVersion** Version number of the software distribution client. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. -- **CSIErrorType** Stage of CBS installation that failed. -- **DriverPingBack** Contains information about the previous driver and system state. -- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **EventType** Event type (Child, Bundle, Release, or Driver). -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FlightBuildNumber** Indicates the build number of the flight. -- **FlightId** The specific ID of the flight the device is getting. -- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. -- **IsFirmware** Indicates whether an update was a firmware update. -- **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. -- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. -- **RepeatFailCount** Indicates whether this specific piece of content has previously failed. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). -- **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **UpdateId** The identifier associated with the specific piece of content. -- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). -- **UsedSystemVolume** Indicates whether the device's main system storage drive or an alternate storage drive was used. -- **WUDeviceID** Unique device ID controlled by the software distribution client. - - -### SoftwareUpdateClientTelemetry.TaskRun - -Start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed). - -The following fields are available: - -- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **ClientVersion** Version number of the software distribution client. -- **CmdLineArgs** Command line arguments passed in by the caller. -- **EventInstanceID** A globally unique identifier for the event instance. -- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). -- **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **WUDeviceID** Unique device ID controlled by the software distribution client. - - -### SoftwareUpdateClientTelemetry.Uninstall - -Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). - -The following fields are available: - -- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found. -- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed. -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request. -- **ClientVersion** Version number of the software distribution client. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. -- **DriverPingBack** Contains information about the previous driver and system state. -- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.). -- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver". -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FlightBuildNumber** Indicates the build number of the flight. -- **FlightId** The specific ID of the flight the device is getting. -- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. -- **IsFirmware** Indicates whether an update was a firmware update. -- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. -- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. -- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. -- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. -- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. -- **RepeatFailCount** Indicates whether this specific piece of content previously failed. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). -- **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **UpdateId** Identifier associated with the specific piece of content. -- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). -- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used. -- **WUDeviceID** Unique device ID controlled by the software distribution client. - - -### SoftwareUpdateClientTelemetry.UpdateDetected - -This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. - -The following fields are available: - -- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. -- **RelntedCV** No content is currently available. -- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.). -- **umberOfApplicableUpdates** No content is currently available. -- **WUDeviceID** The unique device ID controlled by the software distribution client. - - -### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity - -Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. - -The following fields are available: - -- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **CallerLoglicationName** No content is currently available. -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. -- **ExtendedStatusCode** The secondary status code of the event. -- **ExtendefStatusCode** No content is currently available. -- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. -- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. -- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **RcwMode** No content is currently available. -- **RevisionId** The revision ID for a specific piece of content. -- **RevisionNumber** The revision number for a specific piece of content. -- **SedviceGuid** No content is currently available. -- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store -- **ServiceGuidEndpointUrl** No content is currently available. -- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. -- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** An encoded string of the timestamp token. -- **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast -- **StatusCode** The status code of the event. -- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. -- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. -- **UpdateId** The update ID for a specific piece of content. -- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. - - -## System Resource Usage Monitor events - -### Microsoft.Windows.Srum.Sdp.CpuUsage - -This event provides information on CPU usage. - -The following fields are available: - -- **UsageMax** The maximum of hourly average CPU usage. -- **UsageMean** The mean of hourly average CPU usage. -- **UsageMedian** The median of hourly average CPU usage. -- **UsageTwoHourMaxMean** The mean of the maximum of every two hour of hourly average CPU usage. -- **UsageTwoHourMedianMean** The mean of the median of every two hour of hourly average CPU usage. - - -### Microsoft.Windows.Srum.Sdp.NetworkUsage - -This event provides information on network usage. - -The following fields are available: - -- **AdapterGuid** The unique ID of the adapter. -- **BytesTotalMax** The maximum of the hourly average bytes total. -- **BytesTotalMean** The mean of the hourly average bytes total. -- **BytesTotalMedian** The median of the hourly average bytes total. -- **BytesTotalTwoHourMaxMean** The mean of the maximum of every two hours of hourly average bytes total. -- **BytesTotalTwoHourMedianMean** The mean of the median of every two hour of hourly average bytes total. -- **LinkSpeed** The adapter link speed. - - -## Update events - -### Update360Telemetry.Revert - -This event sends data relating to the Revert phase of updating Windows. - -The following fields are available: - -- **ErrorCode** The error code returned for the Revert phase. -- **FlightId** Unique ID for the flight (test instance version). -- **ObjectId** The unique value for each Update Agent mode. -- **RebootRequired** Indicates reboot is required. -- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. -- **Result** The HResult of the event. -- **RevertResult** The result code returned for the Revert operation. -- **ScenarioId** The ID of the update scenario. -- **SessionId** The ID of the update attempt. -- **UpdateId** The ID of the update. - - -### Update360Telemetry.UpdateAgentCommit - -This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **ErrorCode** The error code returned for the current install phase. -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** Outcome of the install phase of the update. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentDownloadRequest - -This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. - -The following fields are available: - -- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. -- **DownloadRequests** Number of times a download was retried. -- **ErrorCode** The error code returned for the current download request phase. -- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. -- **FlightId** Unique ID for each flight. -- **InternalFailureResult** Indicates a non-fatal error from a plugin. -- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). -- **PackageCategoriesSkipped** Indicates package categories that were skipped, if applicable. -- **PackageCountOptional** Number of optional packages requested. -- **PackageCountRequired** Number of required packages requested. -- **PackageCountTotal** Total number of packages needed. -- **PackageCountTotalCanonical** Total number of canonical packages. -- **PackageCountTotalDiff** Total number of diff packages. -- **PackageCountTotalExpress** Total number of express packages. -- **PackageCountTotalPSFX** The total number of PSFX packages. -- **PackageExpressType** Type of express package. -- **PackageSizeCanonical** Size of canonical packages in bytes. -- **PackageSizeDiff** Size of diff packages in bytes. -- **PackageSizeExpress** Size of express packages in bytes. -- **PackageSizePSFX** The size of PSFX packages, in bytes. -- **RangeRequestState** Indicates the range request type used. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** Outcome of the download request phase of update. -- **SandboxTaggedForReserves** The sandbox for reserves. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases). -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentExpand - -This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **ElapsedTickCount** Time taken for expand phase. -- **EndFreeSpace** Free space after expand phase. -- **EndSandboxSize** Sandbox size after expand phase. -- **ErrorCode** The error code returned for the current install phase. -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **StartFreeSpace** Free space before expand phase. -- **StartSandboxSize** Sandbox size after expand phase. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentFellBackToCanonical - -This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **PackageCount** Number of packages that feel back to canonical. -- **PackageList** PackageIds which fell back to canonical. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentInitialize - -This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. - -The following fields are available: - -- **ErrorCode** The error code returned for the current install phase. -- **essionData** No content is currently available. -- **FlightId** Unique ID for each flight. -- **FlightMetadata** Contains the FlightId and the build being flighted. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** Outcome of the install phase of the update. -- **ScenarioId** Indicates the update scenario. -- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios). -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentInstall - -This event sends data for the install phase of updating Windows. - -The following fields are available: - -- **ErrorCode** The error code returned for the current install phase. -- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. -- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). -- **InternalFailureResult** Indicates a non-fatal error from a plugin. -- **ObjectId** Correlation vector value generated from the latest USO scan. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** The result for the current install phase. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentMerge - -The UpdateAgentMerge event sends data on the merge phase when updating Windows. - -The following fields are available: - -- **ErrorCode** The error code returned for the current merge phase. -- **FlightId** Unique ID for each flight. -- **MergeId** The unique ID to join two update sessions being merged. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Related correlation vector value. -- **Result** Outcome of the merge phase of the update. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentMitigationResult - -This event sends data indicating the result of each update agent mitigation. - -The following fields are available: - -- **Applicable** Indicates whether the mitigation is applicable for the current update. -- **CommandCount** The number of command operations in the mitigation entry. -- **CustomCount** The number of custom operations in the mitigation entry. -- **FileCount** The number of file operations in the mitigation entry. -- **FlightId** Unique identifier for each flight. -- **Index** The mitigation index of this particular mitigation. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **Name** The friendly name of the mitigation. -- **ObjectId** Unique value for each Update Agent mode. -- **OperationIndex** The mitigation operation index (in the event of a failure). -- **OperationName** The friendly name of the mitigation operation (in the event of failure). -- **RegistryCount** The number of registry operations in the mitigation entry. -- **RelatedCV** The correlation vector value generated from the latest USO scan. -- **Result** The HResult of this operation. -- **ScenarioId** The update agent scenario ID. -- **SessionId** Unique value for each update attempt. -- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments). -- **UpdateId** Unique ID for each Update. - - -### Update360Telemetry.UpdateAgentMitigationSummary - -This event sends a summary of all the update agent mitigations available for an this update. - -The following fields are available: - -- **Applicable** The count of mitigations that were applicable to the system and scenario. -- **Failed** The count of mitigations that failed. -- **FlightId** Unique identifier for each flight. -- **Friled** No content is currently available. -- **MitigationScenario** The update scenario in which the mitigations were attempted. -- **ObjectId** The unique value for each Update Agent mode. -- **RelatedCV** The correlation vector value generated from the latest USO scan. -- **Result** The HResult of this operation. -- **ScenarioId** The update agent scenario ID. -- **SessionId** Unique value for each update attempt. -- **TimeDiff** The amount of time spent performing all mitigations (in 100-nanosecond increments). -- **Total** Total number of mitigations that were available. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentModeStart - -This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. - -The following fields are available: - -- **FlightId** Unique ID for each flight. -- **Mode** Indicates the mode that has started. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. -- **Version** Version of update - - -### Update360Telemetry.UpdateAgentOneSettings - -This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **Count** The count of applicable OneSettings for the device. -- **FlightId** Unique ID for the flight (test instance version). -- **ObjectId** The unique value for each Update Agent mode. -- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings. -- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. -- **Result** The HResult of the event. -- **ScenarioId** The ID of the update scenario. -- **SessionId** The ID of the update attempt. -- **UpdateId** The ID of the update. -- **Values** The values sent back to the device, if applicable. - - -### Update360Telemetry.UpdateAgentPostRebootResult - -This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. - -The following fields are available: - -- **ErrorCode** The error code returned for the current post reboot phase. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **ObjectId** Unique value for each Update Agent mode. -- **PostRebootResult** Indicates the Hresult. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentReboot - -This event sends information indicating that a request has been sent to suspend an update. - -The following fields are available: - -- **ErrorCode** The error code returned for the current reboot. -- **FlightId** Unique ID for the flight (test instance version). -- **ObjectId** The unique value for each Update Agent mode. -- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. -- **Result** The HResult of the event. -- **ScenarioId** The ID of the update scenario. -- **SessionId** The ID of the update attempt. -- **UpdateId** The ID of the update. - - -### Update360Telemetry.UpdateAgentSetupBoxLaunch - -The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. - -The following fields are available: - -- **ContainsExpressPackage** Indicates whether the download package is express. -- **FlightId** Unique ID for each flight. -- **FreeSpace** Free space on OS partition. -- **InstallCount** Number of install attempts using the same sandbox. -- **ObjectId** Unique value for each Update Agent mode. -- **Quiet** Indicates whether setup is running in quiet mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **SandboxSize** Size of the sandbox. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each Update. -- **UserSession** Indicates whether install was invoked by user actions. - - -## Update notification events - -### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat - -This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. - -The following fields are available: - -- **CampaignConfigVersion** Configuration version for the current campaign. -- **CampaignID** Currently campaign that is running on Update Notification Pipeline (UNP). -- **ConfigCatalogVersion** Current catalog version of UNP. -- **ContentVersion** Content version for the current campaign on UNP. -- **CV** Correlation vector. -- **DetectorVersion** Most recently run detector version for the current campaign on UNP. -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. -- **PackageVersion** Current UNP package version. - - -## Upgrade events - -### FacilitatorTelemetry.DCATDownload - -This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **DownloadSize** Download size of payload. -- **ElapsedTime** Time taken to download payload. -- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for the upgrade. -- **ResultCode** Result returned by the Facilitator DCAT call. -- **Scenario** Dynamic update scenario (Image DU, or Setup DU). -- **Type** Type of package that was downloaded. -- **UpdateId** The ID of the update that was downloaded. - - -### FacilitatorTelemetry.DUDownload - -This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. - -The following fields are available: - -- **DownloadRequestAttributes** The attributes sent for download. -- **PackageCategoriesFailed** Lists the categories of packages that failed to download. -- **PackageCategoriesSkipped** Lists the categories of package downloads that were skipped. -- **ResultCode** The result of the event execution. -- **Scenario** Identifies the active Download scenario. -- **Url** The URL the download request was sent to. -- **Version** Identifies the version of Facilitator used. - - -### FacilitatorTelemetry.InitializeDU - -This event determines whether devices received additional or critical supplemental content during an OS upgrade. - -The following fields are available: - -- **DCATUrl** The Delivery Catalog (DCAT) URL we send the request to. -- **DownloadRequestAttributes** The attributes we send to DCAT. -- **ResultCode** The result returned from the initiation of Facilitator with the URL/attributes. -- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). -- **Url** The Delivery Catalog (DCAT) URL we send the request to. -- **Version** Version of Facilitator. - - -### Setup360Telemetry.Downlevel - -This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the downlevel OS. -- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** More detailed information about phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback). -- **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors). -- **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT). -- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** An ID that uniquely identifies a group of events. -- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. - - -### Setup360Telemetry.Finalize - -This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** More detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** ID that uniquely identifies a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. - - -### Setup360Telemetry.OsUninstall - -This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. - -The following fields are available: - -- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** ID that uniquely identifies a group of events. -- **WuId** Windows Update client ID. - - -### Setup360Telemetry.PostRebootInstall - -This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date. - -The following fields are available: - -- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId. - - -### Setup360Telemetry.PreDownloadQuiet - -This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date. - -The following fields are available: - -- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. -- **TestId** ID that uniquely identifies a group of events. -- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. - - -### Setup360Telemetry.PreDownloadUX - -This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process. - -The following fields are available: - -- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous operating system. -- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). -- **InstanceId** Unique GUID that identifies each instance of setuphost.exe. -- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. -- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** ID that uniquely identifies a group of events. -- **WuId** Windows Update client ID. - - -### Setup360Telemetry.PreInstallQuiet - -This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT). -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. - - -### Setup360Telemetry.PreInstallUX - -This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process. - -The following fields are available: - -- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT. -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** A string to uniquely identify a group of events. -- **WuId** Windows Update client ID. - - -### Setup360Telemetry.Setup360 - -This event sends data about OS deployment scenarios, to help keep Windows up-to-date. - -The following fields are available: - -- **ClientId** Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FieldName** Retrieves the data point. -- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. -- **InstanãeId** No content is currently available. -- **InstanceId** Retrieves a unique identifier for each instance of a setup session. -- **ReportId** Retrieves the report ID. -- **ScenarioId** Retrieves the deployment scenario. -- **value** No content is currently available. -- **Value** Retrieves the value associated with the corresponding FieldName. - - -### Setup360Telemetry.Setup360DynamicUpdate - -This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date. - -The following fields are available: - -- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. -- **InstanceId** Retrieves a unique identifier for each instance of a setup session. -- **Operation** Facilitator’s last known operation (scan, download, etc.). -- **ReportId** ID for tying together events stream side. -- **ResultCode** Result returned for the entire setup operation. -- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). -- **ScenarioId** Identifies the update scenario. -- **TargetBranch** Branch of the target OS. -- **TargetBuild** Build of the target OS. - - -### Setup360Telemetry.Setup360MitigationResult - -This event sends data indicating the result of each setup mitigation. - -The following fields are available: - -- **Applicable** TRUE if the mitigation is applicable for the current update. -- **ClientId** In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **CommandCount** The number of command operations in the mitigation entry. -- **CustomCount** The number of custom operations in the mitigation entry. -- **FileCount** The number of file operations in the mitigation entry. -- **FlightData** The unique identifier for each flight (test release). -- **Index** The mitigation index of this particular mitigation. -- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **Name** The friendly (descriptive) name of the mitigation. -- **OperationIndex** The mitigation operation index (in the event of a failure). -- **OperationName** The friendly (descriptive) name of the mitigation operation (in the event of failure). -- **RegistryCount** The number of registry operations in the mitigation entry. -- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM. -- **Result** HResult of this operation. -- **ScenarioId** Setup360 flow type. -- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments). - - -### Setup360Telemetry.Setup360MitigationSummary - -This event sends a summary of all the setup mitigations available for this update. - -The following fields are available: - -- **Applicable** The count of mitigations that were applicable to the system and scenario. -- **ClientId** The Windows Update client ID passed to Setup. -- **Failed** The count of mitigations that failed. -- **FlightData** The unique identifier for each flight (test release). -- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE. -- **MitigationScenario** The update scenario in which the mitigations were attempted. -- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM. -- **Result** HResult of this operation. -- **ScenarioId** Setup360 flow type. -- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments). -- **Total** The total number of mitigations that were available. - - -### Setup360Telemetry.Setup360OneSettings - -This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **ClientId** The Windows Update client ID passed to Setup. -- **Count** The count of applicable OneSettings for the device. -- **FlightData** The ID for the flight (test instance version). -- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe. -- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings. -- **ReportId** The Update ID passed to Setup. -- **Result** The HResult of the event error. -- **ScenarioId** The update scenario ID. -- **Values** Values sent back to the device, if applicable. - - -### Setup360Telemetry.UnexpectedEvent - -This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **o-Ste** No content is currently available. -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. - - -## Windows as a Service diagnostic events - -### Microsoft.Windows.WaaSMedic.SummaryEvent - -Result of the WaaSMedic operation. - -The following fields are available: - -- **callerApplication** The name of the calling application. -- **detectionSummary** Result of each applicable detection that was run. -- **featureAssessmentImpact** WaaS Assessment impact for feature updates. -- **hrEngineResult** Error code from the engine operation. -- **insufficientSessions** Device not eligible for diagnostics. -- **isInteractiveMode** The user started a run of WaaSMedic. -- **isManaged** Device is managed for updates. -- **isWUConnected** Device is connected to Windows Update. -- **noMoreActions** No more applicable diagnostics. -- **qualityAssessmentImpact** WaaS Assessment impact for quality updates. -- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on. -- **usingBackupFeatureAssessment** Relying on backup feature assessment. -- **usingBackupQualityAssessment** Relying on backup quality assessment. -- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. -- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. -- **versionString** Version of the WaaSMedic engine. -- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter. - - -## Windows Error Reporting events - -### Microsoft.Windows.WERVertical.OSCrash - -This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. - -The following fields are available: - -- **BootId** Uint32 identifying the boot number for this device. -- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check. -- **BugCheckPar%meter2** No content is currently available. -- **BugCheckParameter1** Uint64 parameter providing additional information. -- **BugCheckParameter2** Uint64 parameter providing additional information. -- **BugCheckParameter3** Uint64 parameter providing additional information. -- **BugCheckParameter4** Uint64 parameter providing additional information. -- **DumpFileAttributes** Codes that identify the type of data contained in the dump file -- **DumpFileSize** Size of the dump file -- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise -- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). - - -## Windows Error Reporting MTT events - -### Microsoft.Windows.WER.MTT.Denominator - -This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date. - -The following fields are available: - -- **DPRange** Maximum mean value range. -- **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate the mean. -- **Value** Standard UTC emitted DP value structure See [Value](#value). - - -### Value - -This event returns data about Mean Time to Failure (MTTF) for Windows devices. It is the primary means of estimating reliability problems in Basic Diagnostic reporting with very strong privacy guarantees. Since Basic Diagnostic reporting does not include system up-time, and since that information is important to ensuring the safe and stable operation of Windows, the data provided by this event provides that data in a manner which does not threaten a user’s privacy. - -The following fields are available: - -- **Algorithm** The algorithm used to preserve privacy. -- **DPRange** The upper bound of the range being measured. -- **DPValue** The randomized response returned by the client. -- **Epsilon** The level of privacy to be applied. -- **HistType** The histogram type if the algorithm is a histogram algorithm. -- **PertProb** The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”. - - -## Windows Store events - -### Microsoft.Windows.Store.StoreActivating - -This event sends tracking data about when the Store app activation via protocol URI is in progress, to help keep Windows up to date. - - - -### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation - -This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure. - -The following fields are available: - -- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. -- **AggregatedPackageFullNcmes** No content is currently available. -- **AttemptNumber** Number of retry attempts before it was canceled. -- **BundleId** The Item Bundle ID. -- **Bundlele** No content is currently available. -- **CategoryId** The Item Category ID. -- **Categoryle** No content is currently available. -- **ClientAppId** The identity of the app that initiated this operation. -- **ClientApple** No content is currently available. -- **HResult** The result code of the last action performed before this operation. -- **IsBundle** Is this a bundle? -- **IsInteractive** Was this requested by a user? -- **IsMandatory** Was this a mandatory update? -- **IsRemediation** Was this a remediation install? -- **IsRestore** Is this automatically restoring a previously acquired product? -- **IsUpdate** Flag indicating if this is an update. -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **ParentBundlele** No content is currently available. -- **PFN** The product family name of the product being installed. -- **Producele** No content is currently available. -- **ProductId** The identity of the package or packages being installed. -- **S{stemAttemptNumber** No content is currently available. -- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled. -- **UserAttemptNumber** The total number of user attempts at installation before it was canceled. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds - -This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure. - - - -### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare - -This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure. - - - -### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation - -This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNames** The names of all package or packages to be downloaded and installed. -- **AttemptNumber** Total number of installation attempts. -- **BundleId** The identity of the Windows Insider build that is associated with this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **IsBundle** Is this a bundle? -- **IsInteractive** Was this requested by a user? -- **IsMandatory** Is this a mandatory update? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this an automatic restore of a previously acquired product? -- **IsUpdate** Is this a product update? -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **PFN** The name of all packages to be downloaded and installed. -- **PreviousHResult** The previous HResult code. -- **PreviousInstallState** Previous installation state before it was canceled. -- **ProductId** The name of the package or packages requested for installation. -- **RelatedCV** Correlation Vector of a previous performed action on this product. -- **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled. -- **UserAttemptNumber** Total number of user attempts to install before it was canceled. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest - -This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure. - -The following fields are available: - -- **CatalogId** The Store Product ID of the app being installed. -- **HResult** HResult code of the action being performed. -- **IsBundle** Is this a bundle? -- **PackageFamilyName** The name of the package being installed. -- **ProductId** The Store Product ID of the product being installed. -- **SkuId** Specific edition of the item being installed. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense - -This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNaies** No content is currently available. -- **AggregatedpackageFullNames** No content is currently available. -- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. -- **AttemptNumber** The total number of attempts to acquire this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **HResult** HResult code to show the result of the operation (success/failure). -- **IsBundle** Is this a bundle? -- **IsInteractive** Did the user initiate the installation? -- **IsMandatory** Is this a mandatory update? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this happening after a device restore? -- **IsUp`ate** No content is currently available. -- **IsUpdate** Is this an update? -- **ParentBuneleId** No content is currently available. -- **PFN** Product Family Name of the product being installed. -- **productId** No content is currently available. -- **ProductId** The Store Product ID for the product being installed. -- **SystemAttemptNumber** The number of attempts by the system to acquire this product. -- **UserAttemptNumber** The number of attempts by the user to acquire this product -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndDownload - -This event is sent after an app is downloaded to help keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNaðes** No content is currently available. -- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. -- **AttemptNumber** Number of retry attempts before it was canceled. -- **BundleId** The identity of the Windows Insider build associated with this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **DownloadSize** The total size of the download. -- **ExtendedHResult** Any extended HResult error codes. -- **HResult** The result code of the last action performed. -- **IsBundle** Is this a bundle? -- **IsInteractive** Is this initiated by the user? -- **IsMandatory** Is this a mandatory installation? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this a restore of a previously acquired product? -- **IsUpdate** Is this an update? -- **ParentBundleId** The parent bundle ID (if it's part of a bundle). -- **PFN** The Product Family Name of the app being download. -- **ProductId** The Store Product ID for the product being installed. -- **SystemAttemptNumber** The number of attempts by the system to download. -- **UserAttemptNumber** The number of attempts by the user to download. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate - -This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **HResult** The result code of the last action performed before this operation. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds - -This event is sent after sending the inventory of the products installed to determine whether updates for those products are available. It's used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **HResult** The result code of the last action performed before this operation. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndInstall - -This event is sent after a product has been installed to help keep Windows up-to-date and secure. - -The following fields are available: - -- **__TlgCÖ__** No content is currently available. -- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. -- **AttemptNumber** The number of retry attempts before it was canceled. -- **BundleId** The identity of the build associated with this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **ExtendedHResult** The extended HResult error code. -- **HResult** The result code of the last action performed. -- **IsBundle** Is this a bundle? -- **IsInteractive** Is this an interactive installation? -- **IsInteragtive** No content is currently available. -- **IsMandatory** Is this a mandatory installation? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this automatically restoring a previously acquired product? -- **IsUpdate** Is this an update? -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **PFN** Product Family Name of the product being installed. -- **ProductId** The Store Product ID for the product being installed. -- **SystemAttemptNumber** The total number of system attempts. -- **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates - -This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **ClientAppId** The identity of the app that initiated this operation. -- **HResult** The result code of the last action performed. -- **IsApplicability** Is this request to only check if there are any applicable packages to install? -- **IsInteractive** Is this user requested? -- **IsOnline** Is the request doing an online check? - - -### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages - -This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. -- **AttemptNumber** The total number of retry attempts before it was canceled. -- **BundleId** The identity of the build associated with this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **HResult** The result code of the last action performed. -- **IsBundle** Is this a bundle? -- **IsInteractive** Is this user requested? -- **IsMandatory** Is this a mandatory update? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this restoring previously acquired content? -- **IsUpdate** Is this an update? -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **PFN** The name of the package or packages requested for install. -- **ProductId** The Store Product ID for the product being installed. -- **SystemAttemptNumber** The total number of system attempts. -- **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData - -This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. -- **AttemptNumber** The total number of retry attempts before it was canceled. -- **BundleId** The identity of the build associated with this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **HResult** The result code of the last action performed. -- **IsBundle** Is this a bundle? -- **IsInteractive** Is this user requested? -- **IsMandatory** Is this a mandatory update? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this restoring previously acquired content? -- **IsUpdate** Is this an update? -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **PFN** The name of the package or packages requested for install. -- **ProductId** The Store Product ID for the product being installed. -- **SystemAttemptNumber** The total number of system attempts. -- **UserAttemptNumber** The total number of system attempts. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare - -This event is sent after a scan for available app updates to help keep Windows up-to-date and secure. - -The following fields are available: - -- **HResult** The result code of the last action performed. - - -### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete - -This event is sent at the end of an app install or update to help keep Windows up-to-date and secure. - -The following fields are available: - -- **CatalogId** The name of the product catalog from which this app was chosen. -- **CatanogId** No content is currently available. -- **CatdlogId** No content is currently available. -- **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** The HResult code of the operation. -- **JResult** No content is currently available. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **Producele** No content is currently available. -- **ProductId** The product ID of the app that is being updated or installed. - - -### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate - -This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure. - -The following fields are available: - -- **CatalogId** The name of the product catalog from which this app was chosen. -- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. -- **ProductId** The product ID of the app that is being updated or installed. - - -### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest - -This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **BundleId** The identity of the build associated with this product. -- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed. -- **ProductId** The Store Product ID for the product being installed. -- **SkuId** Specific edition ID being installed. -- **VolumePath** The disk path of the installation. - - -### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation - -This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. -- **AttemptNumber** The total number of retry attempts before it was canceled. -- **BundleId** The identity of the build associated with this product. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **IsBundle** Is this a bundle? -- **IsInteractive** Is this user requested? -- **IsMandatory** Is this a mandatory update? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this restoring previously acquired content? -- **IsUpdate** Is this an update? -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **PFN** The Product Full Name. -- **PreviousHResult** The result code of the last action performed before this operation. -- **PreviousInstallState** Previous state before the installation or update was paused. -- **ProductId** The Store Product ID for the product being installed. -- **RelatedCV** Correlation Vector of a previous performed action on this product. -- **SystemAttemptNumber** The total number of system attempts. -- **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation - -This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure. - -The following fields are available: - -- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. -- **AttemptNumber** The number of retry attempts before it was canceled. -- **BundleId** The identity of the build associated with this product. -- **categoryId** No content is currently available. -- **CategoryId** The identity of the package or packages being installed. -- **ClientAppId** The identity of the app that initiated this operation. -- **HResult** The result code of the last action performed before this operation. -- **IsBundle** Is this a bundle? -- **IsInteractive** Is this user requested? -- **IsMandatory** Is this a mandatory update? -- **IsRemediation** Is this repairing a previous installation? -- **IsRestore** Is this restoring previously acquired content? -- **IsUpdate** Is this an update? -- **IsUserRetry** Did the user initiate the retry? -- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). -- **PFN** The name of the package or packages requested for install. -- **PreviousHResult** The previous HResult error code. -- **PreviousInstallState** Previous state before the installation was paused. -- **ProductId** The Store Product ID for the product being installed. -- **RelatedCV** Correlation Vector for the original install before it was resumed. -- **ResumeClientId** The ID of the app that initiated the resume operation. -- **SystemAttemptNumber** The total number of system attempts. -- **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID. - - -### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest - -This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **ProductId** The Store Product ID for the product being installed. - - -### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest - -This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **CatalogId** The Store Catalog ID for the product being installed. -- **ProductId** The Store Product ID for the product being installed. -- **SkuId** Specfic edition of the app being updated. - - -### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest - -This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure. - -The following fields are available: - -- **PFamN** The name of the app that is requested for update. - - -## Windows System Kit events - -### Microsoft.Windows.Kits.WSK.WskImageCreate - -This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate “image” creation failures. - -The following fields are available: - -- **Phase** The image creation phase. Values are “Start” or “End”. -- **WskVersion** The version of the Windows System Kit being used. - - -### Microsoft.Windows.Kits.WSK.WskImageCustomization - -This event sends simple Product and Service usage data when a user is using the Windows System Kit to create/modify configuration files allowing the customization of a new OS image with Apps or Drivers. The data includes the version of the Windows System Kit, the state of the event, the customization type (drivers or apps) and the mode (new or updating) and is used to help investigate configuration file creation failures. - -The following fields are available: - -- **CustomizationMode** Indicates the mode of the customization (new or updating). -- **CustomizationType** Indicates the type of customization (drivers or apps). -- **Mode** The mode of update to image configuration files. Values are “New” or “Update”. -- **Phase** The image creation phase. Values are “Start” or “End”. -- **Type** The type of update to image configuration files. Values are “Apps” or “Drivers”. -- **WskVersion** The version of the Windows System Kit being used. - - -### Microsoft.Windows.Kits.WSK.WskWorkspaceCreate - -This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new workspace for generating OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate workspace creation failures. - -The following fields are available: - -- **Architecture** The OS architecture that the workspace will target. Values are one of: “AMD64”, “ARM64”, “x86”, or “ARM”. -- **OsEdition** The Operating System Edition that the workspace will target. -- **Phase** The image creation phase. Values are “Start” or “End”. -- **WorkspaceArchitecture** The operating system architecture that the workspace will target. -- **WorkspaceOsEdition** The operating system edition that the workspace will target. -- **WskVersion** The version of the Windows System Kit being used. - - -## Windows Update Delivery Optimization events - -### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled - -This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. - -The following fields are available: - -- **background** Is the download being done in the background? -- **bytesFromCacheServer** Bytes received from a cache host. -- **bytesFromCDN** The number of bytes received from a CDN source. -- **bytesFromGroupPeers** The number of bytes received from a peer in the same group. -- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group. -- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. -- **bytesFromPeers** The number of bytes received from a peer in the same LAN. -- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. -- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. -- **cdnIp** The IP Address of the source CDN (Content Delivery Network). -- **cdnUrl** The URL of the source CDN (Content Delivery Network). -- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. -- **errorCode** The error code that was returned. -- **experimentId** When running a test, this is used to correlate events that are part of the same test. -- **fileID** The ID of the file being downloaded. -- **gCurMemoryStreamBytes** Current usage for memory streaming. -- **gMaxMemoryStreamBytes** Maximum usage for memory streaming. -- **isVpn** Indicates whether the device is connected to a VPN (Virtual Private Network). -- **jobID** Identifier for the Windows Update job. -- **predefinedCallerName** The name of the API Caller. -- **reasonCode** Reason the action or event occurred. -- **routeToCacheServer** The cache server setting, source, and value. -- **sessionID** The ID of the file download session. -- **updateID** The ID of the update being downloaded. -- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads. - - -### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted - -This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. - -The following fields are available: - -- **#dnErrorCounts** No content is currently available. -- **__TlgCVß_** No content is currently available. -- **|anConnectionCount** No content is currently available. -- **0redefinedCallerName** No content is currently available. -- **b6nConnectionCount** No content is currently available. -- **b6nErrorCodes** No content is currently available. -- **b6nErrorCounts** No content is currently available. -- **b6nIp** No content is currently available. -- **b6nUrl** No content is currently available. -- **background** Is the download a background download? -- **bytesFrkmIntPeers** No content is currently available. -- **bytesFromCacheSedver** No content is currently available. -- **bytesFromCacheServer** Bytes received from a cache host. -- **bytesFromCDN** The number of bytes received from a CDN source. -- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group. -- **bytesFromIntÐeers** No content is currently available. -- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group. -- **bytesFromLinkLocalPeers** The number of bytes received from local peers. -- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. -- **bytesFromPeers** The number of bytes received from a peer in the same LAN. -- **bytesRequested** The total number of bytes requested for download. -- **cacheSarverConnectionCount** No content is currently available. -- **cacheSedverConnectionCount** No content is currently available. -- **cacheServerConndctionCount** No content is currently available. -- **cacheServerConnectionCoujt** No content is currently available. -- **cacheServerConnectionCount** Number of connections made to cache hosts. -- **cdnConnectionCount** The total number of connections made to the CDN. -- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. -- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. -- **cdnIp** The IP address of the source CDN. -- **cdnSonnectionCount** No content is currently available. -- **cdnUrl** Url of the source Content Distribution Network (CDN). -- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. -- **dkwnloadModeSrc** No content is currently available. -- **doErrorCode** The Delivery Optimization error code that was returned. -- **dowflinkBps** No content is currently available. -- **downlinkBps** The maximum measured available download bandwidth (in bytes per second). -- **downlinkUsageBps** The download speed (in bytes per second). -- **downloadMode** The download mode used for this file download session. -- **downloadModeReason** Reason for the download. -- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). -- **downloadMofeSrc** No content is currently available. -- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. -- **fileID** The ID of the file being downloaded. -- **fileSize** The size of the file being downloaded. -- **gCurMemoryStreamBytes** Current usage for memory streaming. -- **gMaxMemoryStreamBytes** Maximum usage for memory streaming. -- **groupConjectionCount** No content is currently available. -- **groupConnectionCount** The total number of connections made to peers in the same group. -- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. -- **internetConnectionCountdownlinkBps** No content is currently available. -- **isEjcrypted** No content is currently available. -- **isEncryptdd** No content is currently available. -- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. -- **isVpn** Is the device connected to a Virtual Private Network? -- **jobID** Identifier for the Windows Update job. -- **lanConnectionCount** The total number of connections made to peers in the same LAN. -- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network. -- **numPeers** The total number of peers used for this download. -- **numPeersLocal** The total number of local peers used for this download. -- **predefi.edCallerName** No content is currently available. -- **predefinedCallerName** The name of the API Caller. -- **predefinedCalleRName** No content is currently available. -- **restrictedUpload** Is the upload restricted? -- **romteToCacheServer** No content is currently available. -- **roupeToCacheServer** No content is currently available. -- **routeTnCacheServer** No content is currently available. -- **routeToCacheSedver** No content is currently available. -- **routeToCacheServer** The cache server setting, source, and value. -- **sessionID** The ID of the download session. -- **totalTimeMs** Duration of the download (in seconds). -- **updateID** The ID of the update being downloaded. -- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second). -- **uplinkUsageBps** The upload speed (in bytes per second). -- **uplinkUsegeBps** No content is currently available. -- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads. - - -### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused - -This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. - -The following fields are available: - -- **backgground** No content is currently available. -- **backgrou|d** No content is currently available. -- **background** Is the download a background download? -- **c`nUrl** No content is currently available. -- **cdnUrl** The URL of the source CDN (Content Delivery Network). -- **errorBode** No content is currently available. -- **errorCode** The error code that was returned. -- **expebimentId** No content is currently available. -- **expebimentIderrorCode** No content is currently available. -- **experiientId** No content is currently available. -- **experimenpId** No content is currently available. -- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. -- **fileID** The ID of the file being paused. -- **isVp|** No content is currently available. -- **isVpn** Is the device connected to a Virtual Private Network? -- **jobID** Identifier for the Windows Update job. -- **predefinedCallerName** The name of the API Caller object. -- **reasonCod%** No content is currently available. -- **reasonCode** The reason for pausing the download. -- **recsonCodesessiolID** No content is currently available. -- **routeToCacheSedver** No content is currently available. -- **routeToCacheServer** The cache server setting, source, and value. -- **sessionID** The ID of the download session. -- **updateID** The ID of the update being paused. -- **updateMD** No content is currently available. - - -### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted - -This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. - -The following fields are available: - -- **b6nUrl** No content is currently available. -- **background** Indicates whether the download is happening in the background. -- **bacoground** No content is currently available. -- **bileSizeCaller** No content is currently available. -- **bytesRequested** Number of bytes requested for the download. -- **cdnUrl** The URL of the source Content Distribution Network (CDN). -- **costFlags** A set of flags representing network cost. -- **costFlaos** No content is currently available. -- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). -- **diceRoll** Random number used for determining if a client will use peering. -- **doClientVersion** The version of the Delivery Optimization client. -- **doErrorC/de** No content is currently available. -- **doErrorCode** The Delivery Optimization error code that was returned. -- **doErrorCoee** No content is currently available. -- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). -- **downloadModeReason** Reason for the download. -- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). -- **errorCode** The error code that was returned. -- **experimejtId** No content is currently available. -- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. -- **fiheID** No content is currently available. -- **fileID** The ID of the file being downloaded. -- **filePat(** No content is currently available. -- **filePath** The path to where the downloaded file will be written. -- **fileSize** Total file size of the file that was downloaded. -- **fileSizeCaller** Value for total file size provided by our caller. -- **groqpID** No content is currently available. -- **groupID** ID for the group. -- **isEncrypted** Indicates whether the download is encrypted. -- **isFpn** No content is currently available. -- **isVpn** Indicates whether the device is connected to a Virtual Private Network. -- **jobID** The ID of the Windows Update job. -- **peerID** The ID for this delivery optimization client. -- **predefinedCallerName** Name of the API caller. -- **rimentId** No content is currently available. -- **routeToCacheSedver** No content is currently available. -- **routeToCacheServer** Cache server setting, source, and value. -- **sessionID** The ID for the file download session. -- **sessmonID** No content is currently available. -- **setConfigs** A JSON representation of the configurations that have been set, and their sources. -- **updateID** The ID of the update being downloaded. -- **updateYD** No content is currently available. -- **usedMemoryStream** Indicates whether the download used memory streaming. - - -### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication - -This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. - -The following fields are available: - -- **cdnHeaders** The HTTP headers returned by the CDN. -- **cdnIp** The IP address of the CDN. -- **cdnUrl** The URL of the CDN. -- **eErrorCode** No content is currently available. -- **eErrorCunt** No content is currently available. -- **errorCode** The error code that was returned. -- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered. -- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. -- **fileID** The ID of the file being downloaded. -- **htppStatusCode** No content is currently available. -- **httpStatusCode** The HTTP status code returned by the CDN. -- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET -- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.). -- **requestOffset** The byte offset within the file in the sent request. -- **requestSize** The size of the range requested from the CDN. -- **responseSize** The size of the range response received from the CDN. -- **sessionID** The ID of the download session. - - -### Microsoft.OSG.DU.DeliveryOptClient.JobError - -This event represents a Windows Update job error. It allows for investigation of top errors. - -The following fields are available: - -- **cdnIp** The IP Address of the source CDN (Content Delivery Network). -- **doErrorCode** Error code returned for delivery optimization. -- **errorCode** The error code returned. -- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. -- **fileID** The ID of the file being downloaded. -- **jobID** The Windows Update job ID. - - -## Windows Update events - -### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary - -This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. - -The following fields are available: - -- **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis. -- **flightId** Unique ID for each flight. -- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system. -- **missingUpdateCount** The number of updates in the device manifest that are missing from the system. -- **objectId** Unique value for each diagnostics session. -- **publishedCount** The number of drivers packages delivered by the device manifest that are published and available to be used on devices. -- **relatedCV** Correlation vector value generated from the latest USO scan. -- **scenarioId** Indicates the update scenario. -- **sessionId** Unique value for each update session. -- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. -- **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string. -- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string. -- **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** The unique ID for each update. - - -### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit - -This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. - -The following fields are available: - -- **errorCode** The error code returned for the current session initialization. -- **flightId** The unique identifier for each flight. -- **objectId** The unique GUID for each diagnostics session. -- **relatedCV** A correlation vector value generated from the latest USO scan. -- **result** Outcome of the initialization of the session. -- **scenarioId** Identifies the Update scenario. -- **sessionId** The unique value for each update session. -- **updateId** The unique identifier for each Update. - - -### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest - -This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. - -The following fields are available: - -- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted. -- **errorCode** The error code returned for the current session initialization. -- **flightId** The unique identifier for each flight. -- **objectId** Unique value for each Update Agent mode. -- **packageCountOptional** Number of optional packages requested. -- **packageCountRequired** Number of required packages requested. -- **packageCountTotal** Total number of packages needed. -- **packageCountTotalCanonical** Total number of canonical packages. -- **packageCountTotalDiff** Total number of diff packages. -- **packageCountTotalExpress** Total number of express packages. -- **packageSizeCanonical** Size of canonical packages in bytes. -- **packageSizeDiff** Size of diff packages in bytes. -- **packageSizeExpress** Size of express packages in bytes. -- **rangeRequestState** Represents the state of the download range request. -- **relatedCV** Correlation vector value generated from the latest USO scan. -- **result** Result of the download request phase of update. -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. -- **sessionId** Unique value for each Update Agent mode attempt. -- **updateId** Unique ID for each update. - - -### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize - -This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. - -The following fields are available: - -- **errorCode** The error code returned for the current session initialization. -- **flightId** The unique identifier for each flight. -- **flightMetadata** Contains the FlightId and the build being flighted. -- **objectId** Unique value for each Update Agent mode. -- **relatedCV** Correlation vector value generated from the latest USO scan. -- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. -- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). -- **sessionId** Unique value for each Update Agent mode attempt. -- **updateId** Unique ID for each update. - - -### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall - -This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. - -The following fields are available: - -- **errorCode** The error code returned for the current install phase. -- **flightId** The unique identifier for each flight (pre-release builds). -- **objectId** The unique identifier for each diagnostics session. -- **relatedCV** Correlation vector value generated from the latest scan. -- **result** Outcome of the install phase of the update. -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionId** The unique identifier for each update session. -- **updateId** The unique identifier for each Update. - - -### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart - -This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. - -The following fields are available: - -- **flightId** The unique identifier for each flight (pre-release builds). -- **mode** Indicates the active Update Agent mode. -- **objectId** Unique value for each diagnostics session. -- **relatedCV** Correlation vector value generated from the latest scan. -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. -- **sessionId** The unique identifier for each update session. -- **updateId** The unique identifier for each Update. - - -### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed - -This event indicates that a notification dialog box is about to be displayed to user. - -The following fields are available: - -- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode. -- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown. -- **DaysSinceRebootRequired** Number of days since restart was required. -- **DeviceLocalTime** The local time on the device sending the event. -- **EngagedModeLimit** The number of days to switch between DTE dialog boxes. -- **EnterAutoModeLimit** The maximum number of days for a device to enter Auto Reboot mode. -- **ETag** OneSettings versioning value. -- **IsForcedEnabled** Indicates whether Forced Reboot mode is enabled for this device. -- **IsUltimateForcedEnabled** Indicates whether Ultimate Forced Reboot mode is enabled for this device. -- **NotificationUxState** Indicates which dialog box is shown. -- **NotificationUxStateString** Indicates which dialog box is shown. -- **RebootUxState** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced). -- **RebootUxStateString** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced). -- **RebootVersion** Version of DTE. -- **SkipToAutoModeLimit** The minimum length of time to pass in restart pending before a device can be put into auto mode. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UtcTime** The time the dialog box notification will be displayed, in Coordinated Universal Time. - - -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog - -This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. - -The following fields are available: - -- **DeviceLocalTime** The local time on the device sending the event. -- **ETag** OneSettings versioning value. -- **ExitCode** Indicates how users exited the dialog box. -- **RebootVersion** Version of DTE. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UserResponseString** The option that user chose on this dialog box. -- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. - - -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog - -This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed.. - -The following fields are available: - -- **DeviceLocalTime** The local time on the device sending the event. -- **ETag** OneSettings versioning value. -- **ExitCode** Indicates how users exited the dialog box. -- **RebootVersion** Version of DTE. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UserResponseString** The option that user chose in this dialog box. -- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. - - -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog - -This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. - -The following fields are available: - -- **DeviceLocalTime** The local time of the device sending the event. -- **ETag** OneSettings versioning value. -- **ExitCode** Indicates how users exited the dialog box. -- **RebootVersion** Version of DTE. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UserResponseString** The option that the user chose in this dialog box. -- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. - - -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog - -This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed. - -The following fields are available: - -- **DeviceLocalTime** Time the dialog box was shown on the local device. -- **ETag** OneSettings versioning value. -- **ExitCode** Indicates how users exited the dialog box. -- **RebootVersion** Version of DTE. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UserResponseString** The option that user chose in this dialog box. -- **UtcTime** The time that dialog box was displayed, in Coordinated Universal Time. - - -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog - -This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed. - -The following fields are available: - -- **DeviceLocalTime** The time at which the reboot reminder dialog was shown (based on the local device time settings). -- **ETag** The OneSettings versioning value. -- **ExitCode** Indicates how users exited the reboot reminder dialog box. -- **RebootVersion** The version of the DTE (Direct-to-Engaged). -- **UpdateId** The ID of the update that is waiting for reboot to finish installation. -- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation. -- **UserResponseString** The option chosen by the user on the reboot dialog box. -- **UtcTime** The time at which the reboot reminder dialog was shown (in UTC). - - -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast - -This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed. - -The following fields are available: - -- **DeviceLocalTime** The local time on the device sending the event. -- **ETag** OneSettings versioning value. -- **ExitCode** Indicates how users exited the pop-up banner. -- **RebootVersion** The version of the reboot logic. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UserResponseString** The option that the user chose in the pop-up banner. -- **UtcTime** The time that the pop-up banner was displayed, in Coordinated Universal Time. - - -### Microsoft.Windows.Update.NotificationUx.RebootScheduled - -Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. - -The following fields are available: - -- **activeHoursApplicable** Indicates whether an Active Hours policy is present on the device. -- **IsEnhancedEngagedReboot** Indicates whether this is an Enhanced Engaged reboot. -- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. -- **rebootOutsideOfActiveHours** Indicates whether a restart is scheduled outside of active hours. -- **rebootScheduledByUser** Indicates whether the restart was scheduled by user (if not, it was scheduled automatically). -- **rebootState** The current state of the restart. -- **rebootUsingSmartScheduler** Indicates whether the reboot is scheduled by smart scheduler. -- **revisionNumber** Revision number of the update that is getting installed with this restart. -- **scheduledRebootTime** Time of the scheduled restart. -- **scheduledRebootTimeInUTC** Time of the scheduled restart in Coordinated Universal Time. -- **updateId** ID of the update that is getting installed with this restart. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy - -This event indicates a policy is present that may restrict update activity to outside of active hours. - -The following fields are available: - -- **activeHoursEnd** The end of the active hours window. -- **activeHoursStart** The start of the active hours window. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours - -This event indicates that update activity was blocked because it is within the active hours window. - -The following fields are available: - -- **activeHoursEnd** The end of the active hours window. -- **activeHoursStart** The start of the active hours window. -- **updatePhase** The current state of the update process. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel - -This event indicates that Windows Update activity was blocked due to low battery level. - -The following fields are available: - -- **batteryLevel** The current battery charge capacity. -- **batteryLevelThreshold** The battery capacity threshold to stop update activity. -- **updatePhase** The current state of the update process. -- **wuDeviceid** Device ID. - - -### Microsoft.Windows.Update.Orchestrator.DeferRestart - -This event indicates that a restart required for installing updates was postponed. - -The following fields are available: - -- **displayNeededReason** List of reasons for needing display. -- **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). -- **gameModeReason** Name of the executable that caused the game mode state check to start. -- **ignoredReason** List of reasons that were intentionally ignored. -- **IgnoreReasonsForRestart** List of reasons why restart was deferred. -- **revisionNumber** Update ID revision number. -- **systemNeededReason** List of reasons why system is needed. -- **updateId** Update ID. -- **updateScenarioType** Update session type. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.Detection - -This event indicates that a scan for a Windows Update occurred. - -The following fields are available: - -- **deferReason** The reason why the device could not check for updates. -- **detectionBlockingPolicy** The Policy that blocked detection. -- **detectionBlockreason** The reason detection did not complete. -- **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** The error code returned for the current process. -- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. -- **interactive** Indicates whether the user initiated the session. -- **networkStatus** Indicates if the device is connected to the internet. -- **revisionNumber** The Update revision number. -- **scanTriggerSource** The source of the triggered scan. -- **updateId** The unique identifier of the Update. -- **updateScenarioType** Identifies the type of update session being performed. -- **wuDeviceid** The unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.DisplayNeeded - -This event indicates the reboot was postponed due to needing a display. - -The following fields are available: - -- **displayNeededReason** Reason the display is needed. -- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. -- **revisionNumber** Revision number of the update. -- **updateId** Update ID. -- **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. -- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue - - -### Microsoft.Windows.Update.Orchestrator.Download - -This event sends launch data for a Windows Update download to help keep Windows up to date. - -The following fields are available: - -- **deferReason** Reason for download not completing. -- **e:4|SScenario** No content is currently available. -- **errorCode** An error code represented as a hexadecimal value. -- **eventScenario** End-to-end update session ID. -- **flightID** The specific ID of the Windows Insider build the device is getting. -- **interactive** Indicates whether the session is user initiated. -- **interactiveelatedCVerrorCode** No content is currently available. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **updateScenariotate** No content is currently available. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit - -This event indicates that DTU completed installation of the electronic software delivery (ESD), when Windows Update was already in Pending Commit phase of the feature update. - -The following fields are available: - -- **wuDeviceid** Device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.DTUEnabled - -This event indicates that Inbox DTU functionality was enabled. - -The following fields are available: - -- **wuDeviceid** Device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.DTUInitiated - -This event indicates that Inbox DTU functionality was intiated. - -The following fields are available: - -- **dtuErrorCode** Return code from creating the DTU Com Server. -- **isDtuApplicable** Determination of whether DTU is applicable to the machine it is running on. -- **wuDeviceid** Device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels - -This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date. - -The following fields are available: - -- **configVersion** The escalation configuration version on the device. -- **downloadElapsedTime** Indicates how long since the download is required on device. -- **downloadRiskLevel** At-risk level of download phase. -- **installElapsedTime** Indicates how long since the install is required on device. -- **installRiskLevel** The at-risk level of install phase. -- **isSediment** Assessment of whether is device is at risk. -- **scanElapsedTime** Indicates how long since the scan is required on device. -- **scanRiskLevel** At-risk level of the scan phase. -- **wuDeviceid** Device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask - -This event indicated that USO failed to add a trigger time to a task. - -The following fields are available: - -- **errorCode** The Windows Update error code. -- **wuDeviceid** The Windows Update device ID. - - -### Microsoft.Windows.Update.Orchestrator.FlightInapplicable - -This event indicates that the update is no longer applicable to this device. - -The following fields are available: - -- **EventPublishedTime** Time when this event was generated. -- **flightID** The specific ID of the Windows Insider build. -- **inapplicableReason** The reason why the update is inapplicable. -- **revisionNumber** Update revision number. -- **updateId** Unique Windows Update ID. -- **updateScenarioType** Update session type. -- **UpdateStatus** Last status of update. -- **UUPFallBackConfigured** Indicates whether UUP fallback is configured. -- **wuDeviceid** Unique Device ID. - - -### Microsoft.Windows.Update.Orchestrator.InitiatingReboot - -This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows up to date. - -The following fields are available: - -- **EventPublishedTime** Time of the event. -- **flightID** Unique update ID -- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action. -- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. -- **revisionNumber** Revision number of the update. -- **updateId** Update ID. -- **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.Install - -This event sends launch data for a Windows Update install to help keep Windows up to date. - -The following fields are available: - -- **batteryLevel** Current battery capacity in mWh or percentage left. -- **defeec-9-0S** No content is currently available. -- **deferReason** Reason for install not completing. -- **errorCode** The error code reppresented by a hexadecimal value. -- **eventScenario** End-to-end update session ID. -- **flightID** The ID of the Windows Insider build the device is getting. -- **flightUpdate** Indicates whether the update is a Windows Insider build. -- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. -- **Ignorec-9-0SsFoec-start** No content is currently available. -- **IgnoreReasonsForRestart** The reason(s) a Postpone Restart command was ignored. -- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. -- **installRebootinitiatetime** The time it took for a reboot to be attempted. -- **interactive** Identifies if session is user initiated. -- **minutesToCommit** The time it took to install updates. -- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **updateMd** No content is currently available. -- **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.LowUptimes - -This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure. - -The following fields are available: - -- **availableHistoryMinutes** The number of minutes available from the local machine activity history. -- **isLowUptimeMachine** Is the machine considered low uptime or not. -- **lowUptimeMinHours** Current setting for the minimum number of hours needed to not be considered low uptime. -- **lowUptimeQueryDays** Current setting for the number of recent days to check for uptime. -- **uptimeMinutes** Number of minutes of uptime measured. -- **wuDeviceid** Unique device ID for Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection - -This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date. - -The following fields are available: - -- **externalOneshotupdate** The last time a task-triggered scan was completed. -- **interactiveOneshotupdate** The last time an interactive scan was completed. -- **oldlastscanOneshotupdate** The last time a scan completed successfully. -- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID). - - -### Microsoft.Windows.Update.Orchestrator.PreShutdownStart - -This event is generated before the shutdown and commit operations. - -The following fields are available: - -- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. - - -### Microsoft.Windows.Update.Orchestrator.RebootFailed - -This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date. - -The following fields are available: - -- **batteryLevel** Current battery capacity in mWh or percentage left. -- **deferReason** Reason for install not completing. -- **EventPublishedTime** The time that the reboot failure occurred. -- **flightID** Unique update ID. -- **rebootOutsideOfActiveHours** Indicates whether a reboot was scheduled outside of active hours. -- **RebootResults** Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.RefreshSettings - -This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date. - -The following fields are available: - -- **errorCode** Hex code for the error message, to allow lookup of the specific error. -- **settingsDownloadTime** Timestamp of the last attempt to acquire settings. -- **settingsETag** Version identifier for the settings. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask - -This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date. - -The following fields are available: - -- **RebootTaskMissedTimeUTC** The time when the reboot task was scheduled to run, but did not. -- **RebootTaskNextTimeUTC** The time when the reboot task was rescheduled for. -- **RebootTaskRestoredTime** Time at which this reboot task was restored. -- **wuDeviceid** Device ID for the device on which the reboot is restored. - - -### Microsoft.Windows.Update.Orchestrator.ScanTriggered - -This event indicates that Update Orchestrator has started a scan operation. - -The following fields are available: - -- **errorCode** The error code returned for the current scan operation. -- **eventScenario** Indicates the purpose of sending this event. -- **interactive** Indicates whether the scan is interactive. -- **isDTUEnabled** Indicates whether DTU (internal abbreviation for Direct Feature Update) channel is enabled on the client system. -- **isScanPastSla** Indicates whether the SLA has elapsed for scanning. -- **isScanPastTriggerSla** Indicates whether the SLA has elapsed for triggering a scan. -- **minutesOverScanSla** Indicates how many minutes the scan exceeded the scan SLA. -- **minutesOverScanTriggerSla** Indicates how many minutes the scan exceeded the scan trigger SLA. -- **scanTriggerSource** Indicates what caused the scan. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.StickUpdate - -This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update. - -The following fields are available: - -- **updateId** Identifier associated with the specific piece of content. -- **wuDeviceid** Unique device ID controlled by the software distribution client. - - -### Microsoft.Windows.Update.Orchestrator.SystemNeeded - -This event sends data about why a device is unable to reboot, to help keep Windows up to date. - -The following fields are available: - -- **eventScenario** End-to-end update session ID. -- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours. -- **revisionNumber** Update revision number. -- **systemNeededReason** List of apps or tasks that are preventing the system from restarting. -- **updateId** Update ID. -- **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours - -This event indicates that update activity was stopped due to active hours starting. - -The following fields are available: - -- **activeHoursEnd** The end of the active hours window. -- **activeHoursStart** The start of the active hours window. -- **updatePhase** The current state of the update process. -- **wuDeviceid** The device identifier. - - -### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel - -This event is sent when update activity was stopped due to a low battery level. - -The following fields are available: - -- **batteryLevel** The current battery charge capacity. -- **batteryLevelThreshold** The battery capacity threshold to stop update activity. -- **updatePhase** The current state of the update process. -- **wuDeviceid** The device identifier. - - -### Microsoft.Windows.Update.Orchestrator.UnstickUpdate - -This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update. - -The following fields are available: - -- **updateId** Identifier associated with the specific piece of content. -- **wuDeviceid** Unique device ID controlled by the software distribution client. - - -### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh - -This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date. - -The following fields are available: - -- **configuredPoliciescount** Number of policies on the device. -- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight). -- **policyCacherefreshtime** Time when policy cache was refreshed. -- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired - -This event sends data about whether an update required a reboot to help keep Windows up to date. - -The following fields are available: - -- **flightID** The specific ID of the Windows Insider build the device is getting. -- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. -- **wuDeviceid** Unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed - -This event sends information about an update that encountered problems and was not able to complete. - -The following fields are available: - -- **errorCode** The error code encountered. -- **wuDeviceid** The ID of the device in which the error occurred. - - -### Microsoft.Windows.Update.Orchestrator.UsoSession - -This event represents the state of the USO service at start and completion. - -The following fields are available: - -- **activeSessionid** A unique session GUID. -- **eventScenario** The state of the update action. -- **interactive** Is the USO session interactive? -- **lastErrorcode** The last error that was encountered. -- **lastErrorstate** The state of the update when the last error was encountered. -- **sessionType** A GUID that refers to the update session type. -- **updateScenarioType** A descriptive update session type. -- **wuDeviceid** The Windows Update device GUID. - - -### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState - -This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. - -The following fields are available: - -- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode. -- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown. -- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed. -- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs. -- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode. -- **ETag** The Entity Tag that represents the OneSettings version. -- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device. -- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device. -- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending. -- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced. -- **RebootVersion** The version of the DTE (Direct-to-Engaged). -- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode. -- **UpdateId** The ID of the update that is waiting for reboot to finish installation. -- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation. - - -### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded - -This event is sent when a security update has successfully completed. - -The following fields are available: - -- **UtcTime** The Coordinated Universal Time that the restart was no longer needed. - - -### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled - -This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date. - -The following fields are available: - -- **activeHoursApplicable** Indicates whether Active Hours applies on this device. -- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled. -- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. -- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise. -- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically. -- **rebootState** Current state of the reboot. -- **rebootUsingSmartScheduler** Indicates that the reboot is scheduled by SmartScheduler. -- **revisionNumber** Revision number of the OS. -- **scheduledRebootTime** Time scheduled for the reboot. -- **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. -- **updateId** Identifies which update is being scheduled. -- **wuDeviceid** The unique device ID used by Windows Update. - - -### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask - -This event is sent when MUSE broker schedules a task. - -The following fields are available: - -- **TaskArgument** The arguments with which the task is scheduled. -- **TaskName** Name of the task. - - -### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled - -This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up to date. - -The following fields are available: - -- **activeHoursApplicable** Is the restart respecting Active Hours? -- **IsEnhancedEngagedReboot** TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE. -- **rebootArgument** The arguments that are passed to the OS for the restarted. -- **rebootOutsideOfActiveHours** Was the restart scheduled outside of Active Hours? -- **rebootScheduledByUser** Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device. -- **rebootState** The state of the restart. -- **rebootUsingSmartScheduler** TRUE if the reboot should be performed by the Smart Scheduler. Otherwise, FALSE. -- **revisionNumber** The revision number of the OS being updated. -- **scheduledRebootTime** Time of the scheduled reboot -- **scheduledRebootTimeInUTC** Time of the scheduled restart, in Coordinated Universal Time. -- **updateId** The Windows Update device GUID. -- **wuDeviceid** The Windows Update device GUID. - - -## Windows Update mitigation events - -### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages - -This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. - -The following fields are available: - -- **ClientId** The client ID used by Windows Update. -- **FlightId** The ID of each Windows Insider build the device received. -- **InstanceId** A unique device ID that identifies each update instance. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** The number of mounted images. -- **MountedImageMatches** The number of mounted image matches. -- **MountedImagesFailed** The number of mounted images that could not be removed. -- **MountedImagesRemoved** The number of mounted images that were successfully removed. -- **MountedImagesSkipped** The number of mounted images that were not found. -- **RelatedCV** The correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Windows Update. -- **WuId** Unique ID for the Windows Update client. - - -### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints - -This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. - -The following fields are available: - -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Correlation vector value generated from the latest USO scan. -- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. -- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. -- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. -- **ReparsePointsSkipped** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. -- **WuId** Unique ID for the Windows Update client. - - -### Mitigation360Telemetry.MitigationCustom.FixupEditionId - -This event sends data specific to the FixupEditionId mitigation used for OS updates. - -The following fields are available: - -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **EditionIdUpdated** Determine whether EditionId was changed. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **ProductEditionId** Expected EditionId value based on GetProductInfo. -- **ProductType** Value returned by GetProductInfo. -- **RegistryEditionId** EditionId value in the registry. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. -- **WuId** Unique ID for the Windows Update client. - - -## Windows Update Reserve Manager events - -### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment - -This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. - -The following fields are available: - -- **FinalAdjustment** Final adjustment for the hard reserve following the addition or removal of optional content. -- **InitialAdjustment** Initial intended adjustment for the hard reserve following the addition/removal of optional content. - - -### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError - -This event is sent when the Update Reserve Manager returns an error from one of its internal functions. - -The following fields are available: - -- **FailedExpression** The failed expression that was returned. -- **FailedFile** The binary file that contained the failed function. -- **FailedFunction** The name of the function that originated the failure. -- **FailedLine** The line number of the failure. -- **ReturnCode** The return code of the function. - - -### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager - -This event returns data about the Update Reserve Manager, including whether it’s been initialized. - -The following fields are available: - -- **ClientId** The ID of the caller application. -- **Flags** The enumerated flags used to initialize the manager. -- **FlightId** The flight ID of the content the calling client is currently operating with. -- **Offline** Indicates whether or the reserve manager is called during offline operations. -- **PolicyPassed** Indicates whether the machine is able to use reserves. -- **ReturnCode** Return code of the operation. -- **Version** The version of the Update Reserve Manager. - - -### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization - -This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. - -The following fields are available: - -- **Flags** The flags that are passed to the function to prepare the Trusted Installer for reserve initialization. - - -### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment - -This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. - - - -### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment - -This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. - -The following fields are available: - -- **ChangeSize** The change in the hard reserve size based on the addition or removal of optional content. -- **Disposition** No content is currently available. -- **Flags** No content is currently available. -- **PendingHardReserveAdjustment** The final change to the hard reserve size. -- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. - - -## Winlogon events - -### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon - -This event signals the completion of the setup process. It happens only once during the first logon. - - - -## XBOX events - -### Microsoft.Xbox.XamTelemetry.AppActivationError - -This event indicates whether the system detected an activation error in the app. - -The following fields are available: - -- **ActivationUri** Activation URI (Uniform Resource Identifier) used in the attempt to activate the app. -- **AppId** The Xbox LIVE Title ID. -- **AppUserModelId** The AUMID (Application User Model ID) of the app to activate. -- **Result** The HResult error. -- **UserId** The Xbox LIVE User ID (XUID). - - -### Microsoft.Xbox.XamTelemetry.AppActivity - -This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc. - -The following fields are available: - -- **AppActionId** The ID of the application action. -- **AppCurrentVisibilityState** The ID of the current application visibility state. -- **AppId** The Xbox LIVE Title ID of the app. -- **AppPackageFullName** The full name of the application package. -- **AppPreviousVisibilityState** The ID of the previous application visibility state. -- **AppSessionId** The application session ID. -- **AppType** The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa). -- **BCACode** The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application. -- **DurationMs** The amount of time (in milliseconds) since the last application state transition. -- **IsTrialLicense** This boolean value is TRUE if the application is on a trial license. -- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc). -- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license. -- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application. -- **UserId** The XUID (Xbox User ID) of the current user. - - - +--- +description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10) +keywords: privacy, telemetry +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +audience: ITPro +author: brianlic-msft +ms.author: brianlic +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 02/15/2019 +--- + + +# Windows 10, version 1809 basic level Windows diagnostic events and fields + + **Applies to** + +- Windows 10, version 1809 + + +The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. + +The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. + +Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. + +You can learn more about Windows functional and diagnostic data through these articles: + + +- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) +- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) +- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) +- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) + + + + +## Account trace logging provider events + +### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General + +This event provides information about application properties to indicate the successful execution. + +The following fields are available: + +- **AppMode** Indicates the mode the app is being currently run around privileges. +- **ExitCode** Indicates the exit code of the app. +- **Help** Indicates if the app needs to be launched in the help mode. +- **ParseError** Indicates if there was a parse error during the execution. +- **RightsAcquired** Indicates if the right privileges were acquired for successful execution. +- **RightsWereEnabled** Indicates if the right privileges were enabled for successful execution. +- **TestMode** Indicates whether the app is being run in test mode. + + +### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount + +This event provides information about the properties of user accounts in the Administrator group. + +The following fields are available: + +- **Internal** Indicates the internal property associated with the count group. +- **LastError** The error code (if applicable) for the cause of the failure to get the count of the user account. +- **Result** The HResult error. + + +## AppLocker events + +### Microsoft.Windows.Security.AppLockerCSP.ActivityStoppedAutomatically + +Automatically closed activity for start/stop operations that aren't explicitly closed. + + + +### Microsoft.Windows.Security.AppLockerCSP.AddParams + +Parameters passed to Add function of the AppLockerCSP Node. + +The following fields are available: + +- **child** The child URI of the node to add. +- **uri** URI of the node relative to %SYSTEM32%/AppLocker. + + +### Microsoft.Windows.Security.AppLockerCSP.AddStart + +Start of "Add" Operation for the AppLockerCSP Node. + + + +### Microsoft.Windows.Security.AppLockerCSP.AddStop + +End of "Add" Operation for AppLockerCSP Node. + +The following fields are available: + +- **hr** The HRESULT returned by Add function in AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback + +Result of the 'Rollback' operation in AppLockerCSP. + +The following fields are available: + +- **oldId** Previous id for the CSP transaction. +- **txId** Current id for the CSP transaction. + + +### Microsoft.Windows.Security.AppLockerCSP.ClearParams + +Parameters passed to the "Clear" operation for AppLockerCSP. + +The following fields are available: + +- **uri** The URI relative to the %SYSTEM32%\AppLocker folder. + + +### Microsoft.Windows.Security.AppLockerCSP.ClearStart + +Start of the "Clear" operation for the AppLockerCSP Node. + + + +### Microsoft.Windows.Security.AppLockerCSP.ClearStop + +End of the "Clear" operation for the AppLockerCSP node. + +The following fields are available: + +- **hr** HRESULT reported at the end of the 'Clear' function. + + +### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart + +Start of the "ConfigManagerNotification" operation for AppLockerCSP. + +The following fields are available: + +- **NotifyState** State sent by ConfigManager to AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop + +End of the "ConfigManagerNotification" operation for AppLockerCSP. + +The following fields are available: + +- **hr** HRESULT returned by the ConfigManagerNotification function in AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams + +Parameters passed to the CreateNodeInstance function of the AppLockerCSP node. + +The following fields are available: + +- **NodeId** NodeId passed to CreateNodeInstance. +- **nodeOps** NodeOperations parameter passed to CreateNodeInstance. +- **uri** URI passed to CreateNodeInstance, relative to %SYSTEM32%\AppLocker. + + +### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart + +Start of the "CreateNodeInstance" operation for the AppLockerCSP node. + + + +### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop + +End of the "CreateNodeInstance" operation for the AppLockerCSP node + +The following fields are available: + +- **hr** HRESULT returned by the CreateNodeInstance function in AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams + +Parameters passed to the DeleteChild function of the AppLockerCSP node. + +The following fields are available: + +- **child** The child URI of the node to delete. +- **uri** URI relative to %SYSTEM32%\AppLocker. + + +### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart + +Start of the "DeleteChild" operation for the AppLockerCSP node. + + + +### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop + +End of the "DeleteChild" operation for the AppLockerCSP node. + +The following fields are available: + +- **hr** HRESULT returned by the DeleteChild function in AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies + +Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present. + +The following fields are available: + +- **uri** URI relative to %SYSTEM32%\AppLocker. + + +### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams + +Parameters passed to the GetChildNodeNames function of the AppLockerCSP node. + +The following fields are available: + +- **uri** URI relative to %SYSTEM32%/AppLocker for MDM node. + + +### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart + +Start of the "GetChildNodeNames" operation for the AppLockerCSP node. + + + +### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop + +End of the "GetChildNodeNames" operation for the AppLockerCSP node. + +The following fields are available: + +- **child[0]** If function succeeded, the first child's name, else "NA". +- **count** If function succeeded, the number of child node names returned by the function, else 0. +- **hr** HRESULT returned by the GetChildNodeNames function of AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.GetLatestId + +The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID). + +The following fields are available: + +- **dirId** The latest directory identifier found by GetLatestId. +- **id** The id returned by GetLatestId if id > 0 - otherwise the dirId parameter. + + +### Microsoft.Windows.Security.AppLockerCSP.HResultException + +HRESULT thrown by any arbitrary function in AppLockerCSP. + +The following fields are available: + +- **file** File in the OS code base in which the exception occurs. +- **function** Function in the OS code base in which the exception occurs. +- **hr** HRESULT that is reported. +- **line** Line in the file in the OS code base in which the exception occurs. + + +### Microsoft.Windows.Security.AppLockerCSP.SetValueParams + +Parameters passed to the SetValue function of the AppLockerCSP node. + +The following fields are available: + +- **dataLength** Length of the value to set. +- **uri** The node URI to that should contain the value, relative to %SYSTEM32%\AppLocker. + + +### Microsoft.Windows.Security.AppLockerCSP.SetValueStart + +Start of the "SetValue" operation for the AppLockerCSP node. + + + +### Microsoft.Windows.Security.AppLockerCSP.SetValueStop + +End of the "SetValue" operation for the AppLockerCSP node. + +The following fields are available: + +- **hr** HRESULT returned by the SetValue function in AppLockerCSP. + + +### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies + +EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed. + +The following fields are available: + +- **uri** URI for node relative to %SYSTEM32%/AppLocker. + + +## Appraiser events + +### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount + +This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. + +The following fields are available: + +- **DatasourceApplicationFile_19ASetup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_19H1** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS4Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_TH1** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_TH2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_19ASetup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS5** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_TH1** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_TH2** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_19ASetup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_19H1** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. +- **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS5** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_TH1** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_TH2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_19ASetup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_19H1** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. +- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. +- **DatasourceSystemBios_RS3Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS4Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS5** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_TH1** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_TH2** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_19H1** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_TH1** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_TH2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS5** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_TH1** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_TH2** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_19H1** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS5** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_TH1** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_TH2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. +- **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. +- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. +- **DecisionMatchingInfoBlock_RS4** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1803 present on this device. +- **DecisionMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. +- **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. +- **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. +- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. +- **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_19H1** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. +- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. +- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. +- **DecisionMediaCenter_RS4** The total DecisionMediaCenter objects targeting Windows 10 version 1803 present on this device. +- **DecisionMediaCenter_RS4Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_TH1** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_TH2** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_19ASetup** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. +- **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. +- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. +- **DecisionSystemBios_RS3Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device. +- **DecisionSystemBios_RS4Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS5** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS5Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_TH1** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. +- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **InventoryApplicationFile** The count of the number of this particular object type present on this device. +- **InventoryDeviceContainer** A count of device container objects in cache. +- **InventoryDevicePnp** A count of device Plug and Play objects in cache. +- **InventoryDriverBinary** A count of driver binary objects in cache. +- **InventoryDriverPackage** A count of device objects in cache. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryMediaCenter** The count of the number of this particular object type present on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **InventorySystemMachine** The count of the number of this particular object type present on this device. +- **InventorySystemProcessor** The count of the number of this particular object type present on this device. +- **InventoryTest** The count of the number of this particular object type present on this device. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **PCFP** The count of the number of this particular object type present on this device. +- **SystemMemory** The count of the number of this particular object type present on this device. +- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. +- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. +- **SystemProcessorSse2** The total number of objects of this type present on this device. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The total number of objects of this type present on this device. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWlan** The total number of objects of this type present on this device. +- **Wmdrm_19ASetup** The count of the number of this particular object type present on this device. +- **Wmdrm_19H1** The count of the number of this particular object type present on this device. +- **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. +- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device. +- **Wmdrm_RS4Setup** The count of the number of this particular object type present on this device. +- **Wmdrm_RS5** The count of the number of this particular object type present on this device. +- **Wmdrm_RS5Setup** The count of the number of this particular object type present on this device. +- **Wmdrm_TH1** The count of the number of this particular object type present on this device. +- **Wmdrm_TH2** The count of the number of this particular object type present on this device. + + +### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd + +Represents the basic metadata about specific application files installed on the system. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file that is generating the events. +- **AvDisplayName** If the app is an anti-virus app, this is its display name. +- **CompatModelIndex** The compatibility prediction for this file. +- **HasCitData** Indicates whether the file is present in CIT data. +- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file. +- **IsAv** Is the file an anti-virus reporting EXE? +- **ResolveAttempted** This will always be an empty string when sending telemetry. +- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. + + +### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove + +This event indicates that the DatasourceApplicationFile object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync + +This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd + +This event sends compatibility data for a Plug and Play device, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **ActiveNetworkConnection** Indicates whether the device is an active network device. +- **AppraiserVersion** The version of the appraiser file generating the events. +- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system. +- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available. +- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string +- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data. +- **IsBootCritical** Indicates whether the device boot is critical. +- **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device. +- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. +- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update. + + +### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove + +This event indicates that the DatasourceDevicePnp object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync + +This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd + +This event sends compatibility database data about driver packages to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync + +This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd + +This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove + +This event indicates that the DataSourceMatchingInfoBlock object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync + +This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd + +This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove + +This event indicates that the DataSourceMatchingInfoPassive object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync + +This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd + +This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove + +This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync + +This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd + +This event sends compatibility database information about the BIOS to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove + +This event indicates that the DatasourceSystemBios object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync + +This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd + +This event sends compatibility decision data about a file to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file that is generating the events. +- **BlockAlreadyInbox** The uplevel runtime block on the file already existed on the current OS. +- **BlockingApplication** Indicates whether there are any application issues that interfere with the upgrade due to the file in question. +- **DisplayGenericMessage** Will be a generic message be shown for this file? +- **DisplayGenericMessageGated** Indicates whether a generic message be shown for this file. +- **HardBlock** This file is blocked in the SDB. +- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB? +- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode? +- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade? +- **NeedsDismissAction** Will the file cause an action that can be dimissed? +- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app. +- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade? +- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app. +- **NeedsUninstallAction** The file must be uninstalled to complete the upgrade. +- **SdbBlockUpgrade** The file is tagged as blocking upgrade in the SDB, +- **SdbBlockUpgradeCanReinstall** The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade. +- **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed. +- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade. +- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade. +- **SoftBlock** The file is softblocked in the SDB and has a warning. + + +### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove + +This event indicates Indicates that the DecisionApplicationFile object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync + +This event indicates that a new set of DecisionApplicationFileAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd + +This event sends compatibility decision data about a PNP device to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. +- **AssociatedDriverIsBlocked** Is the driver associated with this PNP device blocked? +- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate? +- **BlockAssociatedDriver** Should the driver associated with this PNP device be blocked? +- **BlockingDevice** Is this PNP device blocking upgrade? +- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and does not have a driver included with the OS? +- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork** Is this PNP device the only active network device? +- **DisplayGenericMessage** Will a generic message be shown during Setup for this PNP device? +- **DisplayGenericMessageGated** Indicates whether a generic message will be shown during Setup for this PNP device. +- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? +- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? +- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? +- **DriverBlockOverridden** Is there is a driver block on the device that has been overridden? +- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? +- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? +- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? +- **SdbDriverBlockOverridden** Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden? + + +### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove + +This event indicates that the DecisionDevicePnp object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync + +The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd + +This event sends decision data about driver package compatibility to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. +- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for this driver package. +- **DriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? +- **DriverIsDeviceBlocked** Was the driver package was blocked because of a device block? +- **DriverIsDriverBlocked** Is the driver package blocked because of a driver block? +- **DriverIsTroubleshooterBlocked** Indicates whether the driver package is blocked because of a troubleshooter block. +- **DriverShouldNotMigrate** Should the driver package be migrated during upgrade? +- **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? + + +### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove + +This event indicates that the DecisionDriverPackage object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync + +This event indicates that a new set of DecisionDriverPackageAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd + +This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. +- **BlockingApplication** Are there are any application issues that interfere with upgrade due to matching info blocks? +- **DisplayGenericMessage** Will a generic message be shown for this block? +- **NeedsUninstallAction** Does the user need to take an action in setup due to a matching info block? +- **SdbBlockUpgrade** Is a matching info block blocking upgrade? +- **SdbBlockUpgradeCanReinstall** Is a matching info block blocking upgrade, but has the can reinstall tag? +- **SdbBlockUpgradeUntilUpdate** Is a matching info block blocking upgrade but has the until update tag? + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockRemove + +This event indicates that the DecisionMatchingInfoBlock object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync + +This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd + +This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks? +- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks. +- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade? + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveRemove + +This event Indicates that the DecisionMatchingInfoPassive object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync + +This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd + +This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app? +- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade? +- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app? +- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade). + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeRemove + +This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync + +This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd + +This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **BlockingApplication** Is there any application issues that interfere with upgrade due to Windows Media Center? +- **MediaCenterActivelyUsed** If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true? +- **MediaCenterIndicators** Do any indicators imply that Windows Media Center is in active use? +- **MediaCenterInUse** Is Windows Media Center actively being used? +- **MediaCenterPaidOrActivelyUsed** Is Windows Media Center actively being used or is it running on a supported edition? +- **NeedsDismissAction** Are there any actions that can be dismissed coming from Windows Media Center? + + +### Microsoft.Windows.Appraiser.General.DecisionMediaCenterRemove + +This event indicates that the DecisionMediaCenter object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync + +This event indicates that a new set of DecisionMediaCenterAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd + +This event sends compatibility decision data about the BIOS to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **Blocking** Is the device blocked from upgrade due to a BIOS block? +- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for the bios. +- **HasBiosBlock** Does the device have a BIOS block? + + +### Microsoft.Windows.Appraiser.General.DecisionSystemBiosRemove + +This event indicates that the DecisionSystemBios object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync + +This event indicates that a new set of DecisionSystemBiosAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.GatedRegChange + +This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date. + +The following fields are available: + +- **NewData** The data in the registry value after the scan completed. +- **OldData** The previous data in the registry value before the scan ran. +- **PCFP** An ID for the system calculated by hashing hardware identifiers. +- **RegKey** The registry key name for which a result is being sent. +- **RegValue** The registry value for which a result is being sent. +- **Time** The client time of the event. + + +### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd + +This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **AvDisplayName** If the app is an antivirus app, this is its display name. +- **AvProductState** Indicates whether the antivirus program is turned on and the signatures are up to date. +- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64. +- **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets. +- **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets. +- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata. +- **CompanyName** The company name of the vendor who developed this file. +- **FileId** A hash that uniquely identifies a file. +- **FileVersion** The File version field from the file metadata under Properties -> Details. +- **HasUpgradeExe** Indicates whether the antivirus app has an upgrade.exe file. +- **IsAv** Indicates whether the file an antivirus reporting EXE. +- **LinkDate** The date and time that this file was linked on. +- **LowerCaseLongPath** The full file path to the file that was inventoried on the device. +- **Name** The name of the file that was inventoried. +- **ProductName** The Product name field from the file metadata under Properties -> Details. +- **ProductVersion** The Product version field from the file metadata under Properties -> Details. +- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it. +- **Size** The size of the file (in hexadecimal bytes). + + +### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove + +This event indicates that the InventoryApplicationFile object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync + +This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd + +This event sends data about the number of language packs installed on the system, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **HasLanguagePack** Indicates whether this device has 2 or more language packs. +- **LanguagePackCount** The number of language packs are installed. + + +### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove + +This event indicates that the InventoryLanguagePack object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync + +This event indicates that a new set of InventoryLanguagePackAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd + +This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **EverLaunched** Has Windows Media Center ever been launched? +- **HasConfiguredTv** Has the user configured a TV tuner through Windows Media Center? +- **HasExtendedUserAccounts** Are any Windows Media Center Extender user accounts configured? +- **HasWatchedFolders** Are any folders configured for Windows Media Center to watch? +- **IsDefaultLauncher** Is Windows Media Center the default app for opening music or video files? +- **IsPaid** Is the user running a Windows Media Center edition that implies they paid for Windows Media Center? +- **IsSupported** Does the running OS support Windows Media Center? + + +### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove + +This event indicates that the InventoryMediaCenter object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync + +This event indicates that a new set of InventoryMediaCenterAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd + +This event sends basic metadata about the BIOS to determine whether it has a compatibility block. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **biosDate** The release date of the BIOS in UTC format. +- **BiosDate** The release date of the BIOS in UTC format. +- **biosName** The name field from Win32_BIOS. +- **BiosName** The name field from Win32_BIOS. +- **manufacturer** The manufacturer field from Win32_ComputerSystem. +- **Manufacturer** The manufacturer field from Win32_ComputerSystem. +- **model** The model field from Win32_ComputerSystem. +- **Model** The model field from Win32_ComputerSystem. + + +### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove + +This event indicates that the InventorySystemBios object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync + +This event indicates that a new set of InventorySystemBiosAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd + +This event is only runs during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. Is critical to understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **BootCritical** Is the driver package marked as boot critical? +- **Build** The build value from the driver package. +- **CatalogFile** The name of the catalog file within the driver package. +- **Class** The device class from the driver package. +- **ClassGuid** The device class unique ID from the driver package. +- **Date** The date from the driver package. +- **Inbox** Is the driver package of a driver that is included with Windows? +- **OriginalName** The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU. +- **Provider** The provider of the driver package. +- **PublishedName** The name of the INF file after it was renamed. +- **Revision** The revision of the driver package. +- **SignatureStatus** Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2. +- **VersionMajor** The major version of the driver package. +- **VersionMinor** The minor version of the driver package. + + +### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove + +This event indicates that the InventoryUplevelDriverPackage object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync + +This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.RunContext + +This event indicates what should be expected in the data payload. + +The following fields are available: + +- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. +- **AppraiserProcess** The name of the process that launched Appraiser. +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **CensusId** A unique hardware identifier. +- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. +- **PCFP** An ID for the system calculated by hashing hardware identifiers. +- **Subcontext** Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan. +- **Time** The client time of the event. + + +### Microsoft.Windows.Appraiser.General.SystemMemoryAdd + +This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **Blocking** Is the device from upgrade due to memory restrictions? +- **MemoryRequirementViolated** Was a memory requirement violated? +- **pageFile** The current committed memory limit for the system or the current process, whichever is smaller (in bytes). +- **ram** The amount of memory on the device. +- **ramKB** The amount of memory (in KB). +- **virtual** The size of the user-mode portion of the virtual address space of the calling process (in bytes). +- **virtualKB** The amount of virtual memory (in KB). + + +### Microsoft.Windows.Appraiser.General.SystemMemoryRemove + +This event that the SystemMemory object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync + +This event indicates that a new set of SystemMemoryAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd + +This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **Blocking** Is the upgrade blocked due to the processor? +- **CompareExchange128Support** Does the CPU support CompareExchange128? + + +### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove + +This event indicates that the SystemProcessorCompareExchange object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync + +This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd + +This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file generating the events. +- **Blocking** Is the upgrade blocked due to the processor? +- **LahfSahfSupport** Does the CPU support LAHF/SAHF? + + +### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove + +This event indicates that the SystemProcessorLahfSahf object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync + +This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd + +This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **Blocking** Is the upgrade blocked due to the processor? +- **NXDriverResult** The result of the driver used to do a non-deterministic check for NX support. +- **NXProcessorSupport** Does the processor support NX? + + +### Microsoft.Windows.Appraiser.General.SystemProcessorNxRemove + +This event indicates that the SystemProcessorNx object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync + +This event indicates that a new set of SystemProcessorNxAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd + +This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **Blocking** Is the upgrade blocked due to the processor? +- **PrefetchWSupport** Does the processor support PrefetchW? + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWRemove + +This event indicates that the SystemProcessorPrefetchW object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync + +This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add + +This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **Blocking** Is the upgrade blocked due to the processor? +- **SSE2ProcessorSupport** Does the processor support SSE2? + + +### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Remove + +This event indicates that the SystemProcessorSse2 object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync + +This event indicates that a new set of SystemProcessorSse2Add events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemTouchAdd + +This event sends data indicating whether the system supports touch, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **IntegratedTouchDigitizerPresent** Is there an integrated touch digitizer? +- **MaximumTouches** The maximum number of touch points supported by the device hardware. + + +### Microsoft.Windows.Appraiser.General.SystemTouchRemove + +This event indicates that the SystemTouch object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemTouchStartSync + +This event indicates that a new set of SystemTouchAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemWimAdd + +This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **IsWimBoot** Is the current operating system running from a compressed WIM file? +- **RegistryWimBootValue** The raw value from the registry that is used to indicate if the device is running from a WIM. + + +### Microsoft.Windows.Appraiser.General.SystemWimRemove + +This event indicates that the SystemWim object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemWimStartSync + +This event indicates that a new set of SystemWimAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd + +This event sends data indicating whether the current operating system is activated, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **WindowsIsLicensedApiValue** The result from the API that's used to indicate if operating system is activated. +- **WindowsNotActivatedDecision** Is the current operating system activated? + + +### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove + +This event indicates that the SystemWindowsActivationStatus object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync + +This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemWlanAdd + +This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **Blocking** Is the upgrade blocked because of an emulated WLAN driver? +- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block? +- **WlanEmulatedDriver** Does the device have an emulated WLAN driver? +- **WlanExists** Does the device support WLAN at all? +- **WlanModulePresent** Are any WLAN modules present? +- **WlanNativeDriver** Does the device have a non-emulated WLAN driver? + + +### Microsoft.Windows.Appraiser.General.SystemWlanRemove + +This event indicates that the SystemWlan object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.SystemWlanStartSync + +This event indicates that a new set of SystemWlanAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.TelemetryRunHealth + +This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date. + +The following fields are available: + +- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. +- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. +- **AppraiserProcess** The name of the process that launched Appraiser. +- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. +- **AuxFinal** Obsolete, always set to false. +- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. +- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. +- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. +- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. +- **InboxDataVersion** The original version of the data files before retrieving any newer version. +- **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated. +- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent. +- **PCFP** An ID for the system calculated by hashing hardware identifiers. +- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. +- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. +- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. +- **RunDate** The date that the telemetry run was stated, expressed as a filetime. +- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. +- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. +- **RunResult** The hresult of the Appraiser telemetry run. +- **ScheduledUploadDay** The day scheduled for the upload. +- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. +- **StoreHandleIsNotNull** Obsolete, always set to false +- **TelementrySent** Indicates if telemetry was successfully sent. +- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. +- **Time** The client time of the event. +- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. +- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. + + +### Microsoft.Windows.Appraiser.General.WmdrmAdd + +This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **BlockingApplication** Same as NeedsDismissAction. +- **NeedsDismissAction** Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation. +- **WmdrmApiResult** Raw value of the API used to gather DRM state. +- **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs. +- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased. +- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed. +- **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses. +- **WmdrmPurchased** Indicates if the system has any files with permanent licenses. + + +### Microsoft.Windows.Appraiser.General.WmdrmRemove + +This event indicates that the Wmdrm object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.WmdrmStartSync + +This event indicates that a new set of WmdrmAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +## Census events + +### Census.App + +Provides information on IE and Census versions running on the device + +The following fields are available: + +- **AppraiserEnterpriseErrorCode** The error code of the last Appraiser enterprise run. +- **AppraiserErrorCode** The error code of the last Appraiser run. +- **AppraiserRunEndTimeStamp** The end time of the last Appraiser run. +- **AppraiserRunIsInProgressOrCrashed** Flag that indicates if the Appraiser run is in progress or has crashed. +- **AppraiserRunStartTimeStamp** The start time of the last Appraiser run. +- **AppraiserTaskEnabled** Whether the Appraiser task is enabled. +- **AppraiserTaskExitCode** The Appraiser task exist code. +- **AppraiserTaskLastRun** The last runtime for the Appraiser task. +- **CensusVersion** The version of Census that generated the current data for this device. +- **IEVersion** The version of Internet Explorer that is running on the device. + + +### Census.Battery + +This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date. + +The following fields are available: + +- **InternalBatteryCapablities** Represents information about what the battery is capable of doing. +- **InternalBatteryCapacityCurrent** Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity  to estimate the battery's wear. +- **InternalBatteryCapacityDesign** Represents the theoretical capacity of the battery when new, in mWh. +- **InternalBatteryNumberOfCharges** Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance. +- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value. + + +### Census.Camera + +This event sends data about the resolution of cameras on the device, to help keep Windows up to date. + +The following fields are available: + +- **FrontFacingCameraResolution** Represents the resolution of the front facing camera in megapixels. If a front facing camera does not exist, then the value is 0. +- **RearFacingCameraResolution** Represents the resolution of the rear facing camera in megapixels. If a rear facing camera does not exist, then the value is 0. + + +### Census.Enterprise + +This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment. + +The following fields are available: + +- **AADDeviceId** Azure Active Directory device ID. +- **AzureOSIDPresent** Represents the field used to identify an Azure machine. +- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. +- **CDJType** Represents the type of cloud domain joined for the machine. +- **CommercialId** Represents the GUID for the commercial entity which the device is a member of.  Will be used to reflect insights back to customers. +- **ContainerType** The type of container, such as process or virtual machine hosted. +- **EnrollmentType** Defines the type of MDM enrollment on the device. +- **HashedDomain** The hashed representation of the user domain used for login. +- **IsCloudDomainJoined** Is this device joined to an Azure Active Directory (AAD) tenant? true/false +- **IsDERequirementMet** Represents if the device can do device encryption. +- **IsDeviceProtected** Represents if Device protected by BitLocker/Device Encryption +- **IsDomainJoined** Indicates whether a machine is joined to a domain. +- **IsEDPEnabled** Represents if Enterprise data protected on the device. +- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. +- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID +- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. +- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. +- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier + + +### Census.Firmware + +This event sends data about the BIOS and startup embedded in the device, to help keep Windows up to date. + +The following fields are available: + +- **FirmwareManufacturer** Represents the manufacturer of the device's firmware (BIOS). +- **FirmwareReleaseDate** Represents the date the current firmware was released. +- **FirmwareType** Represents the firmware type. The various types can be unknown, BIOS, UEFI. +- **FirmwareVersion** Represents the version of the current firmware. + + +### Census.Flighting + +This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up to date. + +The following fields are available: + +- **DeviceSampleRate** The telemetry sample rate assigned to the device. +- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. +- **FlightIds** A list of the different Windows Insider builds on this device. +- **FlightingBranchName** The name of the Windows Insider branch currently used by the device. +- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program. +- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device. +- **SSRK** Retrieves the mobile targeting settings. + + +### Census.Hardware + +This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up to date. + +The following fields are available: + +- **ActiveMicCount** The number of active microphones attached to the device. +- **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36. +- **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields. +- **D3DMaxFeatureLevel** Supported Direct3D version. +- **DeviceColor** Indicates a color of the device. +- **DeviceForm** Indicates the form as per the device classification. +- **DeviceName** The device name that is set by the user. +- **DigitizerSupport** Is a digitizer supported? +- **DUID** The device unique ID. +- **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation). +- **InventoryId** The device ID used for compatibility testing. +- **Magnetometer** Indicates whether the device has a magnetometer (a mechanical component that works like a compass). +- **NFCProximity** Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.) +- **OEMDigitalMarkerFileName** The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device. +- **OEMManufacturerName** The device manufacturer name. The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date. +- **OEMModelBaseBoard** The baseboard model used by the OEM. +- **OEMModelBaseBoardVersion** Differentiates between developer and retail devices. +- **OEMModelName** The device model name. +- **OEMModelNumber** The device model number. +- **OEMModelSKU** The device edition that is defined by the manufacturer. +- **OEMModelSystemFamily** The system family set on the device by an OEM. +- **OEMModelSystemVersion** The system model version set on the device by the OEM. +- **OEMOptionalIdentifier** A Microsoft assigned value that represents a specific OEM subsidiary. +- **OEMSerialNumber** The serial number of the device that is set by the manufacturer. +- **PhoneManufacturer** The friendly name of the phone manufacturer. +- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device. +- **SoCName** The firmware manufacturer of the device. +- **StudyID** Used to identify retail and non-retail device. +- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced. +- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions. +- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. +- **TPMManufacturerId** The ID of the TPM manufacturer. +- **TPMManufacturerVersion** The version of the TPM manufacturer. +- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. +- **VoiceSupported** Does the device have a cellular radio capable of making voice calls? + + +### Census.Memory + +This event sends data about the memory on the device, including ROM and RAM, to help keep Windows up to date. + +The following fields are available: + +- **TotalPhysicalRAM** Represents the physical memory (in MB). +- **TotalVisibleMemory** Represents the memory that is not reserved by the system. + + +### Census.Network + +This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors), to help keep Windows up to date. + +The following fields are available: + +- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage. +- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage. +- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. +- **MCC1** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. +- **MEID** Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. +- **MNC0** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. +- **MNC1** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage. +- **MobileOperatorBilling** Represents the telephone company that provides services for mobile phone users. +- **MobileOperatorCommercialized** Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US. +- **MobileOperatorNetwork0** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage. +- **MobileOperatorNetwork1** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage. +- **NetworkAdapterGUID** The GUID of the primary network adapter. +- **NetworkCost** Represents the network cost associated with a connection. +- **SPN0** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage. +- **SPN1** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage. + + +### Census.OS + +This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device, to help keep Windows up to date. + +The following fields are available: + +- **ActivationChannel** Retrieves the retail license key or Volume license key for a machine. +- **AssignedAccessStatus** Kiosk configuration mode. +- **CompactOS** Indicates if the Compact OS feature from Win10 is enabled. +- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy. +- **DeviceTimeZone** The time zone that is set on the device. Example: Pacific Standard Time +- **GenuineState** Retrieves the ID Value specifying the OS Genuine check. +- **InstallationType** Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update). +- **InstallLanguage** The first language installed on the user machine. +- **IsDeviceRetailDemo** Retrieves if the device is running in demo mode. +- **IsEduData** Returns Boolean if the education data policy is enabled. +- **IsPortableOperatingSystem** Retrieves whether OS is running Windows-To-Go +- **IsSecureBootEnabled** Retrieves whether Boot chain is signed under UEFI. +- **LanguagePacks** The list of language packages installed on the device. +- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store. +- **OA3xOriginalProductKey** Retrieves the License key stamped by the OEM to the machine. +- **OSEdition** Retrieves the version of the current OS. +- **OSInstallType** Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc +- **OSOOBEDateTime** Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC). +- **OSSKU** Retrieves the Friendly Name of OS Edition. +- **OSSubscriptionStatus** Represents the existing status for enterprise subscription feature for PRO machines. +- **OSSubscriptionTypeId** Returns boolean for enterprise subscription feature for selected PRO machines. +- **OSTimeZoneBiasInMins** Retrieves the time zone set on machine. +- **OSUILocale** Retrieves the locale of the UI that is currently used by the OS. +- **ProductActivationResult** Returns Boolean if the OS Activation was successful. +- **ProductActivationTime** Returns the OS Activation time for tracking piracy issues. +- **ProductKeyID2** Retrieves the License key if the machine is updated with a new license key. +- **RACw7Id** Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability. +- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy. +- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy. +- **ServiceProductKeyID** Retrieves the License key of the KMS +- **SharedPCMode** Returns Boolean for education devices used as shared cart +- **Signature** Retrieves if it is a signature machine sold by Microsoft store. +- **SLICStatus** Whether a SLIC table exists on the device. +- **SLICVersion** Returns OS type/version from SLIC table. + + +### Census.PrivacySettings + +This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. + +The following fields are available: + +- **Activity** Current state of the activity history setting. +- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. +- **ActivityHistoryCollection** Current state of the activity history collection setting. +- **AdvertisingId** Current state of the advertising ID setting. +- **AppDiagnostics** Current state of the app diagnostics setting. +- **Appointments** Current state of the calendar setting. +- **Bluetooth** Current state of the Bluetooth capability setting. +- **BluetoothSync** Current state of the Bluetooth sync capability setting. +- **BroadFileSystemAccess** Current state of the broad file system access setting. +- **CellularData** Current state of the cellular data capability setting. +- **Chat** Current state of the chat setting. +- **Contacts** Current state of the contacts setting. +- **DocumentsLibrary** Current state of the documents library setting. +- **Email** Current state of the email setting. +- **FindMyDevice** Current state of the "find my device" setting. +- **GazeInput** Current state of the gaze input setting. +- **HumanInterfaceDevice** Current state of the human interface device setting. +- **InkTypeImprovement** Current state of the improve inking and typing setting. +- **Location** Current state of the location setting. +- **LocationHistory** Current state of the location history setting. +- **LocationHistoryCloudSync** Current state of the location history cloud sync setting. +- **LocationHistoryOnTimeline** Current state of the location history on timeline setting. +- **Microphone** Current state of the microphone setting. +- **PhoneCall** Current state of the phone call setting. +- **PhoneCallHistory** Current state of the call history setting. +- **PicturesLibrary** Current state of the pictures library setting. +- **Radios** Current state of the radios setting. +- **SensorsCustom** Current state of the custom sensor setting. +- **SerialCommunication** Current state of the serial communication setting. +- **Sms** Current state of the text messaging setting. +- **SpeechPersonalization** Current state of the speech services setting. +- **USB** Current state of the USB setting. +- **UserAccountInformation** Current state of the account information setting. +- **UserDataTasks** Current state of the tasks setting. +- **UserNotificationListener** Current state of the notifications setting. +- **VideosLibrary** Current state of the videos library setting. +- **Webcam** Current state of the camera setting. +- **WiFiDirect** Current state of the Wi-Fi direct setting. + + +### Census.Processor + +Provides information on several important data points about Processor settings + +The following fields are available: + +- **KvaShadow** This is the micro code information of the processor. +- **MMSettingOverride** Microcode setting of the processor. +- **MMSettingOverrideMask** Microcode setting override of the processor. +- **PreviousUpdateRevision** Previous microcode revision +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. +- **ProcessorClockSpeed** Clock speed of the processor in MHz. +- **ProcessorCores** Number of logical cores in the processor. +- **ProcessorIdentifier** Processor Identifier of a manufacturer. +- **ProcessorManufacturer** Name of the processor manufacturer. +- **ProcessorModel** Name of the processor model. +- **ProcessorPhysicalCores** Number of physical cores in the processor. +- **ProcessorUpdateRevision** The microcode revision. +- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status +- **SocketCount** Count of CPU sockets. +- **SpeculationControl** Indicates whether the system has enabled protections needed to validate the speculation control vulnerability. + + +### Census.Security + +This event provides information on about security settings used to help keep Windows up to date and secure. + +The following fields are available: + +- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard. +- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. +- **DGState** This field summarizes the Device Guard state. +- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. +- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. +- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. +- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. +- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. +- **SModeState** The Windows S mode trail state. +- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. + + +### Census.Speech + +This event is used to gather basic speech settings on the device. + +The following fields are available: + +- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked. +- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities. +- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user. +- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices. +- **KeyVer** Version information for the census speech event. +- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS). +- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities. +- **RemotelyManaged** Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities. +- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice. +- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device. +- **SpeechServicesValueSource** Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference. + + +### Census.Storage + +This event sends data about the total capacity of the system volume and primary disk, to help keep Windows up to date. + +The following fields are available: + +- **PrimaryDiskTotalCapacity** Retrieves the amount of disk space on the primary disk of the device in MB. +- **PrimaryDiskType** Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any). +- **StorageReservePassedPolicy** Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device. +- **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB. + + +### Census.Userdefault + +This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date. + +The following fields are available: + +- **CalendarType** The calendar identifiers that are used to specify different calendars. +- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf. +- **DefaultBrowserProgId** The ProgramId of the current user's default browser. +- **LongDateFormat** The long date format the user has selected. +- **ShortDateFormat** The short date format the user has selected. + + +### Census.UserDisplay + +This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system, to help keep Windows up to date. + +The following fields are available: + +- **InternalPrimaryDisplayLogicalDPIX** Retrieves the logical DPI in the x-direction of the internal display. +- **InternalPrimaryDisplayLogicalDPIY** Retrieves the logical DPI in the y-direction of the internal display. +- **InternalPrimaryDisplayPhysicalDPIX** Retrieves the physical DPI in the x-direction of the internal display. +- **InternalPrimaryDisplayPhysicalDPIY** Retrieves the physical DPI in the y-direction of the internal display. +- **InternalPrimaryDisplayResolutionHorizontal** Retrieves the number of pixels in the horizontal direction of the internal display. +- **InternalPrimaryDisplayResolutionVertical** Retrieves the number of pixels in the vertical direction of the internal display. +- **InternalPrimaryDisplaySizePhysicalH** Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches . +- **InternalPrimaryDisplaySizePhysicalY** Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches +- **NumberofExternalDisplays** Retrieves the number of external displays connected to the machine +- **NumberofInternalDisplays** Retrieves the number of internal displays in a machine. +- **VRAMDedicated** Retrieves the video RAM in MB. +- **VRAMDedicatedSystem** Retrieves the amount of memory on the dedicated video card. +- **VRAMSharedSystem** Retrieves the amount of RAM memory that the video card can use. + + +### Census.UserNLS + +This event sends data about the default app language, input, and display language preferences set by the user, to help keep Windows up to date. + +The following fields are available: + +- **DefaultAppLanguage** The current user Default App Language. +- **DisplayLanguage** The current user preferred Windows Display Language. +- **HomeLocation** The current user location, which is populated using GetUserGeoId() function. +- **KeyboardInputLanguages** The Keyboard input languages installed on the device. +- **SpeechInputLanguages** The Speech Input languages installed on the device. + + +### Census.UserPrivacySettings + +This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. + +The following fields are available: + +- **Activity** Current state of the activity history setting. +- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. +- **ActivityHistoryCollection** Current state of the activity history collection setting. +- **AdvertisingId** Current state of the advertising ID setting. +- **AppDiagnostics** Current state of the app diagnostics setting. +- **Appointments** Current state of the calendar setting. +- **Bluetooth** Current state of the Bluetooth capability setting. +- **BluetoothSync** Current state of the Bluetooth sync capability setting. +- **BroadFileSystemAccess** Current state of the broad file system access setting. +- **CellularData** Current state of the cellular data capability setting. +- **Chat** Current state of the chat setting. +- **Contacts** Current state of the contacts setting. +- **DocumentsLibrary** Current state of the documents library setting. +- **Email** Current state of the email setting. +- **GazeInput** Current state of the gaze input setting. +- **HumanInterfaceDevice** Current state of the human interface device setting. +- **InkTypeImprovement** Current state of the improve inking and typing setting. +- **InkTypePersonalization** Current state of the inking and typing personalization setting. +- **Location** Current state of the location setting. +- **LocationHistory** Current state of the location history setting. +- **LocationHistoryCloudSync** Current state of the location history cloud synchronization setting. +- **LocationHistoryOnTimeline** Current state of the location history on timeline setting. +- **Microphone** Current state of the microphone setting. +- **PhoneCall** Current state of the phone call setting. +- **PhoneCallHistory** Current state of the call history setting. +- **PicturesLibrary** Current state of the pictures library setting. +- **Radios** Current state of the radios setting. +- **SensorsCustom** Current state of the custom sensor setting. +- **SerialCommunication** Current state of the serial communication setting. +- **Sms** Current state of the text messaging setting. +- **SpeechPersonalization** Current state of the speech services setting. +- **USB** Current state of the USB setting. +- **UserAccountInformation** Current state of the account information setting. +- **UserDataTasks** Current state of the tasks setting. +- **UserNotificationListener** Current state of the notifications setting. +- **VideosLibrary** Current state of the videos library setting. +- **Webcam** Current state of the camera setting. +- **WiFiDirect** Current state of the Wi-Fi direct setting. + + +### Census.VM + +This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date. + +The following fields are available: + +- **CloudService** Indicates which cloud service, if any, that this virtual machine is running within. +- **HyperVisor** Retrieves whether the current OS is running on top of a Hypervisor. +- **IOMMUPresent** Represents if an input/output memory management unit (IOMMU) is present. +- **IsVDI** Is the device using Virtual Desktop Infrastructure? +- **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors. +- **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware. +- **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware. + + +### Census.WU + +This event sends data about the Windows update server and other App store policies, to help keep Windows up to date. + +The following fields are available: + +- **AppraiserGatedStatus** Indicates whether a device has been gated for upgrading. +- **AppStoreAutoUpdate** Retrieves the Appstore settings for auto upgrade. (Enable/Disabled). +- **AppStoreAutoUpdateMDM** Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured +- **AppStoreAutoUpdatePolicy** Retrieves the Microsoft Store App Auto Update group policy setting +- **DelayUpgrade** Retrieves the Windows upgrade flag for delaying upgrades. +- **OSAssessmentFeatureOutOfDate** How many days has it been since a the last feature update was released but the device did not install it? +- **OSAssessmentForFeatureUpdate** Is the device is on the latest feature update? +- **OSAssessmentForQualityUpdate** Is the device on the latest quality update? +- **OSAssessmentForSecurityUpdate** Is the device on the latest security update? +- **OSAssessmentQualityOutOfDate** How many days has it been since a the last quality update was released but the device did not install it? +- **OSAssessmentReleaseInfoTime** The freshness of release information used to perform an assessment. +- **OSRollbackCount** The number of times feature updates have rolled back on the device. +- **OSRolledBack** A flag that represents when a feature update has rolled back during setup. +- **OSUninstalled** A flag that represents when a feature update is uninstalled on a device . +- **OSWUAutoUpdateOptions** Retrieves the auto update settings on the device. +- **OSWUAutoUpdateOptionsSource** The source of auto update setting that appears in the OSWUAutoUpdateOptions field. For example: Group Policy (GP), Mobile Device Management (MDM), and Default. +- **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently. +- **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). +- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. +- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. +- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. +- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. +- **WUPauseState** Retrieves WU setting to determine if updates are paused. +- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). + + +### Census.Xbox + +This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date. + +The following fields are available: + +- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console. +- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console. +- **XboxLiveDeviceId** Retrieves the unique device ID of the console. +- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft. + + +## Common data extensions + +### Common Data Extensions.app + +Describes the properties of the running application. This extension could be populated by a client app or a web app. + +The following fields are available: + +- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. +- **env** The environment from which the event was logged. +- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. +- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. +- **locale** The locale of the app. +- **name** The name of the app. +- **userId** The userID as known by the application. +- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. + + +### Common Data Extensions.container + +Describes the properties of the container for events logged within a container. + +The following fields are available: + +- **epoch** An ID that's incremented for each SDK initialization. +- **localId** The device ID as known by the client. +- **osVer** The operating system version. +- **seq** An ID that's incremented for each event. +- **type** The container type. Examples: Process or VMHost + + +### Common Data Extensions.cs + +Describes properties related to the schema of the event. + +The following fields are available: + +- **sig** A common schema signature that identifies new and modified event schemas. + + +### Common Data Extensions.device + +Describes the device-related fields. + +The following fields are available: + +- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. +- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId +- **make** Device manufacturer. +- **model** Device model. + + +### Common Data Extensions.Envelope + +Represents an envelope that contains all of the common data extensions. + +The following fields are available: + +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. +- **data** Represents the optional unique diagnostic data for a particular event schema. +- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). +- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). +- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). +- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). +- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts). +- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). +- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). +- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). +- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). +- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **iKey** Represents an ID for applications or other logical groupings of events. +- **name** Represents the uniquely qualified name for the event. +- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. +- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.os + +Describes some properties of the operating system. + +The following fields are available: + +- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. +- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. +- **locale** Represents the locale of the operating system. +- **name** Represents the operating system name. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.receipts + +Represents various time information as provided by the client and helps for debugging purposes. + +The following fields are available: + +- **originalTime** The original event time. +- **uploadTime** The time the event was uploaded. + + +### Common Data Extensions.sdk + +Used by platform specific libraries to record fields that are required for a specific SDK. + +The following fields are available: + +- **epoch** An ID that is incremented for each SDK initialization. +- **installId** An ID that's created during the initialization of the SDK for the first time. +- **libVer** The SDK version. +- **seq** An ID that is incremented for each event. + + +### Common Data Extensions.user + +Describes the fields related to a user. + +The following fields are available: + +- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. +- **locale** The language and region. +- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. + + +### Common Data Extensions.utc + +Describes the properties that could be populated by a logging library on Windows. + +The following fields are available: + +- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. +- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number +- **cat** Represents a bitmask of the ETW Keywords associated with the event. +- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. +- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **flags** Represents the bitmap that captures various Windows specific flags. +- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence +- **op** Represents the ETW Op Code. +- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. + + +### Common Data Extensions.xbl + +Describes the fields that are related to XBOX Live. + +The following fields are available: + +- **claims** Any additional claims whose short claim name hasn't been added to this structure. +- **did** XBOX device ID +- **dty** XBOX device type +- **dvr** The version of the operating system on the device. +- **eid** A unique ID that represents the developer entity. +- **exp** Expiration time +- **ip** The IP address of the client device. +- **nbf** Not before time +- **pid** A comma separated list of PUIDs listed as base10 numbers. +- **sbx** XBOX sandbox identifier +- **sid** The service instance ID. +- **sty** The service type. +- **tid** The XBOX Live title ID. +- **tvr** The XBOX Live title version. +- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. +- **xid** A list of base10-encoded XBOX User IDs. + + +## Common data fields + +### Ms.Device.DeviceInventoryChange + +Describes the installation state for all hardware and software components available on a particular device. + +The following fields are available: + +- **action** The change that was invoked on a device inventory object. +- **inventoryId** Device ID used for Compatibility testing +- **objectInstanceId** Object identity which is unique within the device scope. +- **objectType** Indicates the object type that the event applies to. +- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. + + +## Compatibility events + +### Microsoft.Windows.Compatibility.Apphelp.SdbFix + +Product instrumentation for helping debug/troubleshoot issues with inbox compatibility components. + +The following fields are available: + +- **AppName** Name of the application impacted by SDB. +- **FixID** SDB GUID. +- **Flags** List of flags applied. +- **ImageName** Name of file. + + +## Component-based servicing events + +### CbsServicingProvider.CbsCapabilityEnumeration + +This event reports on the results of scanning for optional Windows content on Windows Update. + +The following fields are available: + +- **architecture** Indicates the scan was limited to the specified architecture. +- **capabilityCount** The number of optional content packages found during the scan. +- **clientId** The name of the application requesting the optional content. +- **duration** The amount of time it took to complete the scan. +- **hrStatus** The HReturn code of the scan. +- **language** Indicates the scan was limited to the specified language. +- **majorVersion** Indicates the scan was limited to the specified major version. +- **minorVersion** Indicates the scan was limited to the specified minor version. +- **namespace** Indicates the scan was limited to packages in the specified namespace. +- **sourceFilter** A bitmask indicating the scan checked for locally available optional content. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + + +### CbsServicingProvider.CbsCapabilitySessionFinalize + +This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. + +The following fields are available: + +- **capabilities** The names of the optional content packages that were installed. +- **clientId** The name of the application requesting the optional content. +- **currentID** The ID of the current install session. +- **downloadSource** The source of the download. +- **highestState** The highest final install state of the optional content. +- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version. +- **hrStatus** The HReturn code of the install operation. +- **rebootCount** The number of reboots required to complete the install. +- **retryID** The session ID that will be used to retry a failed operation. +- **retryStatus** Indicates whether the install will be retried in the event of failure. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + + +### CbsServicingProvider.CbsCapabilitySessionPended + +This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date. + +The following fields are available: + +- **clientId** The name of the application requesting the optional content. +- **pendingDecision** Indicates the cause of reboot, if applicable. + + +### CbsServicingProvider.CbsLateAcquisition + +This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date. + +The following fields are available: + +- **Features** The list of feature packages that could not be updated. +- **RetryID** The ID identifying the retry attempt to update the listed packages. + + +### CbsServicingProvider.CbsPackageRemoval + +This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build number of the security update being uninstalled. +- **clientId** The name of the application requesting the uninstall. +- **currentStateEnd** The final state of the update after the operation. +- **failureDetails** Information about the cause of a failure, if applicable. +- **failureSourceEnd** The stage during the uninstall where the failure occurred. +- **hrStatusEnd** The overall exit code of the operation. +- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image. +- **majorVersion** The major version number of the security update being uninstalled. +- **minorVersion** The minor version number of the security update being uninstalled. +- **originalState** The starting state of the update before the operation. +- **pendingDecision** Indicates the cause of reboot, if applicable. +- **primitiveExecutionContext** The state during system startup when the uninstall was completed. +- **revisionVersion** The revision number of the security update being uninstalled. +- **transactionCanceled** Indicates whether the uninstall was cancelled. + + +### CbsServicingProvider.CbsQualityUpdateInstall + +This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build version number of the update package. +- **clientId** The name of the application requesting the optional content. +- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device. +- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure. +- **currentStateEnd** The final state of the package after the operation has completed. +- **doqTimeSeconds** The time in seconds spent updating drivers. +- **executeTimeSeconds** The number of seconds required to execute the install. +- **failureDetails** The driver or installer that caused the update to fail. +- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred. +- **hrStatusEnd** The return code of the install operation. +- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file. +- **majorVersion** The major version number of the update package. +- **minorVersion** The minor version number of the update package. +- **originalState** The starting state of the package. +- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation. +- **planTimeSeconds** The time in seconds required to plan the update operations. +- **poqTimeSeconds** The time in seconds processing file and registry operations. +- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update. +- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot. +- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed. +- **rebootCount** The number of reboots required to install the update. +- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update. +- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update. +- **revisionVersion** The revision version number of the update package. +- **rptTimeSeconds** The time in seconds spent executing installer plugins. +- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update. +- **stackRevision** The revision number of the servicing stack. +- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update. + + +## Deployment extensions + +### DeploymentTelemetry.Deployment_End + +This event indicates that a Deployment 360 API has completed. + +The following fields are available: + +- **ClientId** Client ID of the user utilizing the D360 API. +- **ErrorCode** Error code of action. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Mode** Phase in upgrade. +- **RelatedCV** The correction vector (CV) of any other related events +- **Result** End result of the action. + + +### DeploymentTelemetry.Deployment_SetupBoxLaunch + +This event indicates that the Deployment 360 APIs have launched Setup Box. + +The following fields are available: + +- **ClientId** The client ID of the user utilizing the D360 API. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Quiet** Whether Setup will run in quiet mode or full mode. +- **RelatedCV** The correlation vector (CV) of any other related events. +- **SetupMode** The current setup phase. + + +### DeploymentTelemetry.Deployment_SetupBoxResult + +This event indicates that the Deployment 360 APIs have received a return from Setup Box. + +The following fields are available: + +- **ClientId** Client ID of the user utilizing the D360 API. +- **ErrorCode** Error code of the action. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Quiet** Indicates whether Setup will run in quiet mode or full mode. +- **RelatedCV** The correlation vector (CV) of any other related events. +- **SetupMode** The current Setup phase. + + +### DeploymentTelemetry.Deployment_Start + +This event indicates that a Deployment 360 API has been called. + +The following fields are available: + +- **ClientId** Client ID of the user utilizing the D360 API. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Mode** The current phase of the upgrade. +- **RelatedCV** The correlation vector (CV) of any other related events. + + +## Diagnostic data events + +### TelClientSynthetic.AuthorizationInfo_RuntimeTransition + +This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect. + +The following fields are available: + +- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise. +- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise. +- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise. +- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise. +- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise. +- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise. +- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise. +- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise. +- **CanReportScenarios** True if we can report scenario completions, false otherwise. +- **PreviousPermissions** Bitmask of previous telemetry state. +- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise. + + +### TelClientSynthetic.AuthorizationInfo_Startup + +Fired by UTC at startup to signal what data we are allowed to collect. + +The following fields are available: + +- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise. +- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise. +- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise. +- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise. +- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise. +- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise. +- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise. +- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise. +- **CanReportScenarios** True if we can report scenario completions, false otherwise. +- **PreviousPermissions** Bitmask of previous telemetry state. +- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise. + + +### TelClientSynthetic.ConnectivityHeartBeat_0 + +This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. + +The following fields are available: + +- **CensusExitCode** Returns last execution codes from census client run. +- **CensusStartTime** Returns timestamp corresponding to last successful census run. +- **CensusTaskEnabled** Returns Boolean value for the census task (Enable/Disable) on client machine. +- **LastConnectivityLossTime** Retrieves the last time the device lost free network. +- **NetworkState** Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network. +- **NoNetworkTime** Retrieves the time spent with no network (since the last time) in seconds. +- **RestrictedNetworkTime** Retrieves the time spent on a metered (cost restricted) network in seconds. + + +### TelClientSynthetic.HeartBeat_5 + +This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. + +The following fields are available: + +- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. +- **CensusExitCode** The last exit code of the Census task. +- **CensusStartTime** Time of last Census run. +- **CensusTaskEnabled** True if Census is enabled, false otherwise. +- **CompressedBytesUploaded** Number of compressed bytes uploaded. +- **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. +- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. +- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling. +- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. +- **DbCriticalDroppedCount** Total number of dropped critical events in event DB. +- **DbDroppedCount** Number of events dropped due to DB fullness. +- **DbDroppedFailureCount** Number of events dropped due to DB failures. +- **DbDroppedFullCount** Number of events dropped due to DB fullness. +- **DecodingDroppedCount** Number of events dropped due to decoding failures. +- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. +- **EtwDroppedBufferCount** Number of buffers dropped in the UTC ETW session. +- **EtwDroppedCount** Number of events dropped at ETW layer of telemetry client. +- **EventsPersistedCount** Number of events that reached the PersistEvent stage. +- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC. +- **EventStoreResetCounter** Number of times event DB was reset. +- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance. +- **EventSubStoreResetCounter** Number of times event DB was reset. +- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. +- **EventsUploaded** Number of events uploaded. +- **Flags** Flags indicating device state such as network state, battery state, and opt-in state. +- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full. +- **HeartBeatSequenceNumber** The sequence number of this heartbeat. +- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. +- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. +- **LastEventSizeOffender** Event name of last event which exceeded max event size. +- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. +- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe. +- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. +- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). +- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer. +- **SettingsHttpAttempts** Number of attempts to contact OneSettings service. +- **SettingsHttpFailures** The number of failures from contacting the OneSettings service. +- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. +- **TopUploaderErrors** List of top errors received from the upload endpoint. +- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. +- **UploaderErrorCount** Number of errors received from the upload endpoint. +- **VortexFailuresTimeout** The number of timeout failures received from Vortex. +- **VortexHttpAttempts** Number of attempts to contact Vortex. +- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. +- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. +- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. +- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. + + +### TelClientSynthetic.HeartBeat_Aria_5 + +This event is the telemetry client ARIA heartbeat. + +The following fields are available: + +- **CompressedBytesUploaded** Number of compressed bytes uploaded. +- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. +- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database. +- **DbCriticalDroppedCount** Total number of dropped critical events in event database. +- **DbDroppedCount** Number of events dropped at the database layer. +- **DbDroppedFailureCount** Number of events dropped due to database failures. +- **DbDroppedFullCount** Number of events dropped due to database being full. +- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. +- **EventsPersistedCount** Number of events that reached the PersistEvent stage. +- **EventStoreLifetimeResetCounter** Number of times the event store has been reset. +- **EventStoreResetCounter** Number of times the event store has been reset during this heartbeat. +- **EventStoreResetSizeSum** Size of event store reset in bytes. +- **EventsUploaded** Number of events uploaded. +- **HeartBeatSequenceNumber** The sequence number of this heartbeat. +- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. +- **LastEventSizeOffender** Event name of last event which exceeded max event size. +- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. +- **PreviousHeartBeatTime** The FILETIME of the previous heartbeat fire. +- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer. +- **SettingsHttpAttempts** Number of attempts to contact OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting OneSettings service. +- **TopUploaderErrors** List of top errors received from the upload endpoint. +- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. +- **UploaderErrorCount** Number of errors received from the upload endpoint. +- **VortexFailuresTimeout** Number of time out failures received from Vortex. +- **VortexHttpAttempts** Number of attempts to contact Vortex. +- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. +- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. +- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. +- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. + + +### TelClientSynthetic.HeartBeat_Seville_5 + +This event is sent by the universal telemetry client (UTC) as a heartbeat signal for Sense. + +The following fields are available: + +- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host or agent channel. +- **CompressedBytesUploaded** Number of compressed bytes uploaded. +- **ConsumerDroppedCount** Number of events dropped at consumer layer of the telemetry client. +- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. +- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling. +- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database. +- **DailyUploadQuotaInBytes** Daily upload quota for Sense in bytes (only in in-proc mode). +- **DbCriticalDroppedCount** Total number of dropped critical events in event database. +- **DbDroppedCount** Number of events dropped due to database being full. +- **DbDroppedFailureCount** Number of events dropped due to database failures. +- **DbDroppedFullCount** Number of events dropped due to database being full. +- **DecodingDroppedCount** Number of events dropped due to decoding failures. +- **DiskSizeInBytes** Size of event store for Sense in bytes (only in in-proc mode). +- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. +- **EtwDroppedBufferCount** Number of buffers dropped in the universal telemetry client (UTC) event tracing for Windows (ETW) session. +- **EtwDroppedCount** Number of events dropped at the event tracing for Windows (ETW) layer of telemetry client. +- **EventsPersistedCount** Number of events that reached the PersistEvent stage. +- **EventStoreLifetimeResetCounter** Number of times event the database was reset for the lifetime of the universal telemetry client (UTC). +- **EventStoreResetCounter** Number of times the event database was reset. +- **EventStoreResetSizeSum** Total size of the event database across all resets reports in this instance. +- **EventsUploaded** Number of events uploaded. +- **Flags** Flags indicating device state, such as network state, battery state, and opt-in state. +- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full. +- **HeartBeatSequenceNumber** The sequence number of this heartbeat. +- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. +- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. +- **LastEventSizeOffender** Event name of last event which exceeded the maximum event size. +- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. +- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. +- **NormalUploadTimerMillis** Number of milliseconds between each upload of normal events for SENSE (only in in-proc mode). +- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). +- **RepeatedUploadFailureDropped** Number of events lost due to repeated failed uploaded attempts. +- **SettingsHttpAttempts** Number of attempts to contact OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting the OneSettings service. +- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. +- **TopUploaderErrors** Top uploader errors, grouped by endpoint and error type. +- **UploaderDroppedCount** Number of events dropped at the uploader layer of the telemetry client. +- **UploaderErrorCount** Number of input for the TopUploaderErrors mode estimation. +- **VortexFailuresTimeout** Number of time out failures received from Vortex. +- **VortexHttpAttempts** Number of attempts to contact Vortex. +- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. +- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. +- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. +- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. + + +## Direct to update events + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure + +This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call. + +The following fields are available: + +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call. + +The following fields are available: + +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector +- **hResult** HRESULT of the failure + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess + +This event indicates that the Coordinator Cleanup call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess + +This event indicates that the Coordinator Commit call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure + +This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Download call that will be ignored. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess + +This event indicates that the Coordinator Download call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator HandleShutdown call. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinate version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownSuccess + +This event indicates that the Coordinator HandleShutdown call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Initialize call. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess + +This event indicates that the Coordinator Initialize call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Install call. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure + +This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess + +This event indicates that the Coordinator Install call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack + +This event indicates that the Coordinator's progress callback has been called. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **DeployPhase** Current Deploy Phase. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess + +This event indicates that the Coordinator SetCommitReady call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiNotShown + +This event indicates that the Coordinator WaitForRebootUi call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection + +This event indicates that the user selected an option on the Reboot UI. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **rebootUiSelection** Selection on the Reboot UI. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess + +This event indicates that the Coordinator WaitForRebootUi call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicabilityInternal call. + +The following fields are available: + +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess + +This event indicates that the Handler CheckApplicabilityInternal call succeeded. + +The following fields are available: + +- **ApplicabilityResult** The result of the applicability check. +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess + +This event indicates that the Handler CheckApplicability call succeeded. + +The following fields are available: + +- **ApplicabilityResult** The result code indicating whether the update is applicable. +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **CV_new** New correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess + +This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **CV_new** New correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess + +This event indicates that the Handler Commit call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run.run +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **CV_new** New correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure + +This event indicates that the Handler Download and Extract cab call failed. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **DownloadAndExtractCabFunction_failureReason** Reason why the update download and extract process failed. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess + +This event indicates that the Handler Download and Extract cab call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess + +This event indicates that the Handler Download call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extract. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess + +This event indicates that the Handler Initialize call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extraction. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess + +This event indicates that the Coordinator Install call succeeded. + +The following fields are available: + +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess + +This event indicates that the Handler SetCommitReady call succeeded. + +The following fields are available: + +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call. + +The following fields are available: + +- **CampaignID** The ID of the campaigning being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** The HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess + +This event indicates that the Handler WaitForRebootUi call succeeded. + +The following fields are available: + +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. + + +## DxgKernelTelemetry events + +### DxgKrnlTelemetry.GPUAdapterInventoryV2 + +This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. + +The following fields are available: + +- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. +- **aiSeqId** The event sequence ID. +- **bootId** The system boot ID. +- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. +- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. +- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). +- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). +- **DisplayAdapterLuid** The display adapter LUID. +- **DriverDate** The date of the display driver. +- **DriverRank** The rank of the display driver. +- **DriverVersion** The display driver version. +- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. +- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. +- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. +- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. +- **GPUDeviceID** The GPU device ID. +- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. +- **GPURevisionID** The GPU revision ID. +- **GPUVendorID** The GPU vendor ID. +- **InterfaceId** The GPU interface ID. +- **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. +- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? +- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? +- **IsLDA** Is the GPU comprised of Linked Display Adapters? +- **IsMiracastSupported** Does the GPU support Miracast? +- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? +- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? +- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? +- **IsPostAdapter** Is this GPU the POST GPU in the device? +- **IsRemovable** TRUE if the adapter supports being disabled or removed. +- **IsRenderDevice** Does the GPU have rendering capabilities? +- **IsSoftwareDevice** Is this a software implementation of the GPU? +- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. +- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? +- **MsHybridDiscrete** Indicates whether the adapter is a discrete adapter in a hybrid configuration. +- **NumVidPnSources** The number of supported display output sources. +- **NumVidPnTargets** The number of supported display output targets. +- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). +- **SubSystemID** The subsystem ID. +- **SubVendorID** The GPU sub vendor ID. +- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? +- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) +- **version** The event version. +- **WDDMVersion** The Windows Display Driver Model version. + + +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **securityLevelForStorage** The cluster parameter: security level for storage. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + +## Fault Reporting events + +### Microsoft.Windows.FaultReporting.AppCrashEvent + +This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event. + +The following fields are available: + +- **AppName** The name of the app that has crashed. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppTimeStamp** The date/time stamp of the app. +- **AppVersion** The version of the app that has crashed. +- **ExceptionCode** The exception code returned by the process that has crashed. +- **ExceptionOffset** The address where the exception had occurred. +- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. +- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name. +- **IsFatal** True/False to indicate whether the crash resulted in process termination. +- **ModName** Exception module name (e.g. bar.dll). +- **ModTimeStamp** The date/time stamp of the module. +- **ModVersion** The version of the module that has crashed. +- **PackageFullName** Store application identity. +- **PackageRelativeAppId** Store application identity. +- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. +- **ProcessCreateTime** The time of creation of the process that has crashed. +- **ProcessId** The ID of the process that has crashed. +- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. +- **TargetAppId** The kernel reported AppId of the application being reported. +- **TargetAppVer** The specific version of the application being reported +- **TargetAsId** The sequence number for the hanging process. + + +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. + + + +### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked + +This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems. + + + +## Hang Reporting events + +### Microsoft.Windows.HangReporting.AppHangEvent + +This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events. + +The following fields are available: + +- **AppName** The name of the app that has hung. +- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppVersion** The version of the app that has hung. +- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report. +- **PackageFullName** Store application identity. +- **PackageRelativeAppId** Store application identity. +- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. +- **ProcessCreateTime** The time of creation of the process that has hung. +- **ProcessId** The ID of the process that has hung. +- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. +- **TargetAppId** The kernel reported AppId of the application being reported. +- **TargetAppVer** The specific version of the application being reported. +- **TargetAsId** The sequence number for the hanging process. +- **TypeCode** Bitmap describing the hang type. +- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application. +- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting. +- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting. +- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. + + +## Inventory events + +### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum + +This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. + +The following fields are available: + +- **Device** A count of device objects in cache. +- **DeviceCensus** A count of device census objects in cache. +- **DriverPackageExtended** A count of driverpackageextended objects in cache. +- **File** A count of file objects in cache. +- **FileSigningInfo** A count of file signing objects in cache. +- **Generic** A count of generic objects in cache. +- **HwItem** A count of hwitem objects in cache. +- **InventoryApplication** A count of application objects in cache. +- **InventoryApplicationAppV** A count of application AppV objects in cache. +- **InventoryApplicationDriver** A count of application driver objects in cache +- **InventoryApplicationFile** A count of application file objects in cache. +- **InventoryApplicationFramework** A count of application framework objects in cache +- **InventoryApplicationShortcut** A count of application shortcut objects in cache +- **InventoryDeviceContainer** A count of device container objects in cache. +- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache. +- **InventoryDeviceMediaClass** A count of device media objects in cache. +- **InventoryDevicePnp** A count of device Plug and Play objects in cache. +- **InventoryDeviceUsbHubClass** A count of device usb objects in cache +- **InventoryDriverBinary** A count of driver binary objects in cache. +- **InventoryDriverPackage** A count of device objects in cache. +- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache +- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. +- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache +- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache +- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache +- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache +- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache +- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache +- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache +- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache +- **Metadata** A count of metadata objects in cache. +- **Orphan** A count of orphan file objects in cache. +- **Programs** A count of program objects in cache. + + +### Microsoft.Windows.Inventory.Core.AmiTelCacheFileInfo + +Diagnostic data about the inventory cache. + +The following fields are available: + +- **CacheFileSize** Size of the cache. +- **InventoryVersion** Inventory version of the cache. +- **TempCacheCount** Number of temp caches created. +- **TempCacheDeletedCount** Number of temp caches deleted. + + +### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions + +This event sends inventory component versions for the Device Inventory data. + +The following fields are available: + +- **aeinv** The version of the App inventory component. +- **devinv** The file version of the Device inventory component. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd + +This event sends basic metadata about an application on the system to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **HiddenArp** Indicates whether a program hides itself from showing up in ARP. +- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics). +- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00 +- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. +- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array. +- **InventoryVersion** The version of the inventory file generating the events. +- **Language** The language code of the program. +- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. +- **MsiProductCode** A GUID that describe the MSI Product. +- **Name** The name of the application. +- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. +- **PackageFullName** The package full name for a Store application. +- **ProgramInstanceId** A hash of the file IDs in an app. +- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. +- **RootDirPath** The path to the root directory where the program was installed. +- **Source** How the program was installed (for example, ARP, MSI, Appx). +- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. +- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. +- **Version** The version number of the program. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd + +This event represents what drivers an application installs. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory component. +- **ProgramIds** The unique program identifier the driver is associated with. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync + +The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory component. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd + +This event provides the basic metadata about the frameworks an application may depend on. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **FileId** A hash that uniquely identifies a file. +- **Frameworks** The list of frameworks this file depends on. +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync + +This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove + +This event indicates that a new set of InventoryDevicePnpAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync + +This event indicates that a new set of InventoryApplicationAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd + +This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Categories** A comma separated list of functional categories in which the container belongs. +- **DiscoveryMethod** The discovery method for the device container. +- **FriendlyName** The name of the device container. +- **InventoryVersion** The version of the inventory file generating the events. +- **IsActive** Is the device connected, or has it been seen in the last 14 days? +- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. +- **IsMachineContainer** Is the container the root device itself? +- **IsNetworked** Is this a networked device? +- **IsPaired** Does the device container require pairing? +- **Manufacturer** The manufacturer name for the device container. +- **ModelId** A unique model ID. +- **ModelName** The model name. +- **ModelNumber** The model number for the device container. +- **PrimaryCategory** The primary category for the device container. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove + +This event indicates that the InventoryDeviceContainer object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync + +This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd + +This event retrieves information about what sensor interfaces are available on the device. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Accelerometer3D** Indicates if an Accelerator3D sensor is found. +- **ActivityDetection** Indicates if an Activity Detection sensor is found. +- **AmbientLight** Indicates if an Ambient Light sensor is found. +- **Barometer** Indicates if a Barometer sensor is found. +- **Custom** Indicates if a Custom sensor is found. +- **EnergyMeter** Indicates if an Energy sensor is found. +- **FloorElevation** Indicates if a Floor Elevation sensor is found. +- **GeomagneticOrientation** Indicates if a Geo Magnetic Orientation sensor is found. +- **GravityVector** Indicates if a Gravity Detector sensor is found. +- **Gyrometer3D** Indicates if a Gyrometer3D sensor is found. +- **Humidity** Indicates if a Humidity sensor is found. +- **InventoryVersion** The version of the inventory file generating the events. +- **LinearAccelerometer** Indicates if a Linear Accelerometer sensor is found. +- **Magnetometer3D** Indicates if a Magnetometer3D sensor is found. +- **Orientation** Indicates if an Orientation sensor is found. +- **Pedometer** Indicates if a Pedometer sensor is found. +- **Proximity** Indicates if a Proximity sensor is found. +- **RelativeOrientation** Indicates if a Relative Orientation sensor is found. +- **SimpleDeviceOrientation** Indicates if a Simple Device Orientation sensor is found. +- **Temperature** Indicates if a Temperature sensor is found. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync + +This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd + +This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **audio.captureDriver** Audio device capture driver. Example: hdaudio.inf:db04a16ce4e8d6ee:HdAudModel:10.0.14887.1000:hdaudio\func_01 +- **audio.renderDriver** Audio device render driver. Example: hdaudio.inf:db04a16ce4e8d6ee:HdAudModel:10.0.14889.1001:hdaudio\func_01 +- **Audio_CaptureDriver** The Audio device capture driver endpoint. +- **Audio_RenderDriver** The Audio device render driver endpoint. +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove + +This event indicates that the InventoryDeviceMediaClassRemove object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync + +This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd + +This event represents the basic metadata about a plug and play (PNP) device and its associated driver. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **BusReportedDescription** The description of the device reported by the bux. +- **Class** The device setup class of the driver loaded for the device. +- **ClassGuid** The device class unique identifier of the driver package loaded on the device. +- **COMPID** The list of “Compatible IDs” for this device. +- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. +- **Description** The description of the device. +- **DeviceInterfaceClasses** The device interfaces that this device implements. +- **DeviceState** Identifies the current state of the parent (main) device. +- **DriverId** The unique identifier for the installed driver. +- **DriverName** The name of the driver image file. +- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. +- **DriverVerDate** The date associated with the driver installed on the device. +- **DriverVerVersion** The version number of the driver installed on the device. +- **Enumerator** Identifies the bus that enumerated the device. +- **ExtendedInfs** The extended INF file names. +- **HWID** A list of hardware IDs for the device. +- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). +- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx +- **InventoryVersion** The version number of the inventory process generating the events. +- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. +- **LowerFilters** The identifiers of the Lower filters installed for the device. +- **Manufacturer** The manufacturer of the device. +- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. +- **Model** Identifies the model of the device. +- **ParentId** The Device Instance ID of the parent of the device. +- **ProblemCode** The error code currently returned by the device, if applicable. +- **Provider** Identifies the device provider. +- **Service** The name of the device service. +- **STACKID** The list of hardware IDs for the stack. +- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. +- **UpperFilters** The identifiers of the Upper filters installed for the device. + + +### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove + +This event indicates that the InventoryDevicePnpRemove object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync + +This event indicates that a new set of InventoryDevicePnpAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd + +This event sends basic metadata about the USB hubs on the device. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. +- **TotalUserConnectablePorts** Total number of connectable USB ports. +- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync + +This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. + + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd + +This event provides the basic metadata about driver binaries running on the system. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **DriverCheckSum** The checksum of the driver file. +- **DriverCompany** The company name that developed the driver. +- **DriverInBox** Is the driver included with the operating system? +- **DriverIsKernelMode** Is it a kernel mode driver? +- **DriverName** The file name of the driver. +- **DriverPackageStrongName** The strong name of the driver package +- **DriverSigned** The strong name of the driver package +- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file. +- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000. +- **DriverVersion** The version of the driver file. +- **ImageSize** The size of the driver file. +- **Inf** The name of the INF file. +- **InventoryVersion** The version of the inventory file generating the events. +- **Product** The product name that is included in the driver file. +- **ProductVersion** The product version that is included in the driver file. +- **Service** The name of the service that is installed for the device. +- **WdfVersion** The Windows Driver Framework version. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove + +This event indicates that the InventoryDriverBinary object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync + +This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd + +This event sends basic metadata about drive packages installed on the system to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Class** The class name for the device driver. +- **ClassGuid** The class GUID for the device driver. +- **Date** The driver package date. +- **Directory** The path to the driver package. +- **DriverInBox** Is the driver included with the operating system? +- **Inf** The INF name of the driver package. +- **InventoryVersion** The version of the inventory file generating the events. +- **Provider** The provider for the driver package. +- **SubmissionId** The HLK submission ID for the driver package. +- **Version** The version of the driver package. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove + +This event indicates that the InventoryDriverPackageRemove object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync + +This event indicates that a new set of InventoryDriverPackageAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.StartUtcJsonTrace + +This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin. + + + +### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace + +This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end. + + + +### Microsoft.Windows.Inventory.General.AppHealthStaticAdd + +This event sends details collected for a specific application on the source device. + +The following fields are available: + +- **AhaVersion** The binary version of the App Health Analyzer tool. +- **ApplicationErrors** The count of application errors from the event log. +- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit). +- **device_level** Various JRE/JAVA versions installed on a particular device. +- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type. +- **Jar** Flag to determine if an app has a Java JAR file dependency. +- **Jre** Flag to determine if an app has JRE framework dependency. +- **Jre_version** JRE versions an app has declared framework dependency for. +- **Name** Name of the application. +- **NonDPIAware** Flag to determine if an app is non-DPI aware. +- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location. +- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution. +- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution. +- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility. +- **VB6** Flag to determine if an app is based on VB6 framework. +- **VB6v2** Additional flag to determine if an app is based on VB6 framework. +- **Version** Version of the application. +- **VersionCheck** Flag to determine if an app has a static dependency on OS version. +- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version. + + +### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync + +This event indicates the beginning of a series of AppHealthStaticAdd events. + +The following fields are available: + +- **AllowTelemetry** Indicates the presence of the 'allowtelemetry' command line argument. +- **CommandLineArgs** Command line arguments passed when launching the App Health Analyzer executable. +- **Enhanced** Indicates the presence of the 'enhanced' command line argument. +- **StartTime** UTC date and time at which this event was sent. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd + +Provides data on the installed Office Add-ins. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AddinCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInId** The identifier for the Microsoft Office add-in. +- **AddinType** The type of the Microsoft Office add-in. +- **BinFileTimestamp** The timestamp of the Office add-in. +- **BinFileVersion** The version of the Microsoft Office add-in. +- **Description** Description of the Microsoft Office add-in. +- **FileId** The file identifier of the Microsoft Office add-in. +- **FileSize** The file size of the Microsoft Office add-in. +- **FriendlyName** The friendly name for the Microsoft Office add-in. +- **FullPath** The full path to the Microsoft Office add-in. +- **InventoryVersion** The version of the inventory binary generating the events. +- **LoadBehavior** Integer that describes the load behavior. +- **LoadTime** Load time for the Office add-in. +- **OfficeApplication** The Microsoft Office application associated with the add-in. +- **OfficeArchitecture** The architecture of the add-in. +- **OfficeVersion** The Microsoft Office version for this add-in. +- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in. +- **ProductCompany** The name of the company associated with the Office add-in. +- **ProductName** The product name associated with the Microsoft Office add-in. +- **ProductVersion** The version associated with the Office add-in. +- **ProgramId** The unique program identifier of the Microsoft Office add-in. +- **Provider** Name of the provider for this add-in. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove + +Indicates that this particular data object represented by the objectInstanceId is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync + +This event indicates that a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd + +Provides data on the Office identifiers. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. +- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device +- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device +- **OMID** Identifier for the Office SQM Machine +- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit +- **OTenantId** Unique GUID representing the Microsoft O365 Tenant +- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 +- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd + +Provides data on Office-related Internet Explorer features. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. +- **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature. +- **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files. +- **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) +- **OIeMimeSniffing** Flag indicating which Microsoft Office products have this setting enabled. Determines a file's type by examining its bit signature. Windows Internet Explorer uses this information to determine how to render the file. The FEATURE_MIME_SNIFFING feature, when enabled, allows to be set differently for each security zone by using the URLACTION_FEATURE_MIME_SNIFFING URL action flag +- **OIeNoAxInstall** Flag indicating which Microsoft Office products have this setting enabled. When a webpage attempts to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request. When a webpage tries to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request +- **OIeNoDownload** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_RESTRICT_FILEDOWNLOAD feature blocks file download requests that navigate to a resource, that display a file download dialog box, or that are not initiated explicitly by a user action (for example, a mouse click or key press). Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) +- **OIeObjectCaching** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_OBJECT_CACHING feature prevents webpages from accessing or instantiating ActiveX controls cached from different domains or security contexts +- **OIePasswordDisable** Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTPS protocols. URLs using other protocols, such as FTP, still allow usernames and passwords +- **OIeSafeBind** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SAFE_BINDTOOBJECT feature performs additional safety checks when calling MonikerBindToObject to create and initialize Microsoft ActiveX controls. Specifically, prevent the control from being created if COMPAT_EVIL_DONT_LOAD is in the registry for the control +- **OIeSecurityBand** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SECURITYBAND feature controls the display of the Internet Explorer Information bar. When enabled, the Information bar appears when file download or code installation is restricted +- **OIeUncSaveCheck** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_UNC_SAVEDFILECHECK feature enables the Mark of the Web (MOTW) for local files loaded from network locations that have been shared by using the Universal Naming Convention (UNC) +- **OIeValidateUrl** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_VALIDATE_NAVIGATE_URL feature control prevents Windows Internet Explorer from navigating to a badly formed URL +- **OIeWebOcPopup** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior +- **OIeWinRestrict** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows +- **OIeZoneElevate** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd + +This event provides insight data on the installed Office products + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. +- **OfficeApplication** The name of the Office application. +- **OfficeArchitecture** The bitness of the Office application. +- **OfficeVersion** The version of the Office application. +- **Value** The insights collected about this entity. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove + +Indicates that this particular data object represented by the objectInstanceId is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync + +This diagnostic event indicates that a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd + +Describes Office Products installed. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. +- **OC2rApps** A GUID the describes the Office Click-To-Run apps +- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus +- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word +- **OProductCodes** A GUID that describes the Office MSI products + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd + +This event describes various Office settings + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **BrowserFlags** Browser flags for Office-related products +- **ExchangeProviderFlags** Provider policies for Office Exchange +- **InventoryVersion** The version of the inventory binary generating the events. +- **SharedComputerLicensing** Office shared computer licensing policies + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync + +Indicates a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd + +This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Design** Count of files with design issues found. +- **Design_x64** Count of files with 64 bit design issues found. +- **DuplicateVBA** Count of files with duplicate VBA code. +- **HasVBA** Count of files with VBA code. +- **Inaccessible** Count of files that were inaccessible for scanning. +- **InventoryVersion** The version of the inventory binary generating the events. +- **Issues** Count of files with issues detected. +- **Issues_x64** Count of files with 64-bit issues detected. +- **IssuesNone** Count of files with no issues detected. +- **IssuesNone_x64** Count of files with no 64-bit issues detected. +- **Locked** Count of files that were locked, preventing scanning. +- **NoVBA** Count of files with no VBA inside. +- **Protected** Count of files that were password protected, preventing scanning. +- **RemLimited** Count of files that require limited remediation changes. +- **RemLimited_x64** Count of files that require limited remediation changes for 64-bit issues. +- **RemSignificant** Count of files that require significant remediation changes. +- **RemSignificant_x64** Count of files that require significant remediation changes for 64-bit issues. +- **Score** Overall compatibility score calculated for scanned content. +- **Score_x64** Overall 64-bit compatibility score calculated for scanned content. +- **Total** Total number of files scanned. +- **Validation** Count of files that require additional manual validation. +- **Validation_x64** Count of files that require additional manual validation for 64-bit issues. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARemove + +Indicates that this particular data object represented by the objectInstanceId is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsAdd + +This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Count** Count of total Microsoft Office VBA rule violations +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsRemove + +Indicates that this particular data object represented by the objectInstanceId is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync + +This event indicates that a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd + +Provides data on Unified Update Platform (UUP) products and what version they are at. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Identifier** UUP identifier +- **LastActivatedVersion** Last activated version +- **PreviousVersion** Previous version +- **Source** UUP source +- **Version** UUP version + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove + +Indicates that this particular data object represented by the objectInstanceId is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + + +### Microsoft.Windows.Inventory.Indicators.Checksum + +This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. + +The following fields are available: + +- **CensusId** A unique hardware identifier. +- **ChecksumDictionary** A count of each operating system indicator. +- **PCFP** Equivalent to the InventoryId field that is found in other core events. + + +### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd + +These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **IndicatorValue** The indicator value. +- **Value** Describes an operating system indicator that may be relevant for the device upgrade. + + +### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove + +This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + + +### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync + +This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + + +## Kernel events + +### IO + +This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup. + +The following fields are available: + +- **BytesRead** The total number of bytes read from or read by the OS upon system startup. +- **BytesWritten** The total number of bytes written to or written by the OS upon system startup. + + +### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch + +OS information collected during Boot, used to evaluate the success of the upgrade process. + +The following fields are available: + +- **BootApplicationId** This field tells us what the OS Loader Application Identifier is. +- **BootAttemptCount** The number of consecutive times the boot manager has attempted to boot into this operating system. +- **BootSequence** The current Boot ID, used to correlate events related to a particular boot session. +- **BootStatusPolicy** Identifies the applicable Boot Status Policy. +- **BootType** Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume"). +- **EventTimestamp** Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made. +- **FirmwareResetReasonEmbeddedController** Reason for system reset provided by firmware. +- **FirmwareResetReasonEmbeddedControllerAdditional** Additional information on system reset reason provided by firmware if needed. +- **FirmwareResetReasonPch** Reason for system reset provided by firmware. +- **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed. +- **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware. +- **IO** Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io). +- **LastBootSucceeded** Flag indicating whether the last boot was successful. +- **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful. +- **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb. +- **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb. +- **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement). +- **MeasuredLaunchResume** This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation. +- **MenuPolicy** Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.). +- **RecoveryEnabled** Indicates whether recovery is enabled. +- **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot. +- **TcbLaunch** Indicates whether the Trusted Computing Base was used during the boot flow. +- **UserInputTime** The amount of time the loader application spent waiting for user input. + + +## Miracast events + +### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd + +This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session + +The following fields are available: + +- **AudioChannelCount** The number of audio channels. +- **AudioSampleRate** The sample rate of audio in terms of samples per second. +- **AudioSubtype** The unique subtype identifier of the audio codec (encoding method) used for audio encoding. +- **AverageBitrate** The average video bitrate used during the Miracast session, in bits per second. +- **AverageDataRate** The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second. +- **AveragePacketSendTimeInMs** The average time required for the network to send a sample, in milliseconds. +- **ConnectorType** The type of connector used during the Miracast session. +- **EncodeAverageTimeMS** The average time to encode a frame of video, in milliseconds. +- **EncodeCount** The count of total frames encoded in the session. +- **EncodeMaxTimeMS** The maximum time to encode a frame, in milliseconds. +- **EncodeMinTimeMS** The minimum time to encode a frame, in milliseconds. +- **EncoderCreationTimeInMs** The time required to create the video encoder, in milliseconds. +- **ErrorSource** Identifies the component that encountered an error that caused a disconnect, if applicable. +- **FirstFrameTime** The time (tick count) when the first frame is sent. +- **FirstLatencyMode** The first latency mode. +- **FrameAverageTimeMS** Average time to process an entire frame, in milliseconds. +- **FrameCount** The total number of frames processed. +- **FrameMaxTimeMS** The maximum time required to process an entire frame, in milliseconds. +- **FrameMinTimeMS** The minimum time required to process an entire frame, in milliseconds. +- **Glitches** The number of frames that failed to be delivered on time. +- **HardwareCursorEnabled** Indicates if hardware cursor was enabled when the connection ended. +- **HDCPState** The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended. +- **HighestBitrate** The highest video bitrate used during the Miracast session, in bits per second. +- **HighestDataRate** The highest available bandwidth reported by the WiFi driver, in bits per second. +- **LastLatencyMode** The last reported latency mode. +- **LogTimeReference** The reference time, in tick counts. +- **LowestBitrate** The lowest video bitrate used during the Miracast session, in bits per second. +- **LowestDataRate** The lowest video bitrate used during the Miracast session, in bits per second. +- **MediaErrorCode** The error code reported by the media session, if applicable. +- **MiracastEntry** The time (tick count) when the Miracast driver was first loaded. +- **MiracastM1** The time (tick count) when the M1 request was sent. +- **MiracastM2** The time (tick count) when the M2 request was sent. +- **MiracastM3** The time (tick count) when the M3 request was sent. +- **MiracastM4** The time (tick count) when the M4 request was sent. +- **MiracastM5** The time (tick count) when the M5 request was sent. +- **MiracastM6** The time (tick count) when the M6 request was sent. +- **MiracastM7** The time (tick count) when the M7 request was sent. +- **MiracastSessionState** The state of the Miracast session when the connection ended. +- **MiracastStreaming** The time (tick count) when the Miracast session first started processing frames. +- **ProfileCount** The count of profiles generated from the receiver M4 response. +- **ProfileCountAfterFiltering** The count of profiles after filtering based on available bandwidth and encoder capabilities. +- **RefreshRate** The refresh rate set on the remote display. +- **RotationSupported** Indicates if the Miracast receiver supports display rotation. +- **RTSPSessionId** The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session. +- **SessionGuid** The unique identifier of to correlate various Miracast events from a session. +- **SinkHadEdid** Indicates if the Miracast receiver reported an EDID. +- **SupportMicrosoftColorSpaceConversion** Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver. +- **SupportsMicrosoftDiagnostics** Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension. +- **SupportsMicrosoftFormatChange** Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension. +- **SupportsMicrosoftLatencyManagement** Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension. +- **SupportsMicrosoftRTCP** Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension. +- **SupportsMicrosoftVideoFormats** Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution. +- **SupportsWiDi** Indicates whether Miracast receiver supports Intel WiDi extensions. +- **TeardownErrorCode** The error code reason for teardown provided by the receiver, if applicable. +- **TeardownErrorReason** The text string reason for teardown provided by the receiver, if applicable. +- **UIBCEndState** Indicates whether UIBC was enabled when the connection ended. +- **UIBCEverEnabled** Indicates whether UIBC was ever enabled. +- **UIBCStatus** The result code reported by the UIBC setup process. +- **VideoBitrate** The starting bitrate for the video encoder. +- **VideoCodecLevel** The encoding level used for encoding, specific to the video subtype. +- **VideoHeight** The height of encoded video frames. +- **VideoSubtype** The unique subtype identifier of the video codec (encoding method) used for video encoding. +- **VideoWidth** The width of encoded video frames. +- **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol. + + +## OneDrive events + +### Microsoft.OneDrive.Sync.Setup.APIOperation + +This event includes basic data about install and uninstall OneDrive API operations. + +The following fields are available: + +- **APIName** The name of the API. +- **Duration** How long the operation took. +- **IsSuccess** Was the operation successful? +- **ResultCode** The result code. +- **ScenarioName** The name of the scenario. + + +### Microsoft.OneDrive.Sync.Setup.EndExperience + +This event includes a success or failure summary of the installation. + +The following fields are available: + +- **APIName** The name of the API. +- **HResult** HResult of the operation +- **IsSuccess** Whether the operation is successful or not +- **ScenarioName** The name of the scenario. + + +### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation + +This event is related to the OS version when the OS is upgraded with OneDrive installed. + +The following fields are available: + +- **CurrentOneDriveVersion** The current version of OneDrive. +- **CurrentOSBuildBranch** The current branch of the operating system. +- **CurrentOSBuildNumber** The current build number of the operating system. +- **CurrentOSVersion** The current version of the operating system. +- **HResult** The HResult of the operation. +- **SourceOSBuildBranch** The source branch of the operating system. +- **SourceOSBuildNumber** The source build number of the operating system. +- **SourceOSVersion** The source version of the operating system. + + +### Microsoft.OneDrive.Sync.Setup.RegisterStandaloneUpdaterAPIOperation + +This event is related to registering or unregistering the OneDrive update task. + +The following fields are available: + +- **APIName** The name of the API. +- **IsSuccess** Was the operation successful? +- **RegisterNewTaskResult** The HResult of the RegisterNewTask operation. +- **ScenarioName** The name of the scenario. +- **UnregisterOldTaskResult** The HResult of the UnregisterOldTask operation. + + +### Microsoft.OneDrive.Sync.Updater.ComponentInstallState + +This event includes basic data about the installation state of dependent OneDrive components. + +The following fields are available: + +- **ComponentName** The name of the dependent component. +- **isInstalled** Is the dependent component installed? + + +### Microsoft.OneDrive.Sync.Updater.OverlayIconStatus + +This event indicates if the OneDrive overlay icon is working correctly. 0 = healthy; 1 = can be fixed; 2 = broken + +The following fields are available: + +- **32bit** The status of the OneDrive overlay icon on a 32-bit operating system. +- **64bit** The status of the OneDrive overlay icon on a 64-bit operating system. + + +### Microsoft.OneDrive.Sync.Updater.UpdateOverallResult + +This event sends information describing the result of the update. + +The following fields are available: + +- **hr** The HResult of the operation. +- **IsLoggingEnabled** Indicates whether logging is enabled for the updater. +- **UpdaterVersion** The version of the updater. + + +### Microsoft.OneDrive.Sync.Updater.UpdateXmlDownloadHResult + +This event determines the status when downloading the OneDrive update configuration file. + +The following fields are available: + +- **hr** The HResult of the operation. + + +### Microsoft.OneDrive.Sync.Updater.WebConnectionStatus + +This event determines the error code that was returned when verifying Internet connectivity. + +The following fields are available: + +- **winInetError** The HResult of the operation. + + +## Privacy consent logging events + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted + +This event is used to determine whether the user successfully completed the privacy consent experience. + +The following fields are available: + +- **presentationVersion** Which display version of the privacy consent experience the user completed +- **privacyConsentState** The current state of the privacy consent experience +- **settingsVersion** Which setting version of the privacy consent experience the user completed +- **userOobeExitReason** The exit reason of the privacy consent experience + + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus + +Event tells us effectiveness of new privacy experience. + +The following fields are available: + +- **isAdmin** whether the person who is logging in is an admin +- **isExistingUser** whether the account existed in a downlevel OS +- **isLaunching** Whether or not the privacy consent experience will be launched +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience +- **userRegionCode** The current user's region setting + + +### wilActivity + +This event provides a Windows Internal Library context used for Product and Service diagnostics. + +The following fields are available: + +- **callContext** The function where the failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. + + +## Sediment events + +### Microsoft.Windows.Sediment.Info.DetailedState + +This event is sent when detailed state information is needed from an update trial run. + +The following fields are available: + +- **Data** Data relevant to the state, such as what percent of disk space the directory takes up. +- **Id** Identifies the trial being run, such as a disk related trial. +- **ReleaseVer** The version of the component. +- **State** The state of the reporting data from the trial, such as the top-level directory analysis. +- **Time** The time the event was fired. + + +### Microsoft.Windows.Sediment.Info.Error + +This event indicates an error in the updater payload. This information assists in keeping Windows up to date. + +The following fields are available: + +- **FailureType** The type of error encountered. +- **FileName** The code file in which the error occurred. +- **HResult** The failure error code. +- **LineNumber** The line number in the code file at which the error occurred. +- **ReleaseVer** The version information for the component in which the error occurred. +- **Time** The system time at which the error occurred. + + +### Microsoft.Windows.Sediment.Info.PhaseChange + +The event indicates progress made by the updater. This information assists in keeping Windows up to date. + +The following fields are available: + +- **NewPhase** The phase of progress made. +- **ReleaseVer** The version information for the component in which the change occurred. +- **Time** The system time at which the phase chance occurred. + + +## Setup events + +### SetupPlatformTel.SetupPlatformTelActivityEvent + +This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date. + +The following fields are available: + +- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. +- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. +- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time + + +### SetupPlatformTel.SetupPlatformTelActivityStarted + +This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. + +The following fields are available: + +- **Name** The name of the dynamic update type. Example: GDR driver + + +### SetupPlatformTel.SetupPlatformTelActivityStopped + +This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date. + + + +### SetupPlatformTel.SetupPlatformTelEvent + +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. + +The following fields are available: + +- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. +- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. +- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time. + + +## Software update events + +### SoftwareUpdateClientTelemetry.CheckForUpdates + +Scan process event on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded). + +The following fields are available: + +- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. +- **AllowCachedResults** Indicates if the scan allowed using cached results. +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BranchReadinessLevel** The servicing branch configured on the device. +- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. +- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. +- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **ClientVersion** The version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0. +- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown +- **CurrentMobileOperator** The mobile operator the device is currently connected to. +- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). +- **DeferredUpdates** Update IDs which are currently being deferred until a later time +- **DeviceModel** What is the device model. +- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. +- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled. +- **DriverSyncPassPerformed** Were drivers scanned this time? +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **ExtendedMetadataCabUrl** Hostname that is used to download an update. +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. +- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. +- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days). +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days). +- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). +- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). +- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **IPVersion** Indicates whether the download took place over IPv4 or IPv6 +- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. +- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. +- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MSIError** The last error that was encountered during a scan for updates. +- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 +- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete +- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked +- **NumberOfLoop** The number of round trips the scan required +- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan +- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan +- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down. +- **Online** Indicates if this was an online scan. +- **PausedUpdates** A list of UpdateIds which that currently being paused. +- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window. +- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window. +- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window. +- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. +- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced. +- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **ScanDurationInSeconds** The number of seconds a scan took +- **ScanEnqueueTime** The number of seconds it took to initialize a scan +- **ScanProps** This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates). +- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.). +- **ServiceUrl** The environment URL a device is configured to scan with +- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). +- **SyncType** Describes the type of scan the event was +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. +- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. + + +### SoftwareUpdateClientTelemetry.Commit + +This event tracks the commit process post the update installation when software update client is trying to update the device. + +The following fields are available: + +- **BiosFamily** Device family as defined in the system BIOS +- **BiosName** Name of the system BIOS +- **BiosReleaseDate** Release date of the system BIOS +- **BiosSKUNumber** Device SKU as defined in the system BIOS +- **BIOSVendor** Vendor of the system BIOS +- **BiosVersion** Version of the system BIOS +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleRevisionNumber** Identifies the revision number of the content bundle +- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** Version number of the software distribution client +- **DeploymentProviderMode** The mode of operation of the update deployment provider. +- **DeviceModel** Device model as defined in the system bios +- **EventInstanceID** A globally unique identifier for event instance +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". +- **FlightId** The specific id of the flight the device is getting +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) +- **RevisionNumber** Identifies the revision number of this specific piece of content +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) +- **SystemBIOSMajorRelease** Major release version of the system bios +- **SystemBIOSMinorRelease** Minor release version of the system bios +- **UpdateId** Identifier associated with the specific piece of content +- **WUDeviceID** Unique device id controlled by the software distribution client + + +### SoftwareUpdateClientTelemetry.Download + +Download process event for target update on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded). + +The following fields are available: + +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. +- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download of the app payload. +- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. +- **AppXDownloadScope** Indicates the scope of the download for application content. +- **AppXScope** Indicates the scope of the app download. +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. +- **BundleId** Identifier associated with the specific content bundle. +- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. +- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). +- **CachedEngineVersion** The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable. +- **CallerApplicationName** The name provided by the application that initiated API calls into the software distribution client. +- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download. +- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. +- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. +- **CDNId** ID which defines which CDN the software distribution client downloaded the content from. +- **ClientVersion** The version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. +- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle. +- **CurrentMobileOperator** The mobile operator the device is currently connected to. +- **DeviceModel** The model of the device. +- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. +- **DownloadProps** Information about the download operation. +- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed. +- **EventType** Identifies the type of the event (Child, Bundle, or Driver). +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). +- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight. +- **FlightId** The specific ID of the flight (pre-release build) the device is getting. +- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). +- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). +- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **HostName** The hostname URL the content is downloading from. +- **IPVersion** Indicates whether the download took place over IPv4 or IPv6. +- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update +- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. +- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. +- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) +- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." +- **PackageFullName** The package name of the content. +- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. +- **PostDnldTime** Time (in seconds) taken to signal download completion after the last job completed downloading the payload. +- **ProcessName** The process name of the application that initiated API calls, in the event where CallerApplicationName was not provided. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background. +- **RegulationReason** The reason that the update is regulated +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. +- **RepeatFailCount** Indicates whether this specific content has previously failed. +- **RepeatFailFlag** Indicates whether this specific content previously failed to download. +- **RevisionNumber** The revision number of the specified piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). +- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. +- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. +- **SizeCalcTime** Time (in seconds) taken to calculate the total download size of the payload. +- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **TargetMetadataVersion** The version of the currently downloading (or most recently downloaded) package. +- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. +- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. +- **TotalExpectedBytes** The total size (in Bytes) expected to be downloaded. +- **UpdateId** An identifier associated with the specific piece of content. +- **UpdateID** An identifier associated with the specific piece of content. +- **UpdateImportance** Indicates whether the content was marked as Important, Recommended, or Optional. +- **UsedDO** Indicates whether the download used the Delivery Optimization (DO) service. +- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. + + +### SoftwareUpdateClientTelemetry.DownloadCheckpoint + +This event provides a checkpoint between each of the Windows Update download phases for UUP content + +The following fields are available: + +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** The version number of the software distribution client +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed +- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver" +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough +- **FileId** A hash that uniquely identifies a file +- **FileName** Name of the downloaded file +- **FlightId** The unique identifier for each flight +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RevisionNumber** Unique revision number of Update +- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.) +- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult) +- **UpdateId** Unique Update ID +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue + + +### SoftwareUpdateClientTelemetry.DownloadHeartbeat + +This event allows tracking of ongoing downloads and contains data to explain the current state of the download + +The following fields are available: + +- **BytesTotal** Total bytes to transfer for this content +- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat +- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** The version number of the software distribution client +- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat +- **CurrentError** Last (transient) error encountered by the active download +- **DownloadFlags** Flags indicating if power state is ignored +- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing) +- **EventType** Possible values are "Child", "Bundle", or "Driver" +- **FlightId** The unique identifier for each flight +- **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered" +- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any +- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any +- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one +- **ResumeCount** Number of times this active download has resumed from a suspended state +- **RevisionNumber** Identifies the revision number of this specific piece of content +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) +- **SuspendCount** Number of times this active download has entered a suspended state +- **SuspendReason** Last reason for why this active download entered a suspended state +- **UpdateId** Identifier associated with the specific piece of content +- **WUDeviceID** Unique device id controlled by the software distribution client + + +### SoftwareUpdateClientTelemetry.Install + +This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date. + +The following fields are available: + +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. +- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **ClientVersion** The version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0. +- **CSIErrorType** The stage of CBS installation where it failed. +- **CurrentMobileOperator** The mobile operator to which the device is currently connected. +- **DeploymentProviderMode** The mode of operation of the update deployment provider. +- **DeviceModel** The device model. +- **DriverPingBack** Contains information about the previous driver and system state. +- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. +- **EventType** Possible values are Child, Bundle, or Driver. +- **ExtendedErrorCode** The extended error code. +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBranch** The branch that a device is on if participating in the Windows Insider Program. +- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **FlightRing** The ring that a device is on if participating in the Windows Insider Program. +- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update). +- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **InstallProps** A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether this update is a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. +- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. +- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. +- **MsiAction** The stage of MSI installation where it failed. +- **MsiProductCode** The unique identifier of the MSI installer. +- **PackageFullName** The package name of the content being installed. +- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced. +- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RepeatFailCount** Indicates whether this specific piece of content has previously failed. +- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install. +- **RevisionNumber** The revision number of this specific piece of content. +- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). +- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway. +- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult). +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **TransactionCode** The ID that represents a given MSI installation. +- **UpdateId** Unique update ID. +- **UpdateID** An identifier associated with the specific piece of content. +- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. +- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. + + +### SoftwareUpdateClientTelemetry.Revert + +Revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found. +- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **ClientVersion** Version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. +- **CSIErrorType** Stage of CBS installation that failed. +- **DriverPingBack** Contains information about the previous driver and system state. +- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). +- **EventType** Event type (Child, Bundle, Release, or Driver). +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBuildNumber** Indicates the build number of the flight. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether an update was a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. +- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. +- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. +- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. +- **RepeatFailCount** Indicates whether this specific piece of content has previously failed. +- **RevisionNumber** Identifies the revision number of this specific piece of content. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **UpdateId** The identifier associated with the specific piece of content. +- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). +- **UsedSystemVolume** Indicates whether the device's main system storage drive or an alternate storage drive was used. +- **WUDeviceID** Unique device ID controlled by the software distribution client. + + +### SoftwareUpdateClientTelemetry.TaskRun + +Start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed). + +The following fields are available: + +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **ClientVersion** Version number of the software distribution client. +- **CmdLineArgs** Command line arguments passed in by the caller. +- **EventInstanceID** A globally unique identifier for the event instance. +- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **WUDeviceID** Unique device ID controlled by the software distribution client. + + +### SoftwareUpdateClientTelemetry.Uninstall + +Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). + +The following fields are available: + +- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found. +- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request. +- **ClientVersion** Version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. +- **DriverPingBack** Contains information about the previous driver and system state. +- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.). +- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBuildNumber** Indicates the build number of the flight. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether an update was a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. +- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. +- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. +- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. +- **RepeatFailCount** Indicates whether this specific piece of content previously failed. +- **RevisionNumber** Identifies the revision number of this specific piece of content. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **UpdateId** Identifier associated with the specific piece of content. +- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). +- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used. +- **WUDeviceID** Unique device ID controlled by the software distribution client. + + +### SoftwareUpdateClientTelemetry.UpdateDetected + +This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. + +The following fields are available: + +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete. +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. +- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.). +- **WUDeviceID** The unique device ID controlled by the software distribution client. + + +### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity + +Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. + +The following fields are available: + +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. +- **ExtendedStatusCode** The secondary status code of the event. +- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. +- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce +- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. +- **RevisionId** The revision ID for a specific piece of content. +- **RevisionNumber** The revision number for a specific piece of content. +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store +- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. +- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SHA256OfTimestampToken** An encoded string of the timestamp token. +- **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. +- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. +- **UpdateId** The update ID for a specific piece of content. +- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. + + +## System Resource Usage Monitor events + +### Microsoft.Windows.Srum.Sdp.CpuUsage + +This event provides information on CPU usage. + +The following fields are available: + +- **UsageMax** The maximum of hourly average CPU usage. +- **UsageMean** The mean of hourly average CPU usage. +- **UsageMedian** The median of hourly average CPU usage. +- **UsageTwoHourMaxMean** The mean of the maximum of every two hour of hourly average CPU usage. +- **UsageTwoHourMedianMean** The mean of the median of every two hour of hourly average CPU usage. + + +### Microsoft.Windows.Srum.Sdp.NetworkUsage + +This event provides information on network usage. + +The following fields are available: + +- **AdapterGuid** The unique ID of the adapter. +- **BytesTotalMax** The maximum of the hourly average bytes total. +- **BytesTotalMean** The mean of the hourly average bytes total. +- **BytesTotalMedian** The median of the hourly average bytes total. +- **BytesTotalTwoHourMaxMean** The mean of the maximum of every two hours of hourly average bytes total. +- **BytesTotalTwoHourMedianMean** The mean of the median of every two hour of hourly average bytes total. +- **LinkSpeed** The adapter link speed. + + +## Update events + +### Update360Telemetry.Revert + +This event sends data relating to the Revert phase of updating Windows. + +The following fields are available: + +- **ErrorCode** The error code returned for the Revert phase. +- **FlightId** Unique ID for the flight (test instance version). +- **ObjectId** The unique value for each Update Agent mode. +- **RebootRequired** Indicates reboot is required. +- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. +- **Result** The HResult of the event. +- **RevertResult** The result code returned for the Revert operation. +- **ScenarioId** The ID of the update scenario. +- **SessionId** The ID of the update attempt. +- **UpdateId** The ID of the update. + + +### Update360Telemetry.UpdateAgentCommit + +This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentDownloadRequest + +This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. + +The following fields are available: + +- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. +- **DownloadRequests** Number of times a download was retried. +- **ErrorCode** The error code returned for the current download request phase. +- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. +- **FlightId** Unique ID for each flight. +- **InternalFailureResult** Indicates a non-fatal error from a plugin. +- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). +- **PackageCategoriesSkipped** Indicates package categories that were skipped, if applicable. +- **PackageCountOptional** Number of optional packages requested. +- **PackageCountRequired** Number of required packages requested. +- **PackageCountTotal** Total number of packages needed. +- **PackageCountTotalCanonical** Total number of canonical packages. +- **PackageCountTotalDiff** Total number of diff packages. +- **PackageCountTotalExpress** Total number of express packages. +- **PackageExpressType** Type of express package. +- **PackageSizeCanonical** Size of canonical packages in bytes. +- **PackageSizeDiff** Size of diff packages in bytes. +- **PackageSizeExpress** Size of express packages in bytes. +- **RangeRequestState** Indicates the range request type used. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the download request phase of update. +- **SandboxTaggedForReserves** The sandbox for reserves. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases). +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentExpand + +This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ElapsedTickCount** Time taken for expand phase. +- **EndFreeSpace** Free space after expand phase. +- **EndSandboxSize** Sandbox size after expand phase. +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **StartFreeSpace** Free space before expand phase. +- **StartSandboxSize** Sandbox size after expand phase. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentFellBackToCanonical + +This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **PackageCount** Number of packages that feel back to canonical. +- **PackageList** PackageIds which fell back to canonical. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentInitialize + +This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **FlightMetadata** Contains the FlightId and the build being flighted. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentInstall + +This event sends data for the install phase of updating Windows. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. +- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). +- **InternalFailureResult** Indicates a non-fatal error from a plugin. +- **ObjectId** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** The result for the current install phase. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentMerge + +The UpdateAgentMerge event sends data on the merge phase when updating Windows. + +The following fields are available: + +- **ErrorCode** The error code returned for the current merge phase. +- **FlightId** Unique ID for each flight. +- **MergeId** The unique ID to join two update sessions being merged. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Related correlation vector value. +- **Result** Outcome of the merge phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentMitigationResult + +This event sends data indicating the result of each update agent mitigation. + +The following fields are available: + +- **Applicable** Indicates whether the mitigation is applicable for the current update. +- **CommandCount** The number of command operations in the mitigation entry. +- **CustomCount** The number of custom operations in the mitigation entry. +- **FileCount** The number of file operations in the mitigation entry. +- **FlightId** Unique identifier for each flight. +- **Index** The mitigation index of this particular mitigation. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **Name** The friendly name of the mitigation. +- **ObjectId** Unique value for each Update Agent mode. +- **OperationIndex** The mitigation operation index (in the event of a failure). +- **OperationName** The friendly name of the mitigation operation (in the event of failure). +- **RegistryCount** The number of registry operations in the mitigation entry. +- **RelatedCV** The correlation vector value generated from the latest USO scan. +- **Result** The HResult of this operation. +- **ScenarioId** The update agent scenario ID. +- **SessionId** Unique value for each update attempt. +- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments). +- **UpdateId** Unique ID for each Update. + + +### Update360Telemetry.UpdateAgentMitigationSummary + +This event sends a summary of all the update agent mitigations available for an this update. + +The following fields are available: + +- **Applicable** The count of mitigations that were applicable to the system and scenario. +- **Failed** The count of mitigations that failed. +- **FlightId** Unique identifier for each flight. +- **MitigationScenario** The update scenario in which the mitigations were attempted. +- **ObjectId** The unique value for each Update Agent mode. +- **RelatedCV** The correlation vector value generated from the latest USO scan. +- **Result** The HResult of this operation. +- **ScenarioId** The update agent scenario ID. +- **SessionId** Unique value for each update attempt. +- **TimeDiff** The amount of time spent performing all mitigations (in 100-nanosecond increments). +- **Total** Total number of mitigations that were available. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentModeStart + +This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. + +The following fields are available: + +- **FlightId** Unique ID for each flight. +- **Mode** Indicates the mode that has started. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. +- **Version** Version of update + + +### Update360Telemetry.UpdateAgentOneSettings + +This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **Count** The count of applicable OneSettings for the device. +- **FlightId** Unique ID for the flight (test instance version). +- **ObjectId** The unique value for each Update Agent mode. +- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings. +- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. +- **Result** The HResult of the event. +- **ScenarioId** The ID of the update scenario. +- **SessionId** The ID of the update attempt. +- **UpdateId** The ID of the update. +- **Values** The values sent back to the device, if applicable. + + +### Update360Telemetry.UpdateAgentPostRebootResult + +This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. + +The following fields are available: + +- **ErrorCode** The error code returned for the current post reboot phase. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **ObjectId** Unique value for each Update Agent mode. +- **PostRebootResult** Indicates the Hresult. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentReboot + +This event sends information indicating that a request has been sent to suspend an update. + +The following fields are available: + +- **ErrorCode** The error code returned for the current reboot. +- **FlightId** Unique ID for the flight (test instance version). +- **ObjectId** The unique value for each Update Agent mode. +- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. +- **Result** The HResult of the event. +- **ScenarioId** The ID of the update scenario. +- **SessionId** The ID of the update attempt. +- **UpdateId** The ID of the update. + + +### Update360Telemetry.UpdateAgentSetupBoxLaunch + +The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. + +The following fields are available: + +- **ContainsExpressPackage** Indicates whether the download package is express. +- **FlightId** Unique ID for each flight. +- **FreeSpace** Free space on OS partition. +- **InstallCount** Number of install attempts using the same sandbox. +- **ObjectId** Unique value for each Update Agent mode. +- **Quiet** Indicates whether setup is running in quiet mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **SandboxSize** Size of the sandbox. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **SetupMode** Mode of setup to be launched. +- **UpdateId** Unique ID for each Update. +- **UserSession** Indicates whether install was invoked by user actions. + + +## Update notification events + +### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat + +This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Currently campaign that is running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** Current catalog version of UNP. +- **ContentVersion** Content version for the current campaign on UNP. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **PackageVersion** Current UNP package version. + + +## Upgrade events + +### FacilitatorTelemetry.DCATDownload + +This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **DownloadSize** Download size of payload. +- **ElapsedTime** Time taken to download payload. +- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for the upgrade. +- **ResultCode** Result returned by the Facilitator DCAT call. +- **Scenario** Dynamic update scenario (Image DU, or Setup DU). +- **Type** Type of package that was downloaded. +- **UpdateId** The ID of the update that was downloaded. + + +### FacilitatorTelemetry.DUDownload + +This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. + +The following fields are available: + +- **DownloadRequestAttributes** The attributes sent for download. +- **PackageCategoriesFailed** Lists the categories of packages that failed to download. +- **PackageCategoriesSkipped** Lists the categories of package downloads that were skipped. +- **ResultCode** The result of the event execution. +- **Scenario** Identifies the active Download scenario. +- **Url** The URL the download request was sent to. +- **Version** Identifies the version of Facilitator used. + + +### FacilitatorTelemetry.InitializeDU + +This event determines whether devices received additional or critical supplemental content during an OS upgrade. + +The following fields are available: + +- **DCATUrl** The Delivery Catalog (DCAT) URL we send the request to. +- **DownloadRequestAttributes** The attributes we send to DCAT. +- **ResultCode** The result returned from the initiation of Facilitator with the URL/attributes. +- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). +- **Url** The Delivery Catalog (DCAT) URL we send the request to. +- **Version** Version of Facilitator. + + +### Setup360Telemetry.Downlevel + +This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the downlevel OS. +- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** More detailed information about phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback). +- **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors). +- **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT). +- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). +- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** An ID that uniquely identifies a group of events. +- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. + + +### Setup360Telemetry.Finalize + +This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** More detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** ID that uniquely identifies a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. + + +### Setup360Telemetry.OsUninstall + +This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. + +The following fields are available: + +- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** ID that uniquely identifies a group of events. +- **WuId** Windows Update client ID. + + +### Setup360Telemetry.PostRebootInstall + +This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date. + +The following fields are available: + +- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId. + + +### Setup360Telemetry.PreDownloadQuiet + +This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **TestId** ID that uniquely identifies a group of events. +- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. + + +### Setup360Telemetry.PreDownloadUX + +This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process. + +The following fields are available: + +- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous operating system. +- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). +- **InstanceId** Unique GUID that identifies each instance of setuphost.exe. +- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). +- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** ID that uniquely identifies a group of events. +- **WuId** Windows Update client ID. + + +### Setup360Telemetry.PreInstallQuiet + +This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. +- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT). +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. + + +### Setup360Telemetry.PreInstallUX + +This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process. + +The following fields are available: + +- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** A string to uniquely identify a group of events. +- **WuId** Windows Update client ID. + + +### Setup360Telemetry.Setup360 + +This event sends data about OS deployment scenarios, to help keep Windows up-to-date. + +The following fields are available: + +- **ClientId** Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FieldName** Retrieves the data point. +- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. +- **InstanceId** Retrieves a unique identifier for each instance of a setup session. +- **ReportId** Retrieves the report ID. +- **ScenarioId** Retrieves the deployment scenario. +- **Value** Retrieves the value associated with the corresponding FieldName. + + +### Setup360Telemetry.Setup360DynamicUpdate + +This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date. + +The following fields are available: + +- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. +- **InstanceId** Retrieves a unique identifier for each instance of a setup session. +- **Operation** Facilitator’s last known operation (scan, download, etc.). +- **ReportId** ID for tying together events stream side. +- **ResultCode** Result returned for the entire setup operation. +- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). +- **ScenarioId** Identifies the update scenario. +- **TargetBranch** Branch of the target OS. +- **TargetBuild** Build of the target OS. + + +### Setup360Telemetry.Setup360MitigationResult + +This event sends data indicating the result of each setup mitigation. + +The following fields are available: + +- **Applicable** TRUE if the mitigation is applicable for the current update. +- **ClientId** In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **CommandCount** The number of command operations in the mitigation entry. +- **CustomCount** The number of custom operations in the mitigation entry. +- **FileCount** The number of file operations in the mitigation entry. +- **FlightData** The unique identifier for each flight (test release). +- **Index** The mitigation index of this particular mitigation. +- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **Name** The friendly (descriptive) name of the mitigation. +- **OperationIndex** The mitigation operation index (in the event of a failure). +- **OperationName** The friendly (descriptive) name of the mitigation operation (in the event of failure). +- **RegistryCount** The number of registry operations in the mitigation entry. +- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM. +- **Result** HResult of this operation. +- **ScenarioId** Setup360 flow type. +- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments). + + +### Setup360Telemetry.Setup360MitigationSummary + +This event sends a summary of all the setup mitigations available for this update. + +The following fields are available: + +- **Applicable** The count of mitigations that were applicable to the system and scenario. +- **ClientId** The Windows Update client ID passed to Setup. +- **Failed** The count of mitigations that failed. +- **FlightData** The unique identifier for each flight (test release). +- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE. +- **MitigationScenario** The update scenario in which the mitigations were attempted. +- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM. +- **Result** HResult of this operation. +- **ScenarioId** Setup360 flow type. +- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments). +- **Total** The total number of mitigations that were available. + + +### Setup360Telemetry.Setup360OneSettings + +This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ClientId** The Windows Update client ID passed to Setup. +- **Count** The count of applicable OneSettings for the device. +- **FlightData** The ID for the flight (test instance version). +- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe. +- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings. +- **ReportId** The Update ID passed to Setup. +- **Result** The HResult of the event error. +- **ScenarioId** The update scenario ID. +- **Values** Values sent back to the device, if applicable. + + +### Setup360Telemetry.UnexpectedEvent + +This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. + + +## Windows as a Service diagnostic events + +### Microsoft.Windows.WaaSMedic.SummaryEvent + +Result of the WaaSMedic operation. + +The following fields are available: + +- **callerApplication** The name of the calling application. +- **detectionSummary** Result of each applicable detection that was run. +- **featureAssessmentImpact** WaaS Assessment impact for feature updates. +- **hrEngineResult** Error code from the engine operation. +- **insufficientSessions** Device not eligible for diagnostics. +- **isInteractiveMode** The user started a run of WaaSMedic. +- **isManaged** Device is managed for updates. +- **isWUConnected** Device is connected to Windows Update. +- **noMoreActions** No more applicable diagnostics. +- **qualityAssessmentImpact** WaaS Assessment impact for quality updates. +- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on. +- **usingBackupFeatureAssessment** Relying on backup feature assessment. +- **usingBackupQualityAssessment** Relying on backup quality assessment. +- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. +- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. +- **versionString** Version of the WaaSMedic engine. +- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter. + + +## Windows Error Reporting events + +### Microsoft.Windows.WERVertical.OSCrash + +This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. + +The following fields are available: + +- **BootId** Uint32 identifying the boot number for this device. +- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check. +- **BugCheckParameter1** Uint64 parameter providing additional information. +- **BugCheckParameter2** Uint64 parameter providing additional information. +- **BugCheckParameter3** Uint64 parameter providing additional information. +- **BugCheckParameter4** Uint64 parameter providing additional information. +- **DumpFileAttributes** Codes that identify the type of data contained in the dump file +- **DumpFileSize** Size of the dump file +- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise +- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). + + +## Windows Error Reporting MTT events + +### Microsoft.Windows.WER.MTT.Denominator + +This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date. + +The following fields are available: + +- **DPRange** Maximum mean value range. +- **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate the mean. +- **Value** Standard UTC emitted DP value structure See [Value](#value). + + +### Value + +This event returns data about Mean Time to Failure (MTTF) for Windows devices. It is the primary means of estimating reliability problems in Basic Diagnostic reporting with very strong privacy guarantees. Since Basic Diagnostic reporting does not include system up-time, and since that information is important to ensuring the safe and stable operation of Windows, the data provided by this event provides that data in a manner which does not threaten a user’s privacy. + +The following fields are available: + +- **Algorithm** The algorithm used to preserve privacy. +- **DPRange** The upper bound of the range being measured. +- **DPValue** The randomized response returned by the client. +- **Epsilon** The level of privacy to be applied. +- **HistType** The histogram type if the algorithm is a histogram algorithm. +- **PertProb** The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”. + + +## Microsoft Store events + +### Microsoft.Windows.Store.StoreActivating + +This event sends tracking data about when the Store app activation via protocol URI is in progress, to help keep Windows up to date. + + + +### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation + +This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** Number of retry attempts before it was canceled. +- **BundleId** The Item Bundle ID. +- **CategoryId** The Item Category ID. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed before this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Was this requested by a user? +- **IsMandatory** Was this a mandatory update? +- **IsRemediation** Was this a remediation install? +- **IsRestore** Is this automatically restoring a previously acquired product? +- **IsUpdate** Flag indicating if this is an update. +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The product family name of the product being installed. +- **ProductId** The identity of the package or packages being installed. +- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled. +- **UserAttemptNumber** The total number of user attempts at installation before it was canceled. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds + +This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure. + + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare + +This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure. + + + +### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation + +This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all package or packages to be downloaded and installed. +- **AttemptNumber** Total number of installation attempts. +- **BundleId** The identity of the Windows Insider build that is associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Was this requested by a user? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this an automatic restore of a previously acquired product? +- **IsUpdate** Is this a product update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of all packages to be downloaded and installed. +- **PreviousHResult** The previous HResult code. +- **PreviousInstallState** Previous installation state before it was canceled. +- **ProductId** The name of the package or packages requested for installation. +- **RelatedCV** Correlation Vector of a previous performed action on this product. +- **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled. +- **UserAttemptNumber** Total number of user attempts to install before it was canceled. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest + +This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The Store Product ID of the app being installed. +- **HResult** HResult code of the action being performed. +- **IsBundle** Is this a bundle? +- **PackageFamilyName** The name of the package being installed. +- **ProductId** The Store Product ID of the product being installed. +- **SkuId** Specific edition of the item being installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense + +This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. +- **AttemptNumber** The total number of attempts to acquire this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** HResult code to show the result of the operation (success/failure). +- **IsBundle** Is this a bundle? +- **IsInteractive** Did the user initiate the installation? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this happening after a device restore? +- **IsUpdate** Is this an update? +- **PFN** Product Family Name of the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The number of attempts by the system to acquire this product. +- **UserAttemptNumber** The number of attempts by the user to acquire this product +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndDownload + +This event is sent after an app is downloaded to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. +- **AttemptNumber** Number of retry attempts before it was canceled. +- **BundleId** The identity of the Windows Insider build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **DownloadSize** The total size of the download. +- **ExtendedHResult** Any extended HResult error codes. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this initiated by the user? +- **IsMandatory** Is this a mandatory installation? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this a restore of a previously acquired product? +- **IsUpdate** Is this an update? +- **ParentBundleId** The parent bundle ID (if it's part of a bundle). +- **PFN** The Product Family Name of the app being download. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The number of attempts by the system to download. +- **UserAttemptNumber** The number of attempts by the user to download. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate + +This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **HResult** The result code of the last action performed before this operation. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds + +This event is sent after sending the inventory of the products installed to determine whether updates for those products are available. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **HResult** The result code of the last action performed before this operation. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndInstall + +This event is sent after a product has been installed to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **ExtendedHResult** The extended HResult error code. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this an interactive installation? +- **IsMandatory** Is this a mandatory installation? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this automatically restoring a previously acquired product? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** Product Family Name of the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates + +This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsApplicability** Is this request to only check if there are any applicable packages to install? +- **IsInteractive** Is this user requested? +- **IsOnline** Is the request doing an online check? + + +### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages + +This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData + +This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of system attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare + +This event is sent after a scan for available app updates to help keep Windows up-to-date and secure. + +The following fields are available: + +- **HResult** The result code of the last action performed. + + +### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete + +This event is sent at the end of an app install or update to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The name of the product catalog from which this app was chosen. +- **FailedRetry** Indicates whether the installation or update retry was successful. +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate + +This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The name of the product catalog from which this app was chosen. +- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. +- **ProductId** The product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest + +This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **BundleId** The identity of the build associated with this product. +- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SkuId** Specific edition ID being installed. +- **VolumePath** The disk path of the installation. + + +### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation + +This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The Product Full Name. +- **PreviousHResult** The result code of the last action performed before this operation. +- **PreviousInstallState** Previous state before the installation or update was paused. +- **ProductId** The Store Product ID for the product being installed. +- **RelatedCV** Correlation Vector of a previous performed action on this product. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation + +This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed before this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **IsUserRetry** Did the user initiate the retry? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **PreviousHResult** The previous HResult error code. +- **PreviousInstallState** Previous state before the installation was paused. +- **ProductId** The Store Product ID for the product being installed. +- **RelatedCV** Correlation Vector for the original install before it was resumed. +- **ResumeClientId** The ID of the app that initiated the resume operation. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest + +This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ProductId** The Store Product ID for the product being installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest + +This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The Store Catalog ID for the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SkuId** Specfic edition of the app being updated. + + +### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest + +This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **PFamN** The name of the app that is requested for update. + + +## Windows System Kit events + +### Microsoft.Windows.Kits.WSK.WskImageCreate + +This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate “image” creation failures. + +The following fields are available: + +- **Phase** The image creation phase. Values are “Start” or “End”. +- **WskVersion** The version of the Windows System Kit being used. + + +### Microsoft.Windows.Kits.WSK.WskImageCustomization + +This event sends simple Product and Service usage data when a user is using the Windows System Kit to create/modify configuration files allowing the customization of a new OS image with Apps or Drivers. The data includes the version of the Windows System Kit, the state of the event, the customization type (drivers or apps) and the mode (new or updating) and is used to help investigate configuration file creation failures. + +The following fields are available: + +- **CustomizationMode** Indicates the mode of the customization (new or updating). +- **CustomizationType** Indicates the type of customization (drivers or apps). +- **Mode** The mode of update to image configuration files. Values are “New” or “Update”. +- **Phase** The image creation phase. Values are “Start” or “End”. +- **Type** The type of update to image configuration files. Values are “Apps” or “Drivers”. +- **WskVersion** The version of the Windows System Kit being used. + + +### Microsoft.Windows.Kits.WSK.WskWorkspaceCreate + +This event sends simple Product and Service usage data when a user is using the Windows System Kit to create new workspace for generating OS “images”. The data includes the version of the Windows System Kit and the state of the event and is used to help investigate workspace creation failures. + +The following fields are available: + +- **Architecture** The OS architecture that the workspace will target. Values are one of: “AMD64”, “ARM64”, “x86”, or “ARM”. +- **OsEdition** The Operating System Edition that the workspace will target. +- **Phase** The image creation phase. Values are “Start” or “End”. +- **WorkspaceArchitecture** The operating system architecture that the workspace will target. +- **WorkspaceOsEdition** The operating system edition that the workspace will target. +- **WskVersion** The version of the Windows System Kit being used. + + +## Windows Update Delivery Optimization events + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled + +This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. + +The following fields are available: + +- **background** Is the download being done in the background? +- **bytesFromCacheServer** Bytes received from a cache host. +- **bytesFromCDN** The number of bytes received from a CDN source. +- **bytesFromGroupPeers** The number of bytes received from a peer in the same group. +- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group. +- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. +- **bytesFromPeers** The number of bytes received from a peer in the same LAN. +- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. +- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. +- **cdnIp** The IP Address of the source CDN (Content Delivery Network). +- **cdnUrl** The URL of the source CDN (Content Delivery Network). +- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. +- **errorCode** The error code that was returned. +- **experimentId** When running a test, this is used to correlate events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **gCurMemoryStreamBytes** Current usage for memory streaming. +- **gMaxMemoryStreamBytes** Maximum usage for memory streaming. +- **isVpn** Indicates whether the device is connected to a VPN (Virtual Private Network). +- **jobID** Identifier for the Windows Update job. +- **predefinedCallerName** The name of the API Caller. +- **reasonCode** Reason the action or event occurred. +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the file download session. +- **updateID** The ID of the update being downloaded. +- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted + +This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. + +The following fields are available: + +- **background** Is the download a background download? +- **bytesFromCacheServer** Bytes received from a cache host. +- **bytesFromCDN** The number of bytes received from a CDN source. +- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group. +- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group. +- **bytesFromLinkLocalPeers** The number of bytes received from local peers. +- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. +- **bytesFromPeers** The number of bytes received from a peer in the same LAN. +- **bytesRequested** The total number of bytes requested for download. +- **cacheServerConnectionCount** Number of connections made to cache hosts. +- **cdnConnectionCount** The total number of connections made to the CDN. +- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. +- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. +- **cdnIp** The IP address of the source CDN. +- **cdnUrl** Url of the source Content Distribution Network (CDN). +- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. +- **doErrorCode** The Delivery Optimization error code that was returned. +- **downlinkBps** The maximum measured available download bandwidth (in bytes per second). +- **downlinkUsageBps** The download speed (in bytes per second). +- **downloadMode** The download mode used for this file download session. +- **downloadModeReason** Reason for the download. +- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **fileSize** The size of the file being downloaded. +- **gCurMemoryStreamBytes** Current usage for memory streaming. +- **gMaxMemoryStreamBytes** Maximum usage for memory streaming. +- **groupConnectionCount** The total number of connections made to peers in the same group. +- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. +- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **lanConnectionCount** The total number of connections made to peers in the same LAN. +- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network. +- **numPeers** The total number of peers used for this download. +- **numPeersLocal** The total number of local peers used for this download. +- **predefinedCallerName** The name of the API Caller. +- **restrictedUpload** Is the upload restricted? +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the download session. +- **totalTimeMs** Duration of the download (in seconds). +- **updateID** The ID of the update being downloaded. +- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second). +- **uplinkUsageBps** The upload speed (in bytes per second). +- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused + +This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. + +The following fields are available: + +- **background** Is the download a background download? +- **cdnUrl** The URL of the source CDN (Content Delivery Network). +- **errorCode** The error code that was returned. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being paused. +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **predefinedCallerName** The name of the API Caller object. +- **reasonCode** The reason for pausing the download. +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the download session. +- **updateID** The ID of the update being paused. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted + +This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. + +The following fields are available: + +- **background** Indicates whether the download is happening in the background. +- **bytesRequested** Number of bytes requested for the download. +- **cdnUrl** The URL of the source Content Distribution Network (CDN). +- **costFlags** A set of flags representing network cost. +- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). +- **diceRoll** Random number used for determining if a client will use peering. +- **doClientVersion** The version of the Delivery Optimization client. +- **doErrorCode** The Delivery Optimization error code that was returned. +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadModeReason** Reason for the download. +- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). +- **errorCode** The error code that was returned. +- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. +- **fileID** The ID of the file being downloaded. +- **filePath** The path to where the downloaded file will be written. +- **fileSize** Total file size of the file that was downloaded. +- **fileSizeCaller** Value for total file size provided by our caller. +- **groupID** ID for the group. +- **isEncrypted** Indicates whether the download is encrypted. +- **isVpn** Indicates whether the device is connected to a Virtual Private Network. +- **jobID** The ID of the Windows Update job. +- **peerID** The ID for this delivery optimization client. +- **predefinedCallerName** Name of the API caller. +- **routeToCacheServer** Cache server setting, source, and value. +- **sessionID** The ID for the file download session. +- **setConfigs** A JSON representation of the configurations that have been set, and their sources. +- **updateID** The ID of the update being downloaded. +- **usedMemoryStream** Indicates whether the download used memory streaming. + + +### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication + +This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. + +The following fields are available: + +- **cdnHeaders** The HTTP headers returned by the CDN. +- **cdnIp** The IP address of the CDN. +- **cdnUrl** The URL of the CDN. +- **errorCode** The error code that was returned. +- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **httpStatusCode** The HTTP status code returned by the CDN. +- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET +- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.). +- **requestOffset** The byte offset within the file in the sent request. +- **requestSize** The size of the range requested from the CDN. +- **responseSize** The size of the range response received from the CDN. +- **sessionID** The ID of the download session. + + +### Microsoft.OSG.DU.DeliveryOptClient.JobError + +This event represents a Windows Update job error. It allows for investigation of top errors. + +The following fields are available: + +- **cdnIp** The IP Address of the source CDN (Content Delivery Network). +- **doErrorCode** Error code returned for delivery optimization. +- **errorCode** The error code returned. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **jobID** The Windows Update job ID. + + +## Windows Update events + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary + +This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **activated** Whether the entire device manifest update is considered activated and in use. +- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis. +- **flightId** Unique ID for each flight. +- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system. +- **missingUpdateCount** The number of updates in the device manifest that are missing from the system. +- **objectId** Unique value for each diagnostics session. +- **publishedCount** The number of drivers packages delivered by the device manifest that are published and available to be used on devices. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **scenarioId** Indicates the update scenario. +- **sessionId** Unique value for each update session. +- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. +- **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. +- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string. +- **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. +- **updateId** The unique ID for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit + +This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **objectId** The unique GUID for each diagnostics session. +- **relatedCV** A correlation vector value generated from the latest USO scan. +- **result** Outcome of the initialization of the session. +- **scenarioId** Identifies the Update scenario. +- **sessionId** The unique value for each update session. +- **updateId** The unique identifier for each Update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest + +This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted. +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **objectId** Unique value for each Update Agent mode. +- **packageCountOptional** Number of optional packages requested. +- **packageCountRequired** Number of required packages requested. +- **packageCountTotal** Total number of packages needed. +- **packageCountTotalCanonical** Total number of canonical packages. +- **packageCountTotalDiff** Total number of diff packages. +- **packageCountTotalExpress** Total number of express packages. +- **packageSizeCanonical** Size of canonical packages in bytes. +- **packageSizeDiff** Size of diff packages in bytes. +- **packageSizeExpress** Size of express packages in bytes. +- **rangeRequestState** Represents the state of the download range request. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the download request phase of update. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize + +This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **flightMetadata** Contains the FlightId and the build being flighted. +- **objectId** Unique value for each Update Agent mode. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall + +This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **errorCode** The error code returned for the current install phase. +- **flightId** The unique identifier for each flight (pre-release builds). +- **objectId** The unique identifier for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest scan. +- **result** Outcome of the install phase of the update. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate +- **sessionId** The unique identifier for each update session. +- **updateId** The unique identifier for each Update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart + +This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **flightId** The unique identifier for each flight (pre-release builds). +- **mode** Indicates the active Update Agent mode. +- **objectId** Unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest scan. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionId** The unique identifier for each update session. +- **updateId** The unique identifier for each Update. + + +### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed + +This event indicates that a notification dialog box is about to be displayed to user. + +The following fields are available: + +- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode. +- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown. +- **DaysSinceRebootRequired** Number of days since restart was required. +- **DeviceLocalTime** The local time on the device sending the event. +- **EngagedModeLimit** The number of days to switch between DTE dialog boxes. +- **EnterAutoModeLimit** The maximum number of days for a device to enter Auto Reboot mode. +- **ETag** OneSettings versioning value. +- **IsForcedEnabled** Indicates whether Forced Reboot mode is enabled for this device. +- **IsUltimateForcedEnabled** Indicates whether Ultimate Forced Reboot mode is enabled for this device. +- **NotificationUxState** Indicates which dialog box is shown. +- **NotificationUxStateString** Indicates which dialog box is shown. +- **RebootUxState** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced). +- **RebootUxStateString** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced). +- **RebootVersion** Version of DTE. +- **SkipToAutoModeLimit** The minimum length of time to pass in restart pending before a device can be put into auto mode. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UtcTime** The time the dialog box notification will be displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog + +This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. + +The following fields are available: + +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose on this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog + +This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed.. + +The following fields are available: + +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog + +This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. + +The following fields are available: + +- **DeviceLocalTime** The local time of the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog + +This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed. + +The following fields are available: + +- **DeviceLocalTime** Time the dialog box was shown on the local device. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose in this dialog box. +- **UtcTime** The time that dialog box was displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog + +This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed. + +The following fields are available: + +- **DeviceLocalTime** The time at which the reboot reminder dialog was shown (based on the local device time settings). +- **ETag** The OneSettings versioning value. +- **ExitCode** Indicates how users exited the reboot reminder dialog box. +- **RebootVersion** The version of the DTE (Direct-to-Engaged). +- **UpdateId** The ID of the update that is waiting for reboot to finish installation. +- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation. +- **UserResponseString** The option chosen by the user on the reboot dialog box. +- **UtcTime** The time at which the reboot reminder dialog was shown (in UTC). + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast + +This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed. + +The following fields are available: + +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the pop-up banner. +- **RebootVersion** The version of the reboot logic. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in the pop-up banner. +- **UtcTime** The time that the pop-up banner was displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.RebootScheduled + +Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. + +The following fields are available: + +- **activeHoursApplicable** Indicates whether an Active Hours policy is present on the device. +- **IsEnhancedEngagedReboot** Indicates whether this is an Enhanced Engaged reboot. +- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. +- **rebootOutsideOfActiveHours** Indicates whether a restart is scheduled outside of active hours. +- **rebootScheduledByUser** Indicates whether the restart was scheduled by user (if not, it was scheduled automatically). +- **rebootState** The current state of the restart. +- **rebootUsingSmartScheduler** Indicates whether the reboot is scheduled by smart scheduler. +- **revisionNumber** Revision number of the update that is getting installed with this restart. +- **scheduledRebootTime** Time of the scheduled restart. +- **scheduledRebootTimeInUTC** Time of the scheduled restart in Coordinated Universal Time. +- **updateId** ID of the update that is getting installed with this restart. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy + +This event indicates a policy is present that may restrict update activity to outside of active hours. + +The following fields are available: + +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours + +This event indicates that update activity was blocked because it is within the active hours window. + +The following fields are available: + +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **updatePhase** The current state of the update process. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel + +This event indicates that Windows Update activity was blocked due to low battery level. + +The following fields are available: + +- **batteryLevel** The current battery charge capacity. +- **batteryLevelThreshold** The battery capacity threshold to stop update activity. +- **updatePhase** The current state of the update process. +- **wuDeviceid** Device ID. + + +### Microsoft.Windows.Update.Orchestrator.DeferRestart + +This event indicates that a restart required for installing updates was postponed. + +The following fields are available: + +- **displayNeededReason** List of reasons for needing display. +- **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). +- **gameModeReason** Name of the executable that caused the game mode state check to start. +- **ignoredReason** List of reasons that were intentionally ignored. +- **IgnoreReasonsForRestart** List of reasons why restart was deferred. +- **revisionNumber** Update ID revision number. +- **systemNeededReason** List of reasons why system is needed. +- **updateId** Update ID. +- **updateScenarioType** Update session type. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.Detection + +This event indicates that a scan for a Windows Update occurred. + +The following fields are available: + +- **deferReason** The reason why the device could not check for updates. +- **detectionBlockingPolicy** The Policy that blocked detection. +- **detectionBlockreason** The reason detection did not complete. +- **detectionRetryMode** Indicates whether we will try to scan again. +- **errorCode** The error code returned for the current process. +- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. +- **interactive** Indicates whether the user initiated the session. +- **networkStatus** Indicates if the device is connected to the internet. +- **revisionNumber** The Update revision number. +- **scanTriggerSource** The source of the triggered scan. +- **updateId** The unique identifier of the Update. +- **updateScenarioType** Identifies the type of update session being performed. +- **wuDeviceid** The unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.DisplayNeeded + +This event indicates the reboot was postponed due to needing a display. + +The following fields are available: + +- **displayNeededReason** Reason the display is needed. +- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. +- **revisionNumber** Revision number of the update. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. +- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue + + +### Microsoft.Windows.Update.Orchestrator.Download + +This event sends launch data for a Windows Update download to help keep Windows up to date. + +The following fields are available: + +- **deferReason** Reason for download not completing. +- **errorCode** An error code represented as a hexadecimal value. +- **eventScenario** End-to-end update session ID. +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **interactive** Indicates whether the session is user initiated. +- **revisionNumber** Update revision number. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit + +This event indicates that DTU completed installation of the electronic software delivery (ESD), when Windows Update was already in Pending Commit phase of the feature update. + +The following fields are available: + +- **wuDeviceid** Device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.DTUEnabled + +This event indicates that Inbox DTU functionality was enabled. + +The following fields are available: + +- **wuDeviceid** Device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.DTUInitiated + +This event indicates that Inbox DTU functionality was intiated. + +The following fields are available: + +- **dtuErrorCode** Return code from creating the DTU Com Server. +- **isDtuApplicable** Determination of whether DTU is applicable to the machine it is running on. +- **wuDeviceid** Device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels + +This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date. + +The following fields are available: + +- **configVersion** The escalation configuration version on the device. +- **downloadElapsedTime** Indicates how long since the download is required on device. +- **downloadRiskLevel** At-risk level of download phase. +- **installElapsedTime** Indicates how long since the install is required on device. +- **installRiskLevel** The at-risk level of install phase. +- **isSediment** Assessment of whether is device is at risk. +- **scanElapsedTime** Indicates how long since the scan is required on device. +- **scanRiskLevel** At-risk level of the scan phase. +- **wuDeviceid** Device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask + +This event indicated that USO failed to add a trigger time to a task. + +The following fields are available: + +- **errorCode** The Windows Update error code. +- **wuDeviceid** The Windows Update device ID. + + +### Microsoft.Windows.Update.Orchestrator.FlightInapplicable + +This event indicates that the update is no longer applicable to this device. + +The following fields are available: + +- **EventPublishedTime** Time when this event was generated. +- **flightID** The specific ID of the Windows Insider build. +- **inapplicableReason** The reason why the update is inapplicable. +- **revisionNumber** Update revision number. +- **updateId** Unique Windows Update ID. +- **updateScenarioType** Update session type. +- **UpdateStatus** Last status of update. +- **UUPFallBackConfigured** Indicates whether UUP fallback is configured. +- **wuDeviceid** Unique Device ID. + + +### Microsoft.Windows.Update.Orchestrator.InitiatingReboot + +This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows up to date. + +The following fields are available: + +- **EventPublishedTime** Time of the event. +- **flightID** Unique update ID +- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action. +- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. +- **revisionNumber** Revision number of the update. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.Install + +This event sends launch data for a Windows Update install to help keep Windows up to date. + +The following fields are available: + +- **batteryLevel** Current battery capacity in mWh or percentage left. +- **deferReason** Reason for install not completing. +- **errorCode** The error code reppresented by a hexadecimal value. +- **eventScenario** End-to-end update session ID. +- **flightID** The ID of the Windows Insider build the device is getting. +- **flightUpdate** Indicates whether the update is a Windows Insider build. +- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. +- **IgnoreReasonsForRestart** The reason(s) a Postpone Restart command was ignored. +- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. +- **installRebootinitiatetime** The time it took for a reboot to be attempted. +- **interactive** Identifies if session is user initiated. +- **minutesToCommit** The time it took to install updates. +- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours. +- **revisionNumber** Update revision number. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.LowUptimes + +This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure. + +The following fields are available: + +- **availableHistoryMinutes** The number of minutes available from the local machine activity history. +- **isLowUptimeMachine** Is the machine considered low uptime or not. +- **lowUptimeMinHours** Current setting for the minimum number of hours needed to not be considered low uptime. +- **lowUptimeQueryDays** Current setting for the number of recent days to check for uptime. +- **uptimeMinutes** Number of minutes of uptime measured. +- **wuDeviceid** Unique device ID for Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection + +This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date. + +The following fields are available: + +- **externalOneshotupdate** The last time a task-triggered scan was completed. +- **interactiveOneshotupdate** The last time an interactive scan was completed. +- **oldlastscanOneshotupdate** The last time a scan completed successfully. +- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID). + + +### Microsoft.Windows.Update.Orchestrator.PreShutdownStart + +This event is generated before the shutdown and commit operations. + +The following fields are available: + +- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. + + +### Microsoft.Windows.Update.Orchestrator.RebootFailed + +This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date. + +The following fields are available: + +- **batteryLevel** Current battery capacity in mWh or percentage left. +- **deferReason** Reason for install not completing. +- **EventPublishedTime** The time that the reboot failure occurred. +- **flightID** Unique update ID. +- **rebootOutsideOfActiveHours** Indicates whether a reboot was scheduled outside of active hours. +- **RebootResults** Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code. +- **revisionNumber** Update revision number. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.RefreshSettings + +This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date. + +The following fields are available: + +- **errorCode** Hex code for the error message, to allow lookup of the specific error. +- **settingsDownloadTime** Timestamp of the last attempt to acquire settings. +- **settingsETag** Version identifier for the settings. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask + +This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date. + +The following fields are available: + +- **RebootTaskMissedTimeUTC** The time when the reboot task was scheduled to run, but did not. +- **RebootTaskNextTimeUTC** The time when the reboot task was rescheduled for. +- **RebootTaskRestoredTime** Time at which this reboot task was restored. +- **wuDeviceid** Device ID for the device on which the reboot is restored. + + +### Microsoft.Windows.Update.Orchestrator.ScanTriggered + +This event indicates that Update Orchestrator has started a scan operation. + +The following fields are available: + +- **errorCode** The error code returned for the current scan operation. +- **eventScenario** Indicates the purpose of sending this event. +- **interactive** Indicates whether the scan is interactive. +- **isDTUEnabled** Indicates whether DTU (internal abbreviation for Direct Feature Update) channel is enabled on the client system. +- **isScanPastSla** Indicates whether the SLA has elapsed for scanning. +- **isScanPastTriggerSla** Indicates whether the SLA has elapsed for triggering a scan. +- **minutesOverScanSla** Indicates how many minutes the scan exceeded the scan SLA. +- **minutesOverScanTriggerSla** Indicates how many minutes the scan exceeded the scan trigger SLA. +- **scanTriggerSource** Indicates what caused the scan. +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.StickUpdate + +This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update. + +The following fields are available: + +- **updateId** Identifier associated with the specific piece of content. +- **wuDeviceid** Unique device ID controlled by the software distribution client. + + +### Microsoft.Windows.Update.Orchestrator.SystemNeeded + +This event sends data about why a device is unable to reboot, to help keep Windows up to date. + +The following fields are available: + +- **eventScenario** End-to-end update session ID. +- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours. +- **revisionNumber** Update revision number. +- **systemNeededReason** List of apps or tasks that are preventing the system from restarting. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours + +This event indicates that update activity was stopped due to active hours starting. + +The following fields are available: + +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **updatePhase** The current state of the update process. +- **wuDeviceid** The device identifier. + + +### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel + +This event is sent when update activity was stopped due to a low battery level. + +The following fields are available: + +- **batteryLevel** The current battery charge capacity. +- **batteryLevelThreshold** The battery capacity threshold to stop update activity. +- **updatePhase** The current state of the update process. +- **wuDeviceid** The device identifier. + + +### Microsoft.Windows.Update.Orchestrator.UnstickUpdate + +This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update. + +The following fields are available: + +- **updateId** Identifier associated with the specific piece of content. +- **wuDeviceid** Unique device ID controlled by the software distribution client. + + +### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh + +This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date. + +The following fields are available: + +- **configuredPoliciescount** Number of policies on the device. +- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight). +- **policyCacherefreshtime** Time when policy cache was refreshed. +- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired + +This event sends data about whether an update required a reboot to help keep Windows up to date. + +The following fields are available: + +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action. +- **revisionNumber** Update revision number. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed + +This event sends information about an update that encountered problems and was not able to complete. + +The following fields are available: + +- **errorCode** The error code encountered. +- **wuDeviceid** The ID of the device in which the error occurred. + + +### Microsoft.Windows.Update.Orchestrator.UsoSession + +This event represents the state of the USO service at start and completion. + +The following fields are available: + +- **activeSessionid** A unique session GUID. +- **eventScenario** The state of the update action. +- **interactive** Is the USO session interactive? +- **lastErrorcode** The last error that was encountered. +- **lastErrorstate** The state of the update when the last error was encountered. +- **sessionType** A GUID that refers to the update session type. +- **updateScenarioType** A descriptive update session type. +- **wuDeviceid** The Windows Update device GUID. + + +### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState + +This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot. + +The following fields are available: + +- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode. +- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown. +- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed. +- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs. +- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode. +- **ETag** The Entity Tag that represents the OneSettings version. +- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device. +- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device. +- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending. +- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced. +- **RebootVersion** The version of the DTE (Direct-to-Engaged). +- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode. +- **UpdateId** The ID of the update that is waiting for reboot to finish installation. +- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation. + + +### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded + +This event is sent when a security update has successfully completed. + +The following fields are available: + +- **UtcTime** The Coordinated Universal Time that the restart was no longer needed. + + +### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled + +This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date. + +The following fields are available: + +- **activeHoursApplicable** Indicates whether Active Hours applies on this device. +- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled. +- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. +- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise. +- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically. +- **rebootState** Current state of the reboot. +- **rebootUsingSmartScheduler** Indicates that the reboot is scheduled by SmartScheduler. +- **revisionNumber** Revision number of the OS. +- **scheduledRebootTime** Time scheduled for the reboot. +- **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. +- **updateId** Identifies which update is being scheduled. +- **wuDeviceid** The unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask + +This event is sent when MUSE broker schedules a task. + +The following fields are available: + +- **TaskArgument** The arguments with which the task is scheduled. +- **TaskName** Name of the task. + + +### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled + +This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up to date. + +The following fields are available: + +- **activeHoursApplicable** Is the restart respecting Active Hours? +- **IsEnhancedEngagedReboot** TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE. +- **rebootArgument** The arguments that are passed to the OS for the restarted. +- **rebootOutsideOfActiveHours** Was the restart scheduled outside of Active Hours? +- **rebootScheduledByUser** Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device. +- **rebootState** The state of the restart. +- **rebootUsingSmartScheduler** TRUE if the reboot should be performed by the Smart Scheduler. Otherwise, FALSE. +- **revisionNumber** The revision number of the OS being updated. +- **scheduledRebootTime** Time of the scheduled reboot +- **scheduledRebootTimeInUTC** Time of the scheduled restart, in Coordinated Universal Time. +- **updateId** The Windows Update device GUID. +- **wuDeviceid** The Windows Update device GUID. + + +## Windows Update mitigation events + +### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages + +This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. + +The following fields are available: + +- **ClientId** The client ID used by Windows Update. +- **FlightId** The ID of each Windows Insider build the device received. +- **InstanceId** A unique device ID that identifies each update instance. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** The number of mounted images. +- **MountedImageMatches** The number of mounted image matches. +- **MountedImagesFailed** The number of mounted images that could not be removed. +- **MountedImagesRemoved** The number of mounted images that were successfully removed. +- **MountedImagesSkipped** The number of mounted images that were not found. +- **RelatedCV** The correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Windows Update. +- **WuId** Unique ID for the Windows Update client. + + +### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints + +This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. + +The following fields are available: + +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. +- **ReparsePointsSkipped** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. +- **WuId** Unique ID for the Windows Update client. + + +### Mitigation360Telemetry.MitigationCustom.FixupEditionId + +This event sends data specific to the FixupEditionId mitigation used for OS updates. + +The following fields are available: + +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **EditionIdUpdated** Determine whether EditionId was changed. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **ProductEditionId** Expected EditionId value based on GetProductInfo. +- **ProductType** Value returned by GetProductInfo. +- **RegistryEditionId** EditionId value in the registry. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. +- **WuId** Unique ID for the Windows Update client. + + +## Windows Update Reserve Manager events + +### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. + +The following fields are available: + +- **FinalAdjustment** Final adjustment for the hard reserve following the addition or removal of optional content. +- **InitialAdjustment** Initial intended adjustment for the hard reserve following the addition/removal of optional content. + + +### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError + +This event is sent when the Update Reserve Manager returns an error from one of its internal functions. + +The following fields are available: + +- **FailedExpression** The failed expression that was returned. +- **FailedFile** The binary file that contained the failed function. +- **FailedFunction** The name of the function that originated the failure. +- **FailedLine** The line number of the failure. +- **ReturnCode** The return code of the function. + + +### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization + +This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. + +The following fields are available: + +- **Flags** The flags that are passed to the function to prepare the Trusted Installer for reserve initialization. + + +### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. + + + +### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. + +The following fields are available: + +- **ChangeSize** The change in the hard reserve size based on the addition or removal of optional content. +- **PendingHardReserveAdjustment** The final change to the hard reserve size. +- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. + + +## Winlogon events + +### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon + +This event signals the completion of the setup process. It happens only once during the first logon. + + + +## XBOX events + +### Microsoft.Xbox.XamTelemetry.AppActivationError + +This event indicates whether the system detected an activation error in the app. + +The following fields are available: + +- **ActivationUri** Activation URI (Uniform Resource Identifier) used in the attempt to activate the app. +- **AppId** The Xbox LIVE Title ID. +- **AppUserModelId** The AUMID (Application User Model ID) of the app to activate. +- **Result** The HResult error. +- **UserId** The Xbox LIVE User ID (XUID). + + +### Microsoft.Xbox.XamTelemetry.AppActivity + +This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc. + +The following fields are available: + +- **AppActionId** The ID of the application action. +- **AppCurrentVisibilityState** The ID of the current application visibility state. +- **AppId** The Xbox LIVE Title ID of the app. +- **AppPackageFullName** The full name of the application package. +- **AppPreviousVisibilityState** The ID of the previous application visibility state. +- **AppSessionId** The application session ID. +- **AppType** The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa). +- **BCACode** The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application. +- **DurationMs** The amount of time (in milliseconds) since the last application state transition. +- **IsTrialLicense** This boolean value is TRUE if the application is on a trial license. +- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc). +- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license. +- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application. +- **UserId** The XUID (Xbox User ID) of the current user. + + + diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 75f9a40255..adb861c877 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1726,7 +1726,7 @@ For Windows 10: - Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). -For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core: +For Windows Server 2019 or later: - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation** @@ -1734,6 +1734,12 @@ For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Co - Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +For Windows Server 2016: +- Create a REG\_DWORD registry setting named **NoAcquireGT** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). + +>[!NOTE] +>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead. + The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. ### 19. Storage health diff --git a/windows/security/docfx.json b/windows/security/docfx.json index 394ca15239..018d611769 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -43,6 +43,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "security" + "dest": "security", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 4ddd3e27d4..d231dc9a9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -66,15 +66,21 @@ If you are interested in configuring your environment to use the Windows Hello f Certificate authorities write CRL distribution points in certificates as they are issued. If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point. The domain controller certificate is one the critical components of Azure AD joined devices authenticating to Active Directory -#### Why does Windows need to validate the domain controller certifcate? +#### Why does Windows need to validate the domain controller certificate? -Windows Hello for Business enforces the strict KDC validation security feature, which enforces a more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met: +Windows Hello for Business enforces the strict KDC validation security feature, which imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met: - The domain controller has the private key for the certificate provided. - The root CA that issued the domain controller's certificate is in the device's **Trusted Root Certificate Authorities**. +- Use the **Kerberos Authentication certificate template** instead of any other older template. - The domain controller's certificate has the **KDC Authentication** enhanced key usage. - The domain controller's certificate's subject alternate name has a DNS Name that matches the name of the domain. + +> [!Tip] +> If you are using Windows Server 2008, **Kerberos Authentication** is not the default template, so make sure to use the correct template when issuing or re-issuing the certificate. + + ## Configuring a CRL Distribution Point for an issuing certificate authority Use this set of procedures to update your certificate authority that issues your domain controller certificates to include an http-based CRL distribution point. @@ -164,7 +170,7 @@ These procedures configure NTFS and share permissions on the web server to allow 9. Click **Close** in the **cdp Properties** dialog box. -### Configure the new CRL distribution point and Publishing location in the issuing certifcate authority +### Configure the new CRL distribution point and Publishing location in the issuing certificate authority The web server is ready to host the CRL distribution point. Now, configure the issuing certificate authority to publish the CRL at the new location and to include the new CRL distribution point diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index ec19abbc74..929535ee97 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -9,6 +9,7 @@ author: DaniHalfin ms.localizationpriority: high ms.author: daniha ms.date: 10/16/2017 +ms.topic: article --- # How Windows Hello for Business works diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md index 6750ea0cc6..f6f4fac5a3 100644 --- a/windows/security/information-protection/TOC.md +++ b/windows/security/information-protection/TOC.md @@ -31,13 +31,11 @@ ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md) ### [Create a WIP policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md) -#### [Create a WIP policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) -##### [Deploy your WIP policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md) -##### [Associate and deploy a VPN policy for WIP using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md) #### [Create a WIP policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md) ##### [Deploy your WIP policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md) ##### [Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md) -#### [Create a WIP policy with MAM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-mam-intune-azure.md) +#### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md) +#### [Determine the Enterprise Context of an app running in WIP](windows-information-protection\wip-app-enterprise-context.md) ### [Create a WIP policy using System Center Configuration Manager](windows-information-protection\overview-create-wip-policy-sccm.md) #### [Create and deploy a WIP policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md) #### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 89aeaf1312..fb5a32c9ae 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -3,15 +3,17 @@ title: BCD settings and BitLocker (Windows 10) description: This topic for IT professionals describes the BCD settings that are used by BitLocker. ms.assetid: c4ab7ac9-16dc-4c7e-b061-c0b0deb2c4fa ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/21/2017 +ms.date: 02/28/2019 --- # BCD settings and BitLocker @@ -103,12 +105,12 @@ The following table contains the default BCD validation profile used by BitLocke This following is a full list of BCD settings with friendly names which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked. > **Note:**  Additional BCD settings exist that have hex values but do not have friendly names. These settings are not included in this list. -  + | Hex Value | Prefix | Friendly Name | | - | - | - | -| 0x12000004 | all| description| -| 0x12000005| all| locale| -| 0x12000016| all| targetname| +| 0x12000004 | all | description | +| 0x12000005 | all | locale | +| 0x12000016 | all | targetname | | 0x12000019| all| busparams| | 0x1200001d| all| key| | 0x1200004a| all| fontpath| @@ -180,7 +182,7 @@ This following is a full list of BCD settings with friendly names which are igno | 0x25000061 | winload| numproc| | 0x25000063 | winload| configflags| | 0x25000066| winload| groupsize| -| 0x25000071 | winload| msi| +| 0x25000071 | winload| msi| | 0x25000072 | winload| pciexpress| | 0x25000080 | winload| safeboot| | 0x250000a6 | winload| tscsyncpolicy| diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md index ba3d34afe1..15a2f305ae 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md @@ -3,16 +3,17 @@ title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/03/2018 +ms.date: 02/28/2019 --- # BitLocker and Active Directory Domain Services (AD DS) FAQ diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 592be01143..c9ba5464a6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -3,15 +3,17 @@ title: BitLocker basic deployment (Windows 10) description: This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 02/28/2019 --- # BitLocker basic deployment diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 2655d0474e..8f4bf8f1e5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -3,15 +3,17 @@ title: BitLocker Countermeasures (Windows 10) description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key. ms.assetid: ebdb0637-2597-4da1-bb18-8127964686ea ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/06/2018 +ms.date: 02/28/2019 --- # BitLocker Countermeasures diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index 28ec21a3bf..4dddbd05fe 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -3,19 +3,20 @@ title: BitLocker frequently asked questions (FAQ) (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 06/25/2018 +ms.date: 02/28/2019 --- -# BitLocker Deployment and Administration FAQ +# BitLocker frequently asked questions (FAQ) **Applies to** - Windows 10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 0e713f66aa..2cb23707fe 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -2,11 +2,17 @@ title: Overview of BitLocker Device Encryption in Windows 10 description: This topic provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows 10. ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: Justinha -ms.date: 01/12/2019 +ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/28/2019 --- # Overview of BitLocker Device Encryption in Windows 10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md index 26f1385795..8ffbf8ec53 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md @@ -3,16 +3,17 @@ title: BitLocker frequently asked questions (FAQ) (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/03/2018 +ms.date: 02/28/2019 --- # BitLocker frequently asked questions (FAQ) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 5107934ed4..7fbba3bbee 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -3,15 +3,17 @@ title: BitLocker Group Policy settings (Windows 10) description: This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption. ms.assetid: 4904e336-29fe-4cef-bb6c-3950541864af ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/03/2017 +ms.date: 02/28/2019 --- # BitLocker Group Policy settings diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index e505fa5f8d..8f9df7aad6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -2,16 +2,18 @@ title: BitLocker How to deploy on Windows Server 2012 and later description: This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f -ms.prod: windows-server-threshold -ms.mktglfcycl: deploy +ms.prod: w10 +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/19/2019 +ms.date: 02/28/2019 --- # BitLocker: How to deploy on Windows Server 2012 and later diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 321a0ffe66..ed0dece280 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -3,11 +3,17 @@ title: BitLocker How to enable Network Unlock (Windows 10) description: This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: brianlic-msft -ms.date: 02/20/2019 +ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/28/2019 --- # BitLocker: How to enable Network Unlock diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md index 686e594e1e..52925ce212 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md @@ -3,16 +3,17 @@ title: BitLocker Key Management FAQ (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/03/2018 +ms.date: 02/28/2019 --- # BitLocker Key Management FAQ diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 38e4da5877..9879494122 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -1,18 +1,18 @@ --- title: BitLocker Management Recommendations for Enterprises (Windows 10) description: This topic explains recommendations for managing BitLocker. -ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 01/26/2019 +ms.date: 02/28/2019 --- # BitLocker Management for Enterprises diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index fbdf7d7e41..9710cd5603 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -1,18 +1,18 @@ --- title: BitLocker frequently asked questions (FAQ) (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. -ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/03/2018 +ms.date: 02/28/2019 --- # BitLocker Network Unlock FAQ diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index ca512b92d3..96f2cf4b98 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -3,16 +3,17 @@ title: BitLocker overview and requirements FAQ (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/21/2019 +ms.date: 02/28/2019 --- # BitLocker Overview and Requirements FAQ diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index 2c7235ba57..43aa2cefe9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -3,14 +3,17 @@ title: BitLocker recovery guide (Windows 10) description: This topic for IT professionals describes how to recover BitLocker keys from AD DS. ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual +ms.date: 02/28/2019 --- # BitLocker recovery guide diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index 0b345c1349..2a2971042f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -3,16 +3,17 @@ title: BitLocker Security FAQ (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 06/12/2018 +ms.date: 02/28/2019 --- # BitLocker Security FAQ diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index 1b10ce9876..4b09766a7c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -1,18 +1,18 @@ --- title: BitLocker Upgrading FAQ (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. -ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/03/2018 +ms.date: 02/28/2019 --- # BitLocker Upgrading FAQ diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index d65bc1e6ed..31674e2c0e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -3,15 +3,17 @@ title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windo description: This topic for the IT professional describes how to use tools to manage BitLocker. ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/25/2017 +ms.date: 02/28/2019 --- # BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 84411a03ec..56d19b8cbc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -3,15 +3,17 @@ title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10) description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. ms.assetid: 04c93ac5-5dac-415e-b636-de81435753a2 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 02/28/2019 --- # BitLocker: Use BitLocker Recovery Password Viewer diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md index fb49f2d779..48020eea3e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md @@ -3,16 +3,17 @@ title: Using BitLocker with other programs FAQ (Windows 10) description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 07/10/2018 +ms.date: 02/28/2019 --- # Using BitLocker with other programs FAQ diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 658600d2ea..e6b09cec2e 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -3,15 +3,17 @@ title: Prepare your organization for BitLocker Planning and policies (Windows 10 description: This topic for the IT professional explains how can you plan your BitLocker deployment. ms.assetid: 6e3593b5-4e8a-40ac-808a-3fdbc948059d ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 06/04/2018 +ms.date: 02/28/2019 --- # Prepare your organization for BitLocker: Planning and policies diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 228b3241e9..22ebe4babb 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -3,15 +3,17 @@ title: Protecting cluster shared volumes and storage area networks with BitLocke description: This topic for IT pros describes how to protect CSVs and SANs with BitLocker. ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha +ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 06/19/2017 +ms.date: 02/28/2019 --- # Protecting cluster shared volumes and storage area networks with BitLocker diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 6d4df86d67..fb6d858968 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: security author: brianlic-msft ms.date: 04/19/2017 +ms.topic: article --- # Encrypted Hard Drive diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 2a25a68d5b..1244ed3951 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -7,6 +7,7 @@ ms.sitesec: library ms.pagetype: security author: aadake ms.date: 12/20/2018 +ms.topic: article --- # Kernel DMA Protection for Thunderbolt™ 3 diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 752c36ecf3..4b46dd2dc1 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/05/2019 --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate @@ -46,7 +46,7 @@ The recovery process included in this topic only works for desktop devices. WIP >[!Important] >Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location. -4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md). +4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune-azure.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md). ## Verify your data recovery certificate is correctly set up on a WIP client computer @@ -141,7 +141,7 @@ After signing in, the necessary WIP key info is automatically downloaded and emp - [Protecting Data by Using EFS to Encrypt Hard Drives](https://msdn.microsoft.com/library/cc875821.aspx) -- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) +- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) - [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md deleted file mode 100644 index cd3a0e3848..0000000000 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune (Windows 10) -description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. -ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b -keywords: WIP, Enterprise Data Protection -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: justinha -ms.author: justinha -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 02/26/2019 ---- - -# Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune -**Applies to:** - -- Windows 10, version 1607 and later -- Windows 10 Mobile, version 1607 and later - -After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. - -## Create your VPN policy using Microsoft Intune -Follow these steps to create the VPN policy you want to use with WIP. - -**To create your VPN policy** - -1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**. - -2. Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**. - - ![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png) - -3. Type *Contoso_VPN_Win10* into the **Name** box, along with an optional description for your policy into the **Description** box. - - ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png) - -4. In the **VPN Settings** area, type the following info: - - - **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable. - - - **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**. - - - **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable. - - - **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN). - - ![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png) - -5. In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.

    -It's your choice whether you check the box to **Remember the user credentials at each logon**. - - ![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png) - -6. You can leave the rest of the default or blank settings, and then click **Save Policy**. - -## Deploy your VPN policy using Microsoft Intune -After you’ve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy. - -**To deploy your VPN policy** - -1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button. - -2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.

    -The added people move to the **Selected Groups** list on the right-hand pane. - - ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png) - -3. After you've picked all of the employees and groups that should get the policy, click **OK**.

    -The policy is deployed to the selected users' devices. - -## Link your WIP and VPN policies and deploy the custom configuration policy -The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EDPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies - -**To link your VPN policy** - -1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**. - -2. Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**. - - ![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png) - -3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes. - - ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png) - -4. In the **OMA-URI Settings** area, click **Add** to add your **EDPModeID** info. - -5. In the **OMA-URI Settings** area, type the following info: - - - **Setting name.** Type **EDPModeID** as the name. - - - **Data type.** Pick the **String** data type. - - - **OMA-URI.** Type `./Vendor/MSFT/VPNv2//EDPModeId`, replacing <*VPNProfileName*> with the name you gave to your VPN policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EDPModeId`. - - - **Value.** Your fully-qualified domain that should be used by the OMA-URI setting. - - ![Microsoft Intune: Fill in the OMA-URI Settings for the EMPModeID setting](images/intune-vpn-omaurisettings.png) - -6. Click **OK** to save your new OMA-URI setting, and then click **Save Policy.** - - - **To deploy your linked policy** - -1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button. - -2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane. - - ![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png) - -3. After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices. - - ->[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). - - - - - diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 042a8923f9..fbd2110915 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -5,14 +5,13 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.localizationpriority: medium author: justinha ms.author: justinha manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/28/2019 +ms.date: 03/05/2019 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune @@ -22,63 +21,62 @@ ms.date: 02/28/2019 - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) -Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune only manages the apps on a user's personal device. -## Alternative steps if you use MAM only (without device enrollment) +>[!NOTE] +>If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**). the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. MAM supports only one user per device. -This topic covers creating a Windows Information Protection (WIP) policy for organizations already managing devices by using Mobile Device Management (MDM) solutions. If your organization uses a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without managing devices, see [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md). +## Prerequisites -If the same user and device are targeted for both MDM policy and MAM-only (without device enrollment) policy, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. +Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. -Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. +## Configure the MDM or MAM provider -## Add a WIP policy -Follow these steps to add a WIP policy using Intune. +1. Sign in to the Azure portal. +2. Click **Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**. +3. Click **Restore Default URLs** or enter the settings for MDM or MAM user scope and click **Save**: -**To add a WIP policy** -1. Open Microsoft Intune and click **Client apps**. + ![Configure MDM or MAM provider](images/mobility-provider.png) - ![Open Client apps](images/open-mobile-apps.png) +## Create a WIP policy -2. In **Client apps**, click **App protection policies**. +1. Sign in to the Azure portal. - ![App protection policies](images/app-protection-policies.png) +2. Open Microsoft Intune and click **Client apps** > **App protection policies** > **Create policy**. -3. In the **App policy** screen, click **Add a policy**, and then fill out the fields: - - **Name.** Type a name (required) for your new policy. + ![Open Client apps](images/create-app-protection-policy.png) - - **Description.** Type an optional description. +3. In the **App policy** screen, click **Add a policy**, and then fill out the fields: - - **Platform.** Choose **Windows 10**. + - **Name.** Type a name (required) for your new policy. - - **Enrollment state.** Choose **With enrollment**. + - **Description.** Type an optional description. - ![Add a mobile app policy](images/add-a-mobile-app-policy.png) + - **Platform.** Choose **Windows 10**. - >[!Important] - >Choosing **With enrollment** only applies for organizations using MDM. If you're using MAM only (without device enrollment), see [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md). + - **Enrollment state.** Choose **Without enrollment** for MAM or **With enrollment** for MDM. -4. Click **Protected apps** and then click **Add apps**. + ![Add a mobile app policy](images/add-a-mobile-app-policy.png) - ![Add protected apps](images/add-protected-apps.png) +4. Click **Protected apps** and then click **Add apps**. - You can add these types of apps: + ![Add protected apps](images/add-protected-apps.png) - - [Recommended apps](#add-recommended-apps) - - [Store apps](#add-store-apps) - - [Desktop apps](#add-desktop-apps) + You can add these types of apps: + + - [Recommended apps](#add-recommended-apps) + - [Store apps](#add-store-apps) + - [Desktop apps](#add-desktop-apps) ### Add recommended apps -To add **Recommended apps**, select each app you want to access your enterprise data, and then click **OK**. - -The **Protected apps** blade updates to show you your selected apps. +Select **Recommended apps** and select each app you want to access your enterprise data or select them all, and click **OK**. -![Microsoft Intune management console: Recommended apps](images/wip-azure-allowed-apps-with-apps.png) +![Microsoft Intune management console: Recommended apps](images/recommended-apps.png) ### Add Store apps -To add **Store apps**, type the app product name and publisher and click **OK**. For example, to add the Power BI Mobile App from the Store, type the following: +Select **Store apps**, type the app product name and publisher, and click **OK**. For example, to add the Power BI Mobile App from the Store, type the following: - **Name**: Microsoft Power BI - **Publisher**: `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` @@ -88,7 +86,7 @@ To add **Store apps**, type the app product name and publisher and click **OK**. To add multiple Store apps, click the elipsis **…**. -If you don't know the Store app publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps. +If you don't know the Store app publisher or product name, you can find them by following these steps. 1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Power BI Mobile App*. @@ -111,6 +109,8 @@ If you don't know the Store app publisher or product name, you can find them for >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.

    For example:
    {
    "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
    }     + If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature. @@ -173,10 +173,7 @@ To add **Desktop apps**, complete the following fields, based on what results yo -After you’ve entered the info into the fields, click **OK**. - ->[!Note] ->To add multiple Desktop apps, click the elipsis **…**. When you’re done, click **OK**. +To add another Desktop app, click the elipsis **…**. After you’ve entered the info into the fields, click **OK**. ![Microsoft Intune management console: Adding Desktop app info](images/wip-azure-add-desktop-apps.png) @@ -185,6 +182,7 @@ If you’re unsure about what to include for the publisher, you can run this Pow ```ps1 Get-AppLockerFileInformation -Path "" ``` + Where `""` goes to the location of the app on the device. For example: ```ps1 @@ -202,9 +200,16 @@ Path Publisher Where `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the **Publisher** name and `WORDPAD.EXE` is the **File** name. ### Import a list of apps -For this example, we’re going to add an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. -**To create a list of protected apps using the AppLocker tool** +This section covers two examples of using an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time. + +- [Create a Packaged App rule for Store apps](#create-a-packaged-app-rule-for-store-apps) +- [Create an Executable rule for unsigned apps](#create-an-executable-rule-for-unsigned-apps) + +For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. + +#### Create a Packaged App rule for Store apps + 1. Open the Local Security Policy snap-in (SecPol.msc). 2. In the left blade, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**. @@ -277,7 +282,8 @@ For this example, we’re going to add an AppLocker XML file to the **Protected 12. After you’ve created your XML file, you need to import it by using Microsoft Intune. -**To create an Executable rule and xml file for unsigned apps** +## Create an Executable rule for unsigned apps + 1. Open the Local Security Policy snap-in (SecPol.msc). 2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**. @@ -325,9 +331,7 @@ For this example, we’re going to add an AppLocker XML file to the **Protected The file imports and the apps are added to your **Protected apps** list. ### Exempt apps from a WIP policy -If you're running into compatibility issues where your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak. - -**To exempt a Store app, a Desktop app, or an AppLocker policy file from the Protected apps list** +If your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak. 1. In **Client apps - App protection policies**, click **Exempt apps**. @@ -354,14 +358,7 @@ After you've added the apps you want to protect with WIP, you'll need to apply a We recommend that you start with **Silent** or **Allow Overrides** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, **Block**. ->[!NOTE] ->For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md). - -**To add your protection mode** - -1. From the **App protection policy** blade, click the name of your policy, and then click **Required settings** from the menu that appears. - - The **Required settings** blade appears. +1. From the **App protection policy** blade, click the name of your policy, and then click **Required settings**. ![Microsoft Intune, Required settings blade showing Windows Information Protection mode](images/wip-azure-required-settings-protection-mode.png) @@ -381,89 +378,159 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor **To change your corporate identity** -1. From the **App policy** blade, click the name of your policy, and then click **Required settings**. +1. From the **App policy** blade, click the name of your policy, and then click **Required settings**. -2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add domains, for example your email domains, you can do it in the **Advanced settings** area. +2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. - ![Microsoft Intune, Set your corporate identity for your organization](images/wip-azure-required-settings-corp-identity.png) + ![Microsoft Intune, Set your corporate identity for your organization](images/wip-azure-required-settings-corp-identity.png) + +3. To add domains, such your email domain names, click **Configure Advanced settings** > **Add network boundary** and select **Protected domains**. + + ![Add protected domains](images/add-protected-domains.png) ## Choose where apps can access enterprise data -After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. +After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include policy that defines your enterprise network locations. There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT). ->[!Important] ->Every WIP policy should include policy that defines your enterprise network locations.
    Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations. +To define the network boundaries, click **App policy** > the name of your policy > **Advanced settings** > **Add network boundary**. -**To define where your protected apps can find and send enterprise data on you network** +![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png) -1. From the **App policy** blade, click the name of your policy, and then click **Advanced settings**. +Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**. -2. Click **Add network boundary** from the Network perimeter area. +### Cloud resources - ![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png) +Specify the cloud resources to be treated as corporate and protected by WIP. +For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. +Be aware that all traffic routed through your Internal proxy servers is considered enterprise. -3. Select the type of network boundary to add from the **Boundary type** box. +Separate multiple resources with the "|" delimiter. +If you don’t use proxy servers, you must also include the "," delimiter just before the "|". +For example: -4. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**. +```code +URL <,proxy>|URL <,proxy> +``` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Boundary typeValue formatDescription
    Cloud ResourcesWith proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
    contoso.visualstudio.com,contoso.internalproxy2.com

    Without proxy: contoso.sharepoint.com|contoso.visualstudio.com    		Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.

    Protected domainsexchange.contoso.com,contoso.com,region.contoso.comSpecify the domains used for identities in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

    If you have multiple domains, you must separate them using the "," delimiter.
    Network domainscorp.contoso.com,region.contoso.comSpecify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

    If you have multiple resources, you must separate them using the "," delimiter.
    Proxy serversproxy.contoso.com:80;proxy2.contoso.com:443Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

    This list shouldn’t include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

    If you have multiple resources, you must separate them using the ";" delimiter.
    Internal proxy serverscontoso.internalproxy1.com;contoso.internalproxy2.comSpecify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

    This list shouldn’t include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

    If you have multiple resources, you must separate them using the ";" delimiter.
    IPv4 ranges**Starting IPv4 Address:** 3.4.0.1
    **Ending IPv4 Address:** 3.4.255.254
    **Custom URI:** 3.4.0.1-3.4.255.254,
    10.0.0.1-10.255.255.254    		Starting with Windows 10, version 1703, this field is optional.

    Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries.

    If you have multiple ranges, you must separate them using the "," delimiter.
    IPv6 ranges**Starting IPv6 Address:** 2a01:110::
    **Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
    **Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
    fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff    		Starting with Windows 10, version 1703, this field is optional.

    Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries.

    If you have multiple ranges, you must separate them using the "," delimiter.
    Neutral resourcessts.contoso.com,sts.contoso2.comSpecify your authentication redirection endpoints for your company.

    These locations are considered enterprise or personal, based on the context of the connection before the redirection.

    If you have multiple resources, you must separate them using the "," delimiter.
    +Personal applications will be able to access a cloud resource that has a blank space or an invalid character, such as a trailing dot in the URL. -5. Repeat steps 1-4 to add any additional network boundaries. +To add a subdomain for a cloud resource, use a period (.) instead of an asterisk (*). For example, to add all subdomains within Office.com, use ".office.com" (without the quotation marks). -6. Decide if you want to Windows to look for additional network settings: +In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. +In this case, Windows blocks the connection by default. +To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting. +For example: - ![Microsoft Intune, Choose if you want Windows to search for additional proxy servers or IP ranges in your enterprise](images/wip-azure-advanced-settings-network-autodetect.png) +```code +URL <,proxy>|URL <,proxy>/*AppCompat*/ +``` - - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. +When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. - - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. +Value format with proxy: + +```code +contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com +``` + +Value format without proxy: + +```code +contoso.sharepoint.com|contoso.visualstudio.com +``` + +### Protected domains + +Specify the domains used for identities in your environment. +All traffic to the fully-qualified domains appearing in this list will be protected. +Separate multiple domains with the "," delimiter. + +```code +exchange.contoso.com,contoso.com,region.contoso.com +``` + +### Network domains + +Specify the DNS suffixes used in your environment. +All traffic to the fully-qualified domains appearing in this list will be protected. +Separate multiple resources with the "," delimiter. + +```code +corp.contoso.com,region.contoso.com +``` + +### Proxy servers + +Specify the proxy servers your devices will go through to reach your cloud resources. +Using this server type indicates that the cloud resources you’re connecting to are enterprise resources. + +This list shouldn’t include any servers listed in your Internal proxy servers list. +Internal proxy servers must be used only for WIP-protected (enterprise) traffic. +Separate multiple resources with the ";" delimiter. + +```code +proxy.contoso.com:80;proxy2.contoso.com:443 +``` + +### Internal proxy servers + +Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources. + +This list shouldn’t include any servers listed in your Proxy servers list. +Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic. +Separate multiple resources with the ";" delimiter. + +```code +contoso.internalproxy1.com;contoso.internalproxy2.com +``` + +### IPv4 ranges + +Starting with Windows 10, version 1703, this field is optional. + +Specify the addresses for a valid IPv4 value range within your intranet. +These addresses, used with your Network domain names, define your corporate network boundaries. +Classless Inter-Domain Routing (CIDR) notation isn’t supported. + +Separate multiple ranges with the "," delimiter. + +**Starting IPv4 Address:** 3.4.0.1 +**Ending IPv4 Address:** 3.4.255.254 +**Custom URI:** 3.4.0.1-3.4.255.254, +
    10.0.0.1-10.255.255.254 + +### IPv6 ranges + +Starting with Windows 10, version 1703, this field is optional. + +Specify the addresses for a valid IPv6 value range within your intranet. +These addresses, used with your network domain names, define your corporate network boundaries. +Classless Inter-Domain Routing (CIDR) notation isn’t supported. + +Separate multiple ranges with the "," delimiter. + +**Starting IPv6 Address:** 2a01:110:: +**Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff +**Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
    fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + +### Neutral resources + +Specify your authentication redirection endpoints for your company. +These locations are considered enterprise or personal, based on the context of the connection before the redirection. +Separate multiple resources with the "," delimiter. + +```code +sts.contoso.com,sts.contoso2.com +``` + +Decide if you want Windows to look for additional network settings: + +- **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Turn on if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you turn this off, Windows will search for additional proxy servers in your immediate network. + +- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Turn on if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you turn this off, Windows will search for additional IP ranges on any domain-joined devices connected to your network. + +![Microsoft Intune, Choose if you want Windows to search for additional proxy servers or IP ranges in your enterprise](images/wip-azure-advanced-settings-network-autodetect.png) ## Upload your Data Recovery Agent (DRA) certificate After you create and deploy your WIP policy to your employees, Windows begins to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the Data Recovery Agent (DRA) certificate lets Windows use an included public key to encrypt the local data while you maintain the private key that can unencrypt the data. @@ -524,7 +591,7 @@ WIP can integrate with Microsoft Azure Rights Management to enable secure sharin To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. -Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. +Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that is copied to a removable drive. >[!IMPORTANT] >Curly braces -- {} -- are required around the RMS Template ID. @@ -533,15 +600,12 @@ Optionally, if you don’t want everyone in your organization to be able to shar >For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. ## Related topics + - [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md) -- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) - -- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) - - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) -- [What is Azure Rights Management?]( https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) +- [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) - [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/intune/deploy-use/create-windows-information-protection-policy-with-intune) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md deleted file mode 100644 index 48de57d325..0000000000 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ /dev/null @@ -1,484 +0,0 @@ ---- -title: Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune (Windows 10) -description: Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. -ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721 -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: justinha -ms.author: justinha -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 02/27/2019 ---- - -# Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune - -**Applies to:** - -- Windows 10, version 1607 and later -- Windows 10 Mobile, version 1607 and later - -Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. - -## Add a WIP policy -After you’ve set up Intune for your organization, you must create a WIP-specific policy. - -**To add a WIP policy** -1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy** from the **Tasks** area. - -2. Go to **Windows**, click the **Windows Information Protection (Windows 10 Desktop and Mobile and later) policy**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**. - - ![Microsoft Intune: Create your new policy from the New Policy screen](images/intune-createnewpolicy.png) - -3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes. - - ![Microsoft Intune: Fill out the required Name and optional Description fields](images/intune-generalinfo.png) - -## Add app rules to your policy -During the policy-creation process in Intune, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps. - -The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file. - ->[!Important] ->Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.

    Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **App Rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation. - -### Add a store app rule to your policy -For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list. - -**To add a store app** -1. From the **App Rules** area, click **Add**. - - The **Add App Rule** box appears. - - ![Microsoft Intune, Add a store app to your policy](images/intune-add-uwp-apps.png) - -2. Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*. - -3. Click **Allow** from the **Windows Information Protection mode** drop-down list. - - Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. Instructions for exempting an app are included in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section of this topic. - -4. Pick **Store App** from the **Rule template** drop-down list. - - The box changes to show the store app rule options. - -5. Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`. - -If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps. - -**To find the Publisher and Product Name values for Store apps without installing them** -1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*. - -2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`. - -3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value. - - The API runs and opens a text editor with the app details. - - ```json - { - "packageIdentityName": "Microsoft.Office.OneNote", - "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" - } - ``` - -4. Copy the `publisherCertificateName` value into the **Publisher Name** box and copy the `packageIdentityName` value into the **Product Name** box of Intune. - - >[!Important] - >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.

    For example:
    - ```json - { - "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d", - } - ``` - -**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones** -1. If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature. - - >**Note**
    Your PC and phone must be on the same wireless network. - -2. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**. - -3. In the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**. - -4. Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate. - -5. In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step. - -6. On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names. - -7. Start the app for which you're looking for the publisher and product name values. - -8. Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune. - - >[!Important] - >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.

    For example:
    - ```json - { - "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d", - } - ``` - -### Add a desktop app rule to your policy -For this example, we’re going to add Internet Explorer, a desktop app, to the **App Rules** list. - -**To add a desktop app** -1. From the **App Rules** area, click **Add**. - - The **Add App Rule** box appears. - - ![Microsoft Intune, Add a desktop app to your policy](images/intune-add-classic-apps.png) - -2. Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*. - -3. Click **Allow** from the **Windows Information Protection mode** drop-down list. - - Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. Instructions for exempting an app are included in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section of this topic. - -4. Pick **Desktop App** from the **Rule template** drop-down list. - - The box changes to show the store app rule options. - -5. Pick the options you want to include for the app rule (see table), and then click **OK**. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    OptionManages
    All fields left as “*”All files signed by any publisher. (Not recommended)
    Publisher selectedAll files signed by the named publisher.

    This might be useful if your company is the publisher and signer of internal line-of-business apps.

    Publisher and Product Name selectedAll files for the specified product, signed by the named publisher.
    Publisher, Product Name, and Binary name selectedAny version of the named file or package for the specified product, signed by the named publisher.
    Publisher, Product Name, Binary name, and File Version, and above, selectedSpecified version or newer releases of the named file or package for the specified product, signed by the named publisher.

    This option is recommended for enlightened apps that weren't previously enlightened.

    Publisher, Product Name, Binary name, and File Version, And below selectedSpecified version or older releases of the named file or package for the specified product, signed by the named publisher.
    Publisher, Product Name, Binary name, and File Version, Exactly selectedSpecified version of the named file or package for the specified product, signed by the named publisher.
    - -If you’re unsure about what to include for the publisher, you can run this PowerShell command: - -```ps1 - Get-AppLockerFileInformation -Path "" -``` -Where `""` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe"`. - -In this example, you'd get the following info: - -``` json - Path Publisher - ---- --------- - %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\INTERNET EXPLOR... -``` -Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box. - -### Add an AppLocker policy file -Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). - -**To create a Packaged App rule and xml file** -1. Open the Local Security Policy snap-in (SecPol.msc). - -2. In the left pane, click **Application Control Policies** > **AppLocker** > **Packaged App Rules**. - - ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png) - -3. Right-click **Packaged App Rules** > **Create New Rule**. - -4. On the **Before You Begin** page, click **Next**. - - ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-before-begin.png) - -5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. - - ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-permissions.png) - -6. On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area. - - ![Create Packaged app Rules wizard, showing the Publisher](images/intune-applocker-publisher.png) - -7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Photos. - - ![Create Packaged app Rules wizard, showing the Select applications page](images/intune-applocker-select-apps.png) - -8. On the updated **Publisher** page, click **Create**. - - ![Create Packaged app Rules wizard, showing the Microsoft Photos on the Publisher page](images/intune-applocker-publisher-with-app.png) - -9. Review the Local Security Policy snap-in to make sure your rule is correct. - - ![Local security snap-in, showing the new rule](images/intune-local-security-snapin-updated.png) - -10. In the left pane, right-click on **AppLocker**, and then click **Export policy**. - - The **Export policy** box opens, letting you export and save your new policy as XML. - - ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png) - -11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**. - - The policy is saved and you’ll see a message that says 1 rule was exported from the policy. - - **Example XML file**
    - This is the XML file that AppLocker creates for Microsoft Photos. - - ```xml - - - - - - - - - - - - - - - - ``` -12. After you’ve created your XML file, you need to import it by using Microsoft Intune. - -**To import your Applocker policy file app rule using Microsoft Intune** -1. From the **App Rules** area, click **Add**. - - The **Add App Rule** box appears. - - ![Microsoft Intune, Importing your AppLocker policy file using Intune](images/intune-add-applocker-xml-file.png) - -2. Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*. - -3. Click **Allow** from the **Windows Information Protection mode** drop-down list. - - Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. Instructions for exempting an app are included in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section of this topic. - -4. Pick **AppLocker policy file** from the **Rule template** drop-down list. - - The box changes to let you import your AppLocker XML policy file. - -5. Click **Import**, browse to your AppLocker XML file, click **Open**, and then click **OK** to close the **Add App Rule** box. - - The file is imported and the apps are added to your **App Rules** list. - -### Exempt apps from WIP restrictions -If you're running into compatibility issues where your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak. - -**To exempt a store app, a desktop app, or an AppLocker policy file app rule** -1. From the **App Rules** area, click **Add**. - - The **Add App Rule** box appears. - -2. Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*. - -3. Click **Exempt** from the **Windows Information Protection mode** drop-down list. - - Be aware that when you exempt apps, they’re allowed to bypass the WIP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-app-rules-to-your-policy) section of this topic. - -4. Fill out the rest of the app rule info, based on the type of rule you’re adding: - - - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this topic. - - - **Desktop app.** Follow the **Publisher**, **Product name**, **Binary name**, and **Version** instructions in the [Add a desktop app rule to your policy](#add-a-desktop-app-rule-to-your-policy) section of this topic. - - - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this topic, using a list of exempted apps. - -5. Click **OK**. - -## Manage the WIP protection mode for your enterprise data -After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode. - -We recommend that you start with **Silent** or **Allow Overrides** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, either **Allow Overrides** or **Block**. - -|Mode |Description | -|-----|------------| -|Block|WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.| -|Allow Overrides|WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). | -|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Allow Overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.| -|Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.

    After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on.| - -![Microsoft Intune, Set the protection mode for your data](images/intune-protection-mode.png) - -## Define your enterprise-managed corporate identity -Corporate identity, usually expressed as your primary Internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you’ve marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies. - -You can specify multiple domains owned by your enterprise by separating them with the "|" character. For example, (`contoso.com|newcontoso.com`). With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list. - -**To add your corporate identity** -- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`. - - ![Microsoft Intune, Set your primary Internet domains](images/intune-corporate-identity.png) - -## Choose where apps can access enterprise data -After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. - -There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT). - ->[!IMPORTANT] ->Every WIP policy should include policy that defines your enterprise network locations.
    ->Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations. - -**To define where your protected apps can find and send enterprise data on you network** - -1. Add additional network locations your apps can access by clicking **Add**. - - The **Add or edit corporate network definition** box appears. - -2. Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table. - - ![Microsoft Intune, Add your corporate network definitions](images/intune-networklocation.png) -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Network location typeFormatDescription
    Enterprise Cloud ResourcesWith proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
    contoso.visualstudio.com,contoso.internalproxy2.com

    Without proxy: contoso.sharepoint.com|contoso.visualstudio.com

    		Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.

    Enterprise Network Domain Names (Required)corp.contoso.com,region.contoso.comSpecify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

    This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.

    If you have multiple resources, you must separate them using the "," delimiter.

    Enterprise Proxy Serversproxy.contoso.com:80;proxy2.contoso.com:443Specify your externally-facing proxy server addresses, along with the port through which traffic accesses the Internet.

    This list must not include any servers listed in the Enterprise Internal Proxy Servers list, because they’re used for WIP-protected traffic.

    This setting is also required if there’s a chance you could end up behind a proxy server on another network. In this situation, if you don't have a proxy server pre-defined, you might find that enterprise resources are unavailable to your client device, such as when you’re visiting another company and not on the guest network. To make sure this doesn’t happen, the client device also needs to be able to reach the pre-defined proxy server through the VPN network.

    If you have multiple resources, you must separate them using the ";" delimiter.

    Enterprise Internal Proxy Serverscontoso.internalproxy1.com;contoso.internalproxy2.comSpecify the proxy servers your devices will go through to reach your cloud resources.

    Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

    This list shouldn’t include any servers listed in the Enterprise Proxy Servers list, which are used for non-WIP-protected traffic.

    If you have multiple resources, you must separate them using the ";" delimiter.

    Enterprise IPv4 Range (Required, if not using IPv6)**Starting IPv4 Address:** 3.4.0.1
    **Ending IPv4 Address:** 3.4.255.254
    **Custom URI:** 3.4.0.1-3.4.255.254,
    10.0.0.1-10.255.255.254    		Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

    If you have multiple ranges, you must separate them using the "," delimiter.

    Enterprise IPv6 Range (Required, if not using IPv4)**Starting IPv6 Address:** 2a01:110::
    **Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
    **Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
    fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff    		Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.

    If you have multiple ranges, you must separate them using the "," delimiter.

    Neutral Resourcessts.contoso.com,sts.contoso2.comSpecify your authentication redirection endpoints for your company.

    These locations are considered enterprise or personal, based on the context of the connection before the redirection.

    If you have multiple resources, you must separate them using the "," delimiter.

    - -3. Add as many locations as you need, and then click **OK**. - - The **Add corporate network definition** box closes. - -4. Decide if you want to Windows to look for additional network settings: - - ![Microsoft Intune, Choose if you want Windows to search for additinal proxy servers or IP ranges in your enterprise](images/intune-network-detection-boxes.png) - - - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. - - - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. - -5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy. - - ![Microsoft Intune, Add your Data Recovery Agent (DRA) certificate](images/intune-data-recovery.png) - - After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. - - For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md). - -## Choose to set up Azure Rights Management with WIP -WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files via removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. - -To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. - -Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. - ->[!IMPORTANT] ->Curly braces -- {} -- are required around the RMS Template ID. - ->[!NOTE] ->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. - -## Choose your optional WIP-related settings -After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings. - -![Microsoft Intune, Choose any additional, optional settings](images/intune-optional-settings.png) - -**To set your optional settings** -1. Choose to set any or all of the optional settings: - - - **Show the Personal option in the File ownership menus of File Explorer and the Save As dialog box.** Determines whether users can see the Personal option for files within File Explorer and the **Save As** dialog box. The options are: - - - **Yes, or not configured (recommended).** Employees can choose whether a file is **Work** or **Personal** in File Explorer and the **Save As** dialog box. - - - **No.** Hides the **Personal** option from employees. Be aware that if you pick this option, apps that use the **Save As** dialog box might encrypt new files as corporate data unless a different file path is given during the original file creation. After this happens, decryption of work files becomes more difficult. - - - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: - - - **Yes (recommended).** Turns on the feature and provides the additional protection. - - - **No, or not configured.** Doesn't enable this feature. - - - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: - - - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment. - - - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions. - - - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are: - - - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps. - - - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps. - - - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: - - - **Yes.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. - - - **No, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but allowed apps. Not configured is the default option. - -2. Click **Save Policy**. - -## Related topics -- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) - -- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) - -- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) - -- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/) - -- [What is Azure Rights Management?]( https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) - ->[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md deleted file mode 100644 index 1e940e8137..0000000000 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ /dev/null @@ -1,665 +0,0 @@ ---- -title: Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune (Windows 10) -description: The Azure portal for Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, supporting mobile application management (MAM), to let you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: justinha -ms.author: justinha -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 02/26/2019 ---- - -# Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune - -**Applies to:** - -- Windows 10, version 1703 and later -- Windows 10 Mobile, version 1703 and later (except Microsoft Azure Rights Management, which is only available on the desktop) - -By using Microsoft Intune with Mobile application management (MAM), organizations can take advantage of Azure Active Directory (Azure AD) and the app protection policy feature to keep employees from logging in with personal credentials and accessing corporate data. Additionally, MAM solutions can help your enterprise do the following for mobile apps: - -- Configure, update, and deploy mobile apps to employees -- Control what your employees can do with enterprise data, such as copying, pasting, and saving -- Keep enterprise data separate from your employee's personal data -- Remove enterprise data from employee's devices -- Report on mobile app inventory and track usage - -## Alternative steps if you already manage devices with MDM - -This topic covers creating a Windows Information Protection (WIP) policy for organizations using a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without device enrollment. If you are already managing devices by using a Mobile Device Management (MDM) solution, see [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md). - -If the same user and device are targeted for both MAM-only (without device enrollment) policy and MDM policy, the MDM policy (with device enrollement) will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. - -Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. - -## Prerequisites to using MAM with Windows Information Protection (WIP) -Before you can create your WIP policy with MAM, you need to [set up your MAM provider](https://docs.microsoft.com/intune-classic/deploy-use/get-ready-to-configure-app-protection-policies-for-windows-10). - -Additionally, you must have an [Azure AD Premium license](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-what-is) and be running at least Windows 10, version 1703 on your device. - ->[!Important] ->WIP doesn't support multi-identity. Only one managed identity can exist at a time. - -## Add a WIP policy -After you’ve set up Intune for your organization, you must create a WIP-specific policy. - -**To add a WIP policy** -1. Open the Azure portal and click the **Intune service** from the sidebar. - - The Microsoft Intune Overview blade appears. - -2. Click **Client apps**, click **App protection policies**, and then click **Add a policy**. - - ![Microsoft Intune management console: App policy link](images/wip-azure-portal-start-mam.png) - -3. In the **Add a policy** blade, fill out the fields: - - - **Name.** Type a name (required) for your new policy. - - - **Description.** Type an optional description. - - - **Platform.** Choose **Windows 10** to create your MAM policy for desktop client devices. - - - **Enrollment state.** Choose **Without enrollment** as the enrollment state for your policy. - - ![Microsoft Intune management console: Create your new policy in the Add a policy blade](images/wip-azure-add-policy.png) - - >[!Important] - >Choosing **Without enrollment** only applies for organizations using MAM. If you're using MDM, see [Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md). - -4. Click **Create**. - - The policy is created and appears in the table on the **Client apps - App protection policies** blade. - - >[!NOTE] - >Optionally, you can also add your apps and set your settings from the **Add a policy** blade, but for the purposes of this documentation, we recommend instead that you create the policy first, and then use the subsequent menus that become available. - -## Add apps to your Protected apps list -During the policy-creation process in Intune, you can choose the apps you want to allow, as well as deny, access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps. - -The steps to add your apps are based on the type of template being applied. You can add a recommended app, a store app (also known as a Universal Windows Platform (UWP) app), or a signed Windows desktop app. You can also import a list of approved apps or add exempt apps. - -In addition, you can create an app deny list related to the policy based on an **action** value. The action can be either **Allow** or **Deny**. When you specify the deny action for an app using the policy, corporate access is denied to the app. - ->[!Important] ->Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.

    Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **Protected apps** list. If you don’t get this statement, it’s possible that you could experience app compatibility issues due to an app losing the ability to access a necessary file after revocation. - -### Add a Recommended app to your Protected apps list -For this example, we’re going to add a few recommended apps to the **Protected apps** list. - -**To add a recommended app** -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Protected apps** from the menu that appears. - - The **Protected apps** blade appears, showing you any apps that are already included in the list for this policy. - - ![Microsoft Intune management console: Viewing the recommended apps that you can add to your policy](images/wip-azure-allowed-apps-pane.png) - -2. From the **Protected apps** blade, click **Add apps**. - - The **Add apps** blade appears, showing you all **Recommended apps**. - - ![Microsoft Intune management console: Adding recommended apps to your policy](images/wip-azure-add-recommended-apps.png) - -3. Select each app you want to access your enterprise data, and then click **OK**. - - The **Protected apps** blade updates to show you your selected apps. - - ![Microsoft Intune management console: Protected apps blade with recommended apps](images/wip-azure-allowed-apps-with-apps.png) - -4. Click **Save** to save the **Protected apps** list to your policy. - -### Add a Store app to your Protected apps list -For this example, we’re going to add Microsoft Power BI, a Windows store app, to the **Protected apps** list. - -**To add a Store app** -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Protected apps** from the menu that appears. - - The **Protected apps** blade appears, showing you any apps that are already included in the list for this policy. - -2. From the **Protected apps** blade, click **Add apps**. - -3. On the **Add apps** blade, click **Store apps** from the dropdown list. - -4. Type the friendly name of the app, the publisher info, and the product name. For this example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.MicrosoftPowerBIForWindows`. - -5. After you’ve entered the info into the fields, click **OK** to add the app to your **Protected apps** list, and then click **Save** to save the **Protected apps** list to your policy. - - >[!NOTE] - >To add multiple Store apps at the same time, you can click the menu **(…)** at the end of the app row, and continue to add more apps. When you’re done, click **OK**. - - ![Microsoft Intune management console: Adding Store app info](images/wip-azure-add-store-apps.png) - -#### Find the Name, Publisher, and Product name for Store apps -If you don't know the publisher or product name for your Store app, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps. - -**To find the publisher and product name values for Store apps without installing them** -1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft Power BI*. - -2. Copy the ID value from the app URL. For example, Microsoft Power BI ID URL is https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1, and you'd copy the ID value, `9nblgggzlxn1`. - -3. In a browser, run the Microsoft Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata, where `9nblgggzlxn1` is replaced with your ID value. - - The API runs and opens a text editor with the app details. - - ```json - { - "packageIdentityName": "Microsoft.MicrosoftPowerBIForWindows", - "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" - } - ``` - -4. Copy the `publisherCertificateName` value into the **Publisher** box and copy the `packageIdentityName` value into the **Name** box of the **Add apps** blade. - - >[!Important] - >The JSON file might also return a windowsPhoneLegacyId value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as windowsPhoneLegacyId, and set the **Publisher Name** as CN= followed by the windowsPhoneLegacyId.

    For example:
    - {
    "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
    }     - -**To find the publisher and product name values for apps installed on Windows 10 mobile phones** -1. If you need to add mobile apps that aren't distributed through the Microsoft Store for Business, you must use the **Windows Device Portal** feature. - - >[!NOTE] - >Your PC and phone must be on the same wireless network. - -2. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**. - -3. In the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**. - -4. Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate. - -5. In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step. - -6. On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names. - -7. Start the app for which you're looking for the publisher and product name values. - -8. Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune. - - >[!Important] - >The JSON file might also return a windowsPhoneLegacyId value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as windowsPhoneLegacyId, and set the **Publisher Name** as CN= followed by the windowsPhoneLegacyId.

    For example:
    - {
    "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
    }     - -### Add a Desktop app to your Protected apps list -For this example, we’re going to add WordPad, a Desktop app, to the **Protected apps** list. - -**To add a Desktop app** -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Protected apps** from the menu that appears. - - The **Protected apps** blade appears, showing you any apps that are already included in the list for this policy. - -2. From the **Protected apps** blade, click **Add apps**. - -3. On the **Add apps** blade, click **Desktop apps** from the dropdown list. - - The blade changes to show boxes for you to add the following, based on the results you want returned: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldManages
    All fields marked as “*”All files signed by any publisher. (Not recommended)
    NameA friendly name for your app. You can't use this field by itself. However, you can use it in conjunction with any of the other fields.
    Publisher (required) onlyFilling out this field, gives you all files signed by the named publisher. This might be useful if your company is the publisher and signer of internal line-of-business apps.

    This is a required field and must be filled out whether by itself or in conjunction with other fields.
    Publisher (required) and Product name onlyIf you only fill out these fields, you’ll get all files for the specified product, signed by the named publisher.
    Publisher (required), Product name, and File onlyIf you only fill out these fields, you’ll get any version of the named file or package for the specified product, signed by the named publisher.
    Publisher (required), Product name, File, and Min version onlyIf you only fill out these fields, you’ll get the specified version or newer releases of the named file or package for the specified product, signed by the named publisher.

    This option is recommended for enlightened apps that weren't previously enlightened.
    Publisher (required), Product name, File, and Max version onlyIf you only fill out these fields, you’ll get the specified version or older releases of the named file or package for the specified product, signed by the named publisher.
    All fields completedIf you fill out all fields, you’ll get the specified version of the named file or package for the specified product, signed by the named publisher.
    - -4. After you’ve entered the info into the fields, click **OK** to add the app to your **Protected apps** list, and then click **Save** to save the **Protected apps** list to your policy. - - >[!Note] - >To add multiple Desktop apps at the same time, you can click the menu **(…)** at the end of the app row, and then continue to add more apps. When you’re done, click **OK**. - - ![Microsoft Intune management console: Adding Desktop app info](images/wip-azure-add-desktop-apps.png) - -#### Find the Publisher and File name for Desktop apps -If you’re unsure about what to include for the publisher, you can run this PowerShell command: - -```ps1 -Get-AppLockerFileInformation -Path "" -``` -Where `""` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"`. - -In this example, you'd get the following info: - -``` json -Path Publisher ----- --------- -%PROGRAMFILES%\WINDOWS NT\ACCESSORIES\WORDPAD.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US -``` -Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter into the **Publisher** box and `WORDPAD.EXE` is the text to enter into the **File** box. - -### Import a list of apps to your Protected apps list -For this example, we’re going to add an AppLocker XML file to the **Protected apps** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. - -**To create a list of Protected apps using the AppLocker tool** - -1. Open the Local Security Policy snap-in (SecPol.msc). - -2. In the left blade, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**. - - ![Local security snap-in, showing the Packaged app Rules](images/wip-applocker-secpol-1.png) - -3. Right-click in the right-hand blade, and then click **Create New Rule**. - - The **Create Packaged app Rules** wizard appears. - -4. On the **Before You Begin** page, click **Next**. - - ![Create Packaged app Rules wizard, showing the Before You Begin page](images/wip-applocker-secpol-wizard-1.png) - -5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. - - ![Create Packaged app Rules wizard, showing the Before You Begin page](images/wip-applocker-secpol-wizard-2.png) - -6. On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area. - - ![Create Packaged app Rules wizard, showing the Publisher](images/wip-applocker-secpol-wizard-3.png) - -7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Dynamics 365. - - ![Create Packaged app Rules wizard, showing the Select applications page](images/wip-applocker-secpol-wizard-4.png) - -8. On the updated **Publisher** page, click **Create**. - - ![Create Packaged app Rules wizard, showing the Microsoft Dynamics 365 on the Publisher page](images/wip-applocker-secpol-wizard-5.png) - -9. Click **No** in the dialog box that appears, asking if you want to create the default rules. You must not create default rules for your WIP policy. - - ![Create Packaged app Rules wizard, showing the Microsoft Dynamics 365 on the Publisher page](images/wip-applocker-default-rule-warning.png) - -9. Review the Local Security Policy snap-in to make sure your rule is correct. - - ![Local security snap-in, showing the new rule](images/wip-applocker-secpol-create.png) - -10. In the left blade, right-click on **AppLocker**, and then click **Export policy**. - - The **Export policy** box opens, letting you export and save your new policy as XML. - - ![Local security snap-in, showing the Export Policy option](images/wip-applocker-secpol-export.png) - -11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**. - - The policy is saved and you’ll see a message that says 1 rule was exported from the policy. - - **Example XML file**
    - This is the XML file that AppLocker creates for Microsoft Dynamics 365. - - ```xml - - - - - - - - - - - - - - - - - ``` - -12. After you’ve created your XML file, you need to import it by using Microsoft Intune. - -**To import your list of Protected apps using Microsoft Intune** - -1. From the **Protected apps** area, click **Import apps**. - - The blade changes to let you add your import file. - - ![Microsoft Intune, Importing your AppLocker policy file using Intune](images/wip-azure-import-apps.png) - -2. Browse to your exported AppLocker policy file, and then click **Open**. - - The file imports and the apps are added to your **Allowed app** list. - -### Add exempt apps to your policy -If you're running into compatibility issues where your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak. - -**To exempt a Store app, a Desktop app, or an AppLocker policy file from the Protected apps list** - -1. From the **App policy** blade, click the name of your policy, and then click **Exempt apps** from the menu that appears. - - The **Exempt apps** blade appears, showing you any apps that are already included in the list for this policy. - -2. From the **Exempt apps** blade, click **Add apps**. - - Be aware that when you exempt apps, they’re allowed to bypass the WIP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-apps-to_your-allowed-apps-list) section of this topic. - -3. Fill out the rest of the app info, based on the type of app you’re adding: - - - **Recommended app.** Follow the instructions in the [Add a Recommended app to your Protected apps list](#add-a-recommended-app-to_your-allowed-apps-list) section of this topic. - - - **Store app.** Follow the instructions in the [Add a Store app to your Protected apps list](#add-a-store-app-to_your-allowed-apps-list) section of this topic. - - - **Desktop app.** Follow the instructions in the [Add a Desktop app to your Protected apps list](#add-a-desktop-app-to_your-allowed-apps-list) section of this topic. - - - **AppLocker policy file.** Follow the instructions to create your app list in the [Import a list of apps to your Protected apps list](#import-a-list-of-apps-to_your-allowed-apps-list) section of this topic, using a list of exempted apps. - -4. Click **OK**. - -## Manage your Required settings -In the **Required settings** blade you must pick your Windows Information Protection mode and you can review or change your **Corporate identity**. - -### Manage the WIP protection mode for your enterprise data -After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode. - -We recommend that you start with **Silent** or **Allow Overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. - ->[!NOTE] ->For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md). - -**To add your protection mode** - -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Required settings** from the menu that appears. - - The **Required settings** blade appears. - - ![Microsoft Intune, Required settings blade showing Windows Information Protection mode](images/wip-azure-required-settings-protection-mode.png) - - |Mode |Description | - |-----|------------| - |Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.| - |Allow Overrides |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| - |Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Allow Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.| - |Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.

    After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on.| - -2. Click **Save**. - -### Define your enterprise-managed corporate identity -Corporate identity, usually expressed as your primary Internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you’ve marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies. - -Starting with Windows 10, version 1703, Intune automatically determines your corporate identity and adds it to the **Corporate identity** field. - -**To change your corporate identity** - -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Required settings** from the menu that appears. - - The **Required settings** blade appears. - -2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add additional domains, for example your email domains, you can do it in the **Advanced settings** area. - - ![Microsoft Intune, Set your corporate identity for your organization](images/wip-azure-required-settings-corp-identity.png) - -## Manage your Advanced settings -In the **Advanced settings** blade you must specify where apps can access your corporate data, upload a Data Recovery Agent (DRA) certificate, and set several optional data protection and access settings. - -### Choose where apps can access enterprise data -After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. - -Intune will add SharePoint sites that are discovered through the Graph API. You must add other network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT). - ->[!Important] ->Every WIP policy should include policy that defines your enterprise network locations.
    Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations. - -**To define where your allowed apps can find and send enterprise data on you network** - -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Advanced settings** from the menu that appears. - - The **Advanced settings** blade appears. - -2. Click **Add network boundary** from the **Network perimeter** area. - - The **Add network boundary** blade appears. - - ![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png) - -3. Select the type of network boundary to add from the **Boundary type** box. - -4. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Boundary typeValue formatDescription
    Cloud ResourcesWith proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
    contoso.visualstudio.com,contoso.internalproxy2.com

    Without proxy: contoso.sharepoint.com|contoso.visualstudio.com    		Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.
    Network domain namescorp.contoso.com,region.contoso.comStarting with Windows 10, version 1703, this field is optional.

    Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

    If you have multiple resources, you must separate them using the "," delimiter.
    Proxy serversproxy.contoso.com:80;proxy2.contoso.com:443Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

    This list shouldn’t include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.

    If you have multiple resources, you must separate them using the ";" delimiter.
    Internal proxy serverscontoso.internalproxy1.com;contoso.internalproxy2.comSpecify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.

    This list shouldn’t include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.

    If you have multiple resources, you must separate them using the ";" delimiter.
    IPv4 ranges**Starting IPv4 Address:** 3.4.0.1
    **Ending IPv4 Address:** 3.4.255.254
    **Custom URI:** 3.4.0.1-3.4.255.254,
    10.0.0.1-10.255.255.254    		Starting with Windows 10, version 1703, this field is optional.

    Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries.

    If you have multiple ranges, you must separate them using the "," delimiter.
    IPv6 ranges**Starting IPv6 Address:** 2a01:110::
    **Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff
    **Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
    fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff    		Starting with Windows 10, version 1703, this field is optional.

    Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries.

    If you have multiple ranges, you must separate them using the "," delimiter.
    Neutral resourcessts.contoso.com,sts.contoso2.comSpecify your authentication redirection endpoints for your company.

    These locations are considered enterprise or personal, based on the context of the connection before the redirection.

    If you have multiple resources, you must separate them using the "," delimiter.
    - -5. Repeat steps 1-4 to add any additional network boundaries. - -6. Decide if you want to Windows to look for additional network settings: - - ![Microsoft Intune, Choose if you want Windows to search for additional proxy servers or IP ranges in your enterprise](images/wip-azure-advanced-settings-network-autodetect.png) - - - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click **On** for Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network.Click **Off** and Windows searches for additional proxy servers in your immediate network. - - - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click **On** for Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. Click **Off** and Windows searches for additional IP ranges on any domain-joined devices connected to your network. - -### Upload your Data Recovery Agent (DRA) certificate -After you create and deploy your WIP policy to your employees, Windows begins to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the Data Recovery Agent (DRA) certificate lets Windows use an included public key to encrypt the local data while you maintain the private key that can unencrypt the data. - ->[!Important] ->Using a DRA certificate isn’t mandatory. However, we strongly recommend it. For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) topic. - -**To upload your DRA certificate** -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Advanced settings** from the menu that appears. - - The **Advanced settings** blade appears. - -2. In the **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy. - - ![Microsoft Intune, Upload your Data Recovery Agent (DRA) certificate](images/wip-azure-advanced-settings-efsdra.png) - -### Choose your optional WIP-related settings -After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings. - -**To set your optional settings** - -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Advanced settings** from the menu that appears. - - The **Advanced settings** blade appears. - -2. Choose to set any or all optional settings: - - ![Microsoft Intune, Choose if you want to include any of the optional settings](images/wip-azure-advanced-settings-optional.png) - - - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: - - - **On (recommended).** Turns on the feature and provides the additional protection. - - - **Off** Doesn't enable this feature. - - - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: - - - **On (recommended).** Revokes local encryption keys from a device during unenrollment. - - - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions. - - - **Revoke access to protected data when the device enrolls to MDM.** Determines whether to revoke a user's WIP keys when a device is upgraded from MAM to a higher-security MDM solution. The options are: - - - **On.** Revokes the encryption keys from a device when it's upgraded from MAM to MDM. - - - **Off.** Encryption keys aren't removed and the user can continue to access protected files. This is the recommended setting if the MDM service uses the same WIP EnterpriseID value as the MAM service. - - - **Show the enterprise data protection icon.** Determines whether an icon appears on corporate files in the **Save As** and **File Explorer** views. The options are: - - - **On.** Allows an icon to appear on corporate files in the **Save As** and **File Explorer** views. Additionally, for unenlightened but allowed apps, the icon also appears on the app tile and with Managed text on the app name in the **Start** menu. - - - **Off (recommended).** Stops the icon from appearing on corporate files or unenlightened, but allowed apps. By default, this is turned off. - - - **Use Azure RMS for WIP.** Determines whether to use Azure Rights Management encryption with Windows Information Protection. The options are: - - - **On.** Starts using Azure Rights Management encryption with WIP. By turning this option on, you can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. For more info about setting up Azure Rights management and using a template ID with WIP, see the [Choose to set up Azure Rights Management with WIP](#choose-to-set-up-azure-rights-management-with-wip) section of this topic. - - - **Off.** Stops using Azure Rights Management encryption with WIP. - - - **MDM discovery URL.** Lets the **Windows Settings** > **Accounts** > **Access work or school** sign-in offer an **Upgrade to MDM** link. Additionally, this lets you switch to another MDM provider, so that Microsoft Intune can manage MAM, while the new MDM provider manages the MDM devices. By default, this is specified to use Microsoft Intune. - -#### Choose to set up Azure Rights Management with WIP -WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. - -To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. - -Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. - ->[!IMPORTANT] ->Curly braces -- {} -- are required around the RMS Template ID. - ->[!NOTE] ->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. - -### Choose whether to use and configure Windows Hello for Business -You can turn on Windows Hello for Business, letting your employees use it as a sign-in method for their devices. - -**To turn on and configure Windows Hello for Business** - -1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Advanced settings** from the menu that appears. - - The **Advanced settings** blade appears. - -2. Choose to turn on and configure the Windows Hello for Business settings: - - ![Microsoft Intune, Choose to use Windows Hello for Business](images/wip-azure-access-options.png) - - - **Use Windows Hello for Business as a method for signing into Windows.** Turns on Windows Hello for Business. The options are: - - - **On.** Turns on Windows Hello For Business for anyone assigned to this policy. - - - **Off.** Turns off Windows Hello for Business. - - - **Set the minimum number of characters required for the PIN.** Enter a numerical value (4-127 characters) for how many characters must be used to create a valid PIN. Default is 4 characters. - - - **Configure the use of uppercase letters in the Windows Hello for Business PIN.** Lets you decide whether uppercase letters can be used in a valid PIN. The options are: - - - **Allow the use of uppercase letters in PIN.** Lets an employee use uppercase letters in a valid PIN. - - - **Require the use of at least one uppercase letter in PIN.** Requires an employee to use at least 1 uppercase letter in a valid PIN. - - - **Do not allow the use of uppercase letters in PIN.** Prevents an employee from using uppercase letters in a valid PIN. - - - **Configure the use of lowercase letters in the Windows Hello for Business PIN.** Lets you decide whether lowercase letters can be used in a valid PIN. The options are: - - - **Allow the use of lowercase letters in PIN.** Lets an employee use lowercase letters in a valid PIN. - - - **Require the use of at least one lowercase letter in PIN.** Requires an employee to use at least 1 lowercase letter in a valid PIN. - - - **Do not allow the use of lowercase letters in PIN.** Prevents an employee from using lowercase letters in a valid PIN. - - - **Configure the use of special characters in the Windows Hello for Business PIN.** Lets you decide whether special characters can be used in a valid PIN. The options are: - - - **Allow the use of special characters in PIN.** Lets an employee use special characters in a valid PIN. - - - **Require the use of at least one special character in PIN.** Requires an employee to use at least 1 special character in a valid PIN. - - - **Do not allow the use of special characters in PIN.** Prevents an employee from using special characters in a valid PIN. - - - **Specify the period of time (in days) that a PIN can be used before the system requires the user to change it.** Enter a numerical value (0-730 days) for how many days can pass before a PIN must be changed. If you enter a value of 0, the PIN never expires. - - - **Specify the number of past PINs that can be associated to a user account that can't be reused.** Enter a numerical value (0-50 days) for how many days can pass before an employee can reuse a previous PIN. If you enter a value of 0, a PINs can be reused immediately and past PINs aren't stored. - - >[!NOTE] - >PIN history is not preserved through a PIN reset. - - - **Number of authentication failures allowed before the device will be wiped.** Enter a numerical value for how many times the PIN can be incorrectly entered before wiping the device of corporate data. If you enter a value of 0, the device is never wiped, regardless of the number of incorrect PIN entries.

    This setting has different behavior for mobile devices and desktops. - - - **On mobile devices.** When an employee reaches the value set here, the device is wiped of corporate data. - - - **On desktop devices.** When an employee reaches the value set here, the desktop is put into BitLocker recovery mode, instead of being wiped. You must have BitLocker installed on the device or this setting is ignored. - - - **Maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.** Enter a numerical value for how many days can pass before a PIN must be changed. If you enter a value of 0, the device never becomes PIN or password locked while idle. - - >[!NOTE] - >You can set this value to be anything; however, it can't be longer than the time specified by the **Settings** app. If you exceed the maximum timeout value, this setting is ignored. - - -## Deploy your policy -After you’ve created your policy, you'll need to deploy it to your employees. MAM is deployed to users and not devices. - -**To deploy your policy** - -1. On the **Client apps - App protection policies** pane, click your newly-created policy, click **Assignments** from the menu that appears, and then click **Select groups**. - - A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** pane. - -2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy. - - The policy is deployed to the selected group. - - ![Microsoft Intune, Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png) - -## Related topics - -- [Implement server-side support for mobile application management on Windows](https://docs.microsoft.com/windows/client-management/mdm/implement-server-side-mobile-application-management) - -- [Microsoft Intune - Mobile Application Management (MAM) standalone blog post](https://blogs.technet.microsoft.com/cbernier/2016/01/05/microsoft-intune-mobile-application-management-mam-standalone/) - -- [MAM-supported apps](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) - -- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) - -- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) - -- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md) diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index f76e952f71..84fcae9939 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/05/2019 --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune @@ -40,8 +40,5 @@ After you’ve created your Windows Information Protection (WIP) policy, you'll >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). ## Related topics -- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) - -- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md deleted file mode 100644 index 6f1c74f23f..0000000000 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune (Windows 10) -description: After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. -ms.assetid: 9c4a01e7-0b1c-4f15-95d0-0389f0686211 -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, Intune -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: justinha -ms.author: justinha -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 02/26/2019 ---- - -# Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune -**Applies to:** - -- Windows 10, version 1607 and later -- Windows 10 Mobile, version 1607 and later - -After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. Enrollment can be done for business or personal devices, allowing the devices to use your managed apps and to sync with your managed content and information. - -**To deploy your WIP policy** - -1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button. - - ![Microsoft Intune: Click the Manage Deployment link from the Configuration Policies screen](images/intune-managedeployment.png) - -2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.

    -The added people move to the **Selected Groups** list on the right-hand pane. - - ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-groupselection.png) - -3. After you've picked all of the employees and groups that should get the policy, click **OK**.

    -The policy is deployed to the selected users' devices. - ->[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). - -## Related topics -- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) - -- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) - -- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) \ No newline at end of file diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 3b2125c461..bcad37a020 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -63,7 +63,7 @@ This section covers how WIP works with sensitivity labels in specific use cases. ### User downloads from or creates a document on a work site -If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regradless of whether the document has a sensitivity label. +If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regardless of whether the document has a sensitivity label. If the document also has a sensitivity label, which can be Office or PDF files, WIP protection is applied according to the label. diff --git a/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png b/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png new file mode 100644 index 0000000000..848ff120a2 Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png differ diff --git a/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png b/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png new file mode 100644 index 0000000000..345093afc8 Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png differ diff --git a/windows/security/information-protection/windows-information-protection/images/mobility-provider.png b/windows/security/information-protection/windows-information-protection/images/mobility-provider.png new file mode 100644 index 0000000000..280a0531dc Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/mobility-provider.png differ diff --git a/windows/security/information-protection/windows-information-protection/images/recommended-apps.png b/windows/security/information-protection/windows-information-protection/images/recommended-apps.png new file mode 100644 index 0000000000..658cbb343b Binary files /dev/null and b/windows/security/information-protection/windows-information-protection/images/recommended-apps.png differ diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index a795c151fc..1e633ed77d 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -12,7 +12,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 03/04/2019 +ms.date: 03/06/2019 ms.localizationpriority: medium --- @@ -75,6 +75,11 @@ This table provides info about the most common problems you might encounter whil Apps might encounter access errors while attempting to read a cached, offline file. Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

    Note
    For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045). + + An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device. +

    Data copied from the WIP-managed device is marked as Work.

    Data copied to the WIP-managed device is not marked as Work.

    Local Work data copied to the WIP-managed device remains Work data.

    Work data that is copied between two apps in the same session remains data. + Disable RDP to prevent access because there is no way to restrict access to only devices managed by WIP. RDP is disabled by default. + You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer. A message appears stating that the content is marked as Work and the user isn't given an option to override to Personal. diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index ecb1b8af14..4c8459fac2 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/05/2019 --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) @@ -24,13 +24,10 @@ ms.date: 02/26/2019 This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise. ->[!IMPORTANT] ->All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md), based on the tool you're using in your organization. - |Task|Description| |----|-----------| |Add at least one app to the **Protected apps** list in your WIP policy.|You must have at least one app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics.| -|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Hide Overrides**. For more info about where this area is and how to decide on your protection level, see the **Manage the WIP protection mode for your enterprise data** section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| +|Choose your WIP protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the **Manage the WIP protection mode for your enterprise data** section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.

    Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.| |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.

    Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.| diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index eca0d84acb..3af1d9b274 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/11/2019 --- # Create a Windows Information Protection (WIP) policy using Microsoft Intune @@ -27,8 +27,6 @@ Microsoft Intune helps you create and deploy your enterprise data protection (WI ## In this section |Topic |Description | |------|------------| -|[Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md)|Details about how to use the Azure portal for Microsoft Intune to create and deploy your WIP policy with MDM (Mobile Device Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. | -|[Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md)|Details about how to use the Azure portal for Microsoft Intune to create your WIP policy with MAM (Mobile Application Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.| -|[Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](create-wip-policy-using-intune.md) |Details about how to use the classic console for Microsoft Intune to create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. | +|[Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md)|Details about how to use the Azure portal for Microsoft Intune to create and deploy your WIP policy with MDM (Mobile Device Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. | |[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. | |[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). | diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 5768cd40ed..626c296a9d 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/05/2019 --- # Protect your enterprise data using Windows Information Protection (WIP) @@ -147,7 +147,7 @@ You can set your WIP policy to use 1 of 4 protection and management modes: |Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.| |Allow overrides |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log.| |Silent |WIP runs silently, logging inappropriate data sharing, without stopping anything that would’ve been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.| -|Off |WIP is turned off and doesn't help to protect or audit your data.

    After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on.

    **Note**
    For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution. | +|Off |WIP is turned off and doesn't help to protect or audit your data.

    After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn’t automatically reapplied if you turn WIP protection back on. | ## Turn off WIP You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn’t recommended. If you choose to turn WIP off, you can always turn it back on, but your decryption and policy info won’t be automatically reapplied. diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index b00cdeb40f..6f698cb26c 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/05/2019 --- # Testing scenarios for Windows Information Protection (WIP) @@ -55,7 +55,7 @@ You can try any of the processes included in these scenarios, but you should foc Create work documents in enterprise-allowed apps. For desktop:

      -
    • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
      Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

      Important
      Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

      For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.
      • +
    • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
      Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

      Important
      Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

      For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.
    For mobile:

      @@ -150,7 +150,7 @@ You can try any of the processes included in these scenarios, but you should foc Verify your Virtual Private Network (VPN) can be auto-triggered.
        -
      1. Set up your VPN network to start based on the WIPModeID setting.
        For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) topic.
        2. +
      2. Set up your VPN network to start based on the WIPModeID setting.
        For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune-azure.md) topic.
      3. Start an app from your allowed apps list.
        The VPN network should automatically start.
      4. Disconnect from your network and then start an app that isn't on your allowed apps list.
        The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
      diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index f90703feef..177a70d01a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -105,6 +105,7 @@ ### [Get started](windows-defender-atp/get-started.md) +#### [What's new in Windows Defender ATP](windows-defender-atp/whats-new-in-windows-defender-atp.md) #### [Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) #### [Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md) #### [Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md) @@ -142,7 +143,6 @@ ###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) ##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md) ##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) -###### [Customize controlled folder access](windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md) ##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md) ###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md) ##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) @@ -465,9 +465,6 @@ ### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -### [Use attack surface reduction rules in Windows 10 Enterprise E3](windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md) - - ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) ### [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md index 6261639989..1deaa652b8 100644 --- a/windows/security/threat-protection/change-history-for-threat-protection.md +++ b/windows/security/threat-protection/change-history-for-threat-protection.md @@ -1,5 +1,5 @@ --- -title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +title: Change history for [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) description: This topic lists new and updated topics in the WWindows Defender ATP content set. ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index e2554705b5..1439390f50 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -13,7 +13,7 @@ ms.date: 02/22/2019 # How to control USB devices and other removable media using Windows Defender ATP -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Windows Defender ATP provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices: diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index c3218e2541..44c4ef2a2f 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium --- # Threat Protection -[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture. +[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.

      Windows Defender ATP

      diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 5ff176e25a..4854c2e53f 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -5,7 +5,7 @@ keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, d ms.prod: w10 ms.mktglfcycl: secure ms.sitesec: library -ms.localizationpriority: medium +ms.localizationpriority: high ms.author: ellevin author: levinec manager: dansimp @@ -40,9 +40,9 @@ Windows Defender Antivirus is part of the [next generation](https://www.youtub The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware"). -- November - December 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) **Latest** +- November - December 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWusR9) **Latest** - Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 19,956 malware samples. + Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 19,956 malware samples. This is the fourth consecutive cycle that Windows Defender Antivirus achieved a perfect score. - September - October 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/october-2018/microsoft-windows-defender-antivirus-4.18-184174/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWqOqD) diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md index 06978674b3..61bd6e91de 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md +++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in. diff --git a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md index 52f53a81bb..2d08b48bfe 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 12/10/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can perform various Windows Defender Antivirus functions with the dedicated command-line tool mpcmdrun.exe. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md index 2af6cfcbc3..b2246f6bc2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can manage and configure Windows Defender Antivirus with the following tools: diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md index b916b9c91e..5714563915 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md @@ -19,7 +19,7 @@ ms.date: 10/25/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) **Use Microsoft Intune to configure scanning options** diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 8f34c26265..b5d15d6b55 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Block at first sight is a feature of next gen protection that provides a way to detect and block new malware within seconds. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md index e78a18862c..d7ffbcbafd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When Windows Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md). diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md index f467dac2b6..d72265f76a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can configure how users of the endpoints on your network can interact with Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md index ca5c66c4f2..430acbec64 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index a9db1100c9..78351fac00 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 12/10/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md index 833abbcaff..9feb4b7840 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) By default, Windows Defender Antivirus settings that are deployed via a Group Policy Object to the endpoints in your network will prevent users from locally changing the settings. You can change this in some instances. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md index 0cb2288b2e..71db8e1517 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 10/08/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md index 8a98cffbc7..9874e1fe22 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) In Windows 10, application notifications about malware detection and remediation are more robust, consistent, and concise. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md index 40785cfdec..15f82314e7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 12/10/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can exclude files that have been opened by specific processes from Windows Defender Antivirus scans. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md index acb2c79bcf..de47e8d1a8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus uses several methods to provide threat protection: diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md index e063f1fda5..84cef362eb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 11/13/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Always-on protection consists of real-time protection, behavior monitoring, and heuristics to identify malware based on known suspicious and malicious activities. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md index 35159b5198..d09e59a96a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender Antivirus should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats. diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md index c075da4014..4afd9a96e5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md @@ -11,14 +11,13 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 09/03/2018 --- # Configure Windows Defender Antivirus exclusions on Windows Server **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus on Windows Server 2016 computers automatically enrolls you in certain exclusions, as defined by your specified server role. See [the end of this topic](#list-of-automatic-exclusions) for a list of these exclusions. @@ -159,6 +158,9 @@ This section lists the default exclusions for all Windows Server 2016 roles. - The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File` + > [!NOTE] + > For custom locations, see [Opt out of automatic exclusions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus#opt-out-of-automatic-exclusions). + - *%systemdrive%*\System Volume Information\DFSR\\$db_normal$ - *%systemdrive%*\System Volume Information\DFSR\FileIDTable_* diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md index 1451728ecf..862b5513c4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can configure Windows Defender Antivirus with a number of tools, including: diff --git a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md index ae4eee36d6..b719577c49 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use Group Policy, PowerShell, and Windows Management Instrumentation (WMI) to configure Windows Defender Antivirus scans. diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md index d142dad965..b2bfc0807f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can deploy, manage, and report on Windows Defender Antivirus in a number of ways. diff --git a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md index 59b048bfda..df219115d7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Depending on the management tool you are using, you may need to specifically enable or configure Windows Defender Antivirus protection. diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index 06b879559b..1bf3ab9c2f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) In addition to standard on-premises or hardware configurations, you can also use Windows Defender Antivirus in a remote desktop (RDS) or virtual desktop infrastructure (VDI) environment. diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md index 475e161a65..37859694d9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 10/02/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network. diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md index 5d2d921020..8a846cc675 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!NOTE] >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md index e40b93abd1..c937715d4a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Use this guide to determine how well Windows Defender Antivirus protects you from viruses, malware, and potentially unwanted applications. diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md index 923a59f0ba..93ef8703d6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md @@ -20,7 +20,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md index 6b53608726..4e04685c61 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md index b79024274c..9a77e63d64 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md index bb3a6e46d7..4f8774109a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus lets you determine when it should look for and download updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md index 9f27cec145..f05c21e0b5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md index c43a3b2399..99e2c737d9 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) There are two types of updates related to keeping Windows Defender Antivirus up to date: 1. Protection updates diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md index b62b1c4182..93a9e45f84 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Mobile devices and VMs may require additional configuration to ensure performance is not impacted by updates. diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md index 880d56c9e3..a156c5b1dd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use Group Policy to prevent users on endpoints from seeing the Windows Defender Antivirus interface. You can also prevent them from pausing scans. diff --git a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md index efa0d8b522..6e22b89713 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md index 10d6f5bedc..1718727ee2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 11/16/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) If Windows Defender Antivirus is configured to detect and remediate threats on your device, Windows Defender Antivirus quarantines suspicious files. If you are certain these files do not present a threat, you can restore them. diff --git a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md index c75f970b7b..ae3a67efe6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-windows-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-windows-defender-antivirus.md), the results are recorded and you can view the results. diff --git a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md index 7f0a6d6037..15a9be7d17 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type. diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index 74b72c9ab1..b22dc34733 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 12/10/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!NOTE] > By default, Windows Defender Antivirus checks for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default. diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md index 9a2b331fae..089226de14 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can specify the level of cloud-protection offered by Windows Defender Antivirus with Group Policy and System Center Configuration Manager. diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md index d1ae21771c..85b5650e9c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When you use [Windows Analytics Update Compliance to obtain reporting into the protection status of machines or endpoints](/windows/deployment/update/update-compliance-using#wdav-assessment) in your network that are using Windows Defender Antivirus, you may encounter problems or issues. diff --git a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md index d23df5b8f1..0bdced17c6 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/11/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) If you encounter a problem with Windows Defender Antivirus, you can search the tables in this topic to find a matching issue and potential solution. diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md index f1a344b3d2..dcb8f76069 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use [Group Policy](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx) to configure and manage Windows Defender Antivirus on your endpoints. diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md index 89cf104935..566898708b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) If you are using System Center Configuration Manager or Microsoft Intune to manage the endpoints on your network, you can also use them to manage Windows Defender Antivirus scans. diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md index 73fca55e16..8e45003982 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can use PowerShell to perform various functions in Windows Defender. Similar to the command prompt or command line, PowerShell is a task-based command-line shell and scripting language designed especially for system administration, and you can read more about it at the [PowerShell hub on MSDN](https://msdn.microsoft.com/powershell/mt173057.aspx). diff --git a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md index 0ae7bc9771..c4f3239b0c 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Management Instrumentation (WMI) is a scripting interface that allows you to retrieve, modify, and update settings. diff --git a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md index 0d0f8bbae9..59ec895413 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index c58bf2bb8a..449d118890 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 7e7820edbb..de41958e5e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md index 2434b61627..f38d0b3823 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same. diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md index 9c669d0de5..e860e58f69 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md index 6a03421f8d..4b78bafccb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md @@ -18,7 +18,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) In Windows 10, version 1703 and later, the Windows Defender app is part of the Windows Security. diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 3579ace8b1..80dbb5a03b 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -13,7 +13,7 @@ ms.date: 10/17/2017 # Configure Windows Defender Application Guard policy settings -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain. diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md index 0c72267505..0fe3b780be 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md @@ -13,7 +13,7 @@ ms.date: 11/07/2017 # Frequently asked questions - Windows Defender Application Guard -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index 0d185ae9bd..2ee928baee 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -14,7 +14,7 @@ ms.date: 02/19/2019 # Prepare to install Windows Defender Application Guard **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ## Review system requirements diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index 72eb82edac..2f08cd9670 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -13,7 +13,7 @@ ms.date: 11/09/2017 # System requirements for Windows Defender Application Guard -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md index 798a74c87b..8f6c1b0a34 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md @@ -14,7 +14,7 @@ ms.date: 01/16/2019 # Application Guard testing scenarios -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization. diff --git a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md index 16fa6c33df..b38bfa09f5 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md +++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md @@ -13,7 +13,7 @@ ms.date: 11/27/2018 # Windows Defender Application Guard overview -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 59406a457e..ef54564a38 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -346,7 +346,7 @@ ####[Configure information protection in Windows](information-protection-in-windows-config.md) -### [Configure Windows Security app settings](preferences-setup-windows-defender-advanced-threat-protection.md) +### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) #### General ##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md) ##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index c87fd3c401..938b358427 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/16/2018 # Configure advanced features in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md index 3589cf3196..6c0c82d32d 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 3fbf85c93e..467af897d1 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/01/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md index d0a2edbc27..fb04442da2 100644 --- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # View and organize the Windows Defender Advanced Threat Protection Alerts queue **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index edd3eab3fe..1cec1b5053 100644 --- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 10/16/2017 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md index e6775508c0..bc87a4503f 100644 --- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 11/28/2018 **Applies to:** - Azure Active Directory - Office 365 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md index 76ba536762..a86ee0b027 100644 --- a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 11/20/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md index 6317c4b3cb..d9fa05ab08 100644 --- a/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.topic: article **Applies to:** - Azure Active Directory -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md index 3571e067fc..007cfbede6 100644 --- a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # Check sensor health state in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md index bbe7653865..35ed4d4458 100644 --- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 # Access the Windows Defender ATP Community Center **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md index 0db8c85384..d3dff32b11 100644 --- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.topic: article # Enable conditional access to better protect users, devices, and data **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md index 852dfacc9f..d418764a45 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 12/20/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -97,8 +97,8 @@ The following steps assume that you have completed all the required steps in [Be For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", you must type "WDATP-Connector" as the name of the client property file. - + @@ -107,7 +107,7 @@ The following steps assume that you have completed all the required steps in [Be - diff --git a/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md index b57e79e61b..cd442ff5d6 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 09/03/2018 # Configure conditional access in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) This section guides you through all the steps you need to take to properly implement conditional access. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index d926b28800..878472814f 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 10/08/2018 # Configure alert notifications in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index ad6b565b7e..de59ce12b7 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 04/24/2018 - Group Policy -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 7eb6e5ace0..57ba954930 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 12/06/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index 541f53e85e..de556b2903 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.topic: article - macOS - Linux -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index 4136a69a74..c378ca8d9d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 12/11/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - System Center 2012 Configuration Manager or later versions diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index 14a13f7b3a..fee63e07dd 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md index 89b42c84ff..dc4a53e6ea 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 07/12/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index dca722db26..f518883f9b 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -21,7 +21,7 @@ ms.date: 02/28/2019 # Configure and manage Microsoft Threat Experts capabilities **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease�information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md index 785c598a10..738c8f0548 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 09/03/2018 # Configure managed security service provider integration **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 6c38860bcb..64a8b911a7 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -15,14 +15,13 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 02/14/2019 --- # Configure machine proxy and Internet connectivity settings **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -96,7 +95,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Service location | Microsoft.com DNS record :---|:--- -Common URLs for all locations | ```*.blob.core.windows.net```
      ```crl.microsoft.com```
      ```ctldl.windowsupdate.com```
      ```events.data.microsoft.com``` +Common URLs for all locations | ```*.blob.core.windows.net```
      ```crl.microsoft.com```
      ```ctldl.windowsupdate.com```
      ```events.data.microsoft.com```
      ```notify.windows.com``` European Union | ```eu.vortex-win.data.microsoft.com```
      ```eu-v20.events.data.microsoft.com```
      ```winatp-gw-neu.microsoft.com```
      ```winatp-gw-weu.microsoft.com``` United Kingdom | ```uk.vortex-win.data.microsoft.com```
      ```uk-v20.events.data.microsoft.com```
      ```winatp-gw-uks.microsoft.com```
      ```winatp-gw-ukw.microsoft.com``` United States | ```us.vortex-win.data.microsoft.com```
      ```us-v20.events.data.microsoft.com```
      ```winatp-gw-cus.microsoft.com```
      ```winatp-gw-eus.microsoft.com``` diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index 93dc8a9bec..4b98079963 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.date: 12/14/2018 - Windows Server 2016 - Windows Server, version 1803 - Windows Server, 2019 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md index b59c733f97..04c596750a 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 10/16/2017 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md index 2177e72018..baf0a25a95 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 10/16/2017 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -69,7 +69,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. - @@ -111,7 +111,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. - + diff --git a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md index 3938e9b3f5..632b9691c5 100644 --- a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md @@ -21,7 +21,7 @@ ms.date: 10/29/2018 # Create custom detections rules **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) 1. In the navigation pane, select **Advanced hunting**. diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md index 14a91c2829..bc9982d2ae 100644 --- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md index 911625d579..8a393d5b81 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index 92e081ea4a..67780a3f78 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/07/2018 --- # Windows Defender ATP data storage and privacy @@ -55,7 +54,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik ## Do I have the flexibility to select where to store my data? -When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States. +When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States, or dedicated Azure Government data centers (soon to be in preview). Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States. ## Is my data isolated from other customer data? Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. @@ -70,6 +69,9 @@ Microsoft developers and administrators have, by design, been given sufficient p Additionally, Microsoft conducts background verification checks of certain operations personnel, and limits access to applications, systems, and network infrastructure in proportion to the level of background verification. Operations personnel follow a formal process when they are required to access a customer’s account or related information in the performance of their duties. +Access to data for services deployed in Microsoft Azure Government data centers is only granted to operating personnel who have been screened and approved to handle data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. + + ## Is data shared with other customers? No. Customer data is isolated from other customers and is not shared. However, insights on the data resulting from Microsoft processing, and which don’t contain any customer specific data, might be shared with other customers. Each customer can only access data collected from its own organization and generic data that Microsoft provides. @@ -84,6 +86,7 @@ Your data will be kept and will be available to you while the licence is under g ## Can Microsoft help us maintain regulatory compliance? Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP is ISO 27001 certified and has a roadmap for obtaining national, regional and industry-specific certifications. +Windows Defender ATP for Government (soon to be in preview) is currently undergoing audit for achieving FedRAMP High accreditation as well as Provisional Authorization (PA) at Impact Levels 4 and 5. By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run. diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md index 61c31958f3..5050e3dcb1 100644 --- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 04/24/2018 - Windows Defender -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index aca29a67c7..49545c0428 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md index 73b494e5e7..c4590d0678 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md index c8e00fbc8f..b3d89ea8d0 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 12/10/2018 # Enable SIEM integration in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md b/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md index 1311f7c265..6dd9971ceb 100644 --- a/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/evaluate-atp.md @@ -19,7 +19,7 @@ ms.date: 08/10/2018 --- # Evaluate Windows Defender ATP -[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. +[Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. You can evaluate Windows Defender Advanced Threat Protection in your organization by [starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp). diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index af1f166fa2..f49caf3929 100644 --- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.date: 05/21/2018 - Event Viewer -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md index c41d6d1439..3e8ba14f02 100644 --- a/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 11/09/2017 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index c1c26a4658..3a5158d272 100644 --- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 10/23/2017 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md index 304062eb4b..4251da56b9 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 10/07/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Retrieves a map of CVE's to KB's and CVE details. diff --git a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md index f44abf8b92..1752cd4d91 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 10/07/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Retrieves a collection of KB's and KB details. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md index acd0502c87..412c1bd762 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 10/07/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Retrieves a collection of RBAC machine groups. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md index f118c229d5..0de146e30c 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 10/07/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Retrieves a collection of machines security states. diff --git a/windows/security/threat-protection/windows-defender-atp/get-started.md b/windows/security/threat-protection/windows-defender-atp/get-started.md index 22b8e3e7ee..6086863cb6 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-started.md +++ b/windows/security/threat-protection/windows-defender-atp/get-started.md @@ -21,7 +21,7 @@ ms.date: 11/20/2018 # Get started with Windows Defender Advanced Threat Protection **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!TIP] >- Learn about the latest enhancements in Windows Defender ATP: [What's new in Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md index c8959b8a9b..1a769c409b 100644 --- a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md +++ b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md @@ -19,7 +19,7 @@ ms.topic: conceptual # Incidents in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations. diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md index 7ca743699d..9eedb8b8f5 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md @@ -19,7 +19,7 @@ ms.date: 12/05/2018 # Configure information protection in Windows **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md index fc95457fbb..976dfff7e4 100644 --- a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md @@ -19,7 +19,7 @@ ms.date: 12/05/2018 # Information protection in Windows overview **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md index caeb9391f8..1c60dae5b7 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md index 8da3f67372..010408840d 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md index d9ae8a7faf..cf4b455f24 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md index 4bf073aca3..47c0edb764 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.topic: article # Investigate incidents in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them. diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md index b197fed832..cf77b8afb9 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 838654bcf3..2b9d2d90f5 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 09/18/2018 # Investigate machines in the Windows Defender ATP Machines list **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md index b47a079791..4260159191 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md index 42437e4204..c1e9c27b9c 100644 --- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md @@ -8,21 +8,20 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-tanewt -author: tbit0001 +ms.author: macapara +author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/16/2017 --- # Validate licensing provisioning and complete set up for Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md index 577b8b2663..653407fdf7 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 05/08/2018 - Azure Active Directory - Office 365 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index bf990d1101..c94234e9e1 100644 --- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-machinesview-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md index 660e1f0cd1..56f599b483 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 09/03/2018 # Manage Windows Defender Advanced Threat Protection alerts **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 94a7712aed..47c3f41079 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/14/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md index b3d4ebdb7c..84706f7a5a 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md index f559363b7a..23133475a4 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md index 649d06d0fa..8b8fa19749 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 010/08/2018 # Manage Windows Defender ATP incidents **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress. diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md index 0ff8691e5c..1ec412b1f3 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md index 8a0deb4397..f28e7a6997 100644 --- a/windows/security/threat-protection/windows-defender-atp/management-apis.md +++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md @@ -21,7 +21,7 @@ ms.date: 09/03/2018 # Overview of management and APIs **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mgt-apis-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md index 0c182b091a..52627d87be 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md @@ -21,7 +21,7 @@ ms.date: 10/19/2018 # Configure Microsoft Cloud App Security in Windows **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease�information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md index 75ad85f97d..6c2400b885 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md @@ -20,7 +20,7 @@ ms.date: 10/18/2018 # Microsoft Cloud App Security in Windows overview **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease�information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md index 3e66a55ad7..380af8ef33 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md @@ -20,7 +20,7 @@ ms.date: 02/28/2019 # Microsoft Threat Experts **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease�information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 02bcbfb594..27b07e63d4 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/20/2018 # Minimum requirements for Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) There are some minimum requirements for onboarding machines to the service. @@ -41,7 +41,7 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare). -For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf). +For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559). diff --git a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md index 1940bd5a74..dfd40d8852 100644 --- a/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 10/29/2018 # Managed security service provider support **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md index 9e1a9a8972..273bfed16c 100644 --- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.date: 04/24/2018 - Linux - Windows Server 2012 R2 - Windows Server 2016 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index bc7c30d8a2..a33cae087b 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/19/2018 # Onboard machines to the Windows Defender ATP service **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You need to turn on the sensor to give visibility within Windows Defender ATP. diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 0bccc2871e..0cb3ee7552 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.topic: article - Windows 7 SP1 Pro - Windows 8.1 Pro - Windows 8.1 Enterprise -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevel-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard.md b/windows/security/threat-protection/windows-defender-atp/onboard.md index 6a260ac891..319d254a8e 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard.md @@ -21,7 +21,7 @@ ms.date: 09/03/2018 # Configure and manage Windows Defender ATP capabilities **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization. diff --git a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md index c23a4512ad..c2617a285e 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md @@ -21,7 +21,7 @@ ms.date: 02/21/2019 # Overview of attack surface reduction **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Attack surface reduction capabilities in Windows Defender ATP helps protect the devices and applications in your organization from new and emerging threats. diff --git a/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md index a9c37011dc..13268d34ad 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md @@ -21,7 +21,7 @@ ms.date: 10/29/2018 # Custom detections overview **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Alerts in Windows Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. diff --git a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md index a282188a74..1fb9eea8e2 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md @@ -22,7 +22,7 @@ ms.date: 09/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md index 6bf35eb789..b86fea8fb4 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md @@ -18,7 +18,7 @@ ms.date: 09/07/2018 # Hardware-based isolation in Windows 10 -**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Windows Defender ATP. diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md index f23f20f711..8d95c6f102 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 09/12/2018 # Overview of advanced hunting **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. diff --git a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md index e6b0df0de0..33671e8778 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 09/03/2018 # Overview of Secure score in Windows Defender Security Center **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines. diff --git a/windows/security/threat-protection/windows-defender-atp/overview.md b/windows/security/threat-protection/windows-defender-atp/overview.md index 90ad7887df..f9989d69f7 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview.md +++ b/windows/security/threat-protection/windows-defender-atp/overview.md @@ -21,7 +21,7 @@ ms.date: 11/20/2018 # Overview of Windows Defender ATP capabilities **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform. diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index b32528daaa..05d103da75 100644 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # Windows Defender Advanced Threat Protection portal overview **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 6c737bf2c1..faa5965b72 100644 --- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/26/2018 # Create and build Power BI reports using Windows Defender ATP data **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md index 406846d961..4a47170925 100644 --- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # PowerShell code examples for the custom threat intelligence API **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md index 980babf64a..91b8900c14 100644 --- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 04/24/2018 # Configure Windows Defender Security Center settings **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md index 7095ae73d1..66f745bb56 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 04/24/2018 # Turn on the preview experience in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index b20c0b27fa..934fbed168 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.topic: conceptual # Windows Defender ATP preview features **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 69d7354d93..a29f67c9e1 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -15,13 +15,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 11/19/2018 --- # Pull Windows Defender ATP alerts using REST API **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -93,7 +92,7 @@ With an access token, your app can make authenticated requests to the Windows De ### Request syntax Method | Request URI :---|:---| -GET| Use the URI applicable for your region.

      **For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts`
      **For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts` +GET| Use the URI applicable for your region.

      **For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts`
      **For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts`
      **For UK**: `https://wdatp-alertexporter-uk.windows.com/api/alerts` ### Request header Header | Type | Description| @@ -134,7 +133,7 @@ The return value is an array of alert objects in JSON format. Here is an example return value: -```json +```json {"AlertTime":"2017-01-23T07:32:54.1861171Z", "ComputerDnsName":"desktop-bvccckk", "AlertTitle":"Suspicious PowerShell commandline", diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md index 01a648cb4f..f4b63ae583 100644 --- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md index f2c279e739..8446e86a04 100644 --- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 05/08/2018 **Applies to:** - Azure Active Directory - Office 365 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 8f7a09142a..5334c052ed 100644 --- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # Take response actions on a file **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md index c82e80bdbd..37e946eb11 100644 --- a/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/28/2018 # Take response actions on a machine **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md index 0c62d93571..6e0c39fbf7 100644 --- a/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/12/2017 # Take response actions in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md index ec866e736e..b5d51b9cf4 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md @@ -26,7 +26,7 @@ ms.date: 09/07/2018 - Windows Server 2016 - Windows Server, version 1803 - Windows Server, 2019 -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Run the following PowerShell script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md index 2a6ed6838b..d501a0d824 100644 --- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 10/26/2018 # Configure the security controls in Secure score **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Each security control lists recommendations that you can take to increase the security posture of your organization. diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md index 7c773ae71b..1c071364b8 100644 --- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 09/04/2018 # Windows Defender Security Center Security operations dashboard **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index 9189cf364e..a0ace19060 100644 --- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # Check the Windows Defender Advanced Threat Protection service health **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md index bc06fcaf60..14621034da 100644 --- a/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 12/01/2017 # Supported Windows Defender ATP query APIs **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md index bbcdcee3cf..225465fee0 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 09/03/2018 # Threat analytics for Spectre and Meltdown **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The **Threat analytics** dashboard provides insight on how emerging threats affect your organization. It provides information that's specific for your organization. diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md index a4669b615e..9a145edebb 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics.md @@ -20,7 +20,7 @@ ms.date: 10/29/2018 # Threat analytics **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats. diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md index 32eb1e6116..005f30d3e8 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md @@ -15,13 +15,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/03/2018 --- # Understand threat intelligence concepts **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md index 0791b9b679..026ac5e02d 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md @@ -22,7 +22,7 @@ ms.date: 12/03/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md index 04e187f344..71a2b48f0d 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md @@ -8,6 +8,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp @@ -19,13 +20,13 @@ ms.topic: article # Threat protection report in Windows Defender ATP **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease information](prerelease.md)] The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time. -The dashboard is structured into two columns: +The dashboard is structured into two sections: ![Image of the threat protection report](images/atp-threat-protection-reports.png) @@ -42,7 +43,7 @@ By default, the alert trends display alert information from the 30-day period en - 6 months - Custom -While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to 6 months. +While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to the current day. The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. diff --git a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md index 9fb06adc92..0a8c046f35 100644 --- a/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 02/13/2018 # Windows Defender Security Center time zone settings **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md index 89c8c201fd..500048787b 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/25/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md index 61bb32e5a1..3f520e22f4 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md @@ -8,8 +8,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-tanewt -author: tbit0001 +ms.author: macapara +author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -23,7 +23,7 @@ ms.date: 08/01/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 82e4b1c6f7..18107685ed 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 09/07/2018 # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - Windows Server 2012 R2 - Windows Server 2016 diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index e652ed98c1..a3097cd460 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 11/08/2018 # Troubleshoot SIEM tool integration issues **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md index ad0f8cbfec..a5bf6b10dc 100644 --- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 # Use the threat intelligence API to create custom alerts **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md index ac8f1799c4..07291b3a48 100644 --- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 03/12/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md index 89ee51ebff..ab60042a21 100644 --- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.topic: article # Create and manage roles for role-based access control **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-roles-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md index e4a0548379..5f6903dad8 100644 --- a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md +++ b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md @@ -20,7 +20,7 @@ ms.date: 10/08/2018 # View and organize the Windows Defender Advanced Threat Protection Incidents queue **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index f010ab338b..653d7f2a5e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -17,9 +17,9 @@ ms.author: v-anbic **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1803 or later, or Windows Server 2019. +Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019. To use attack surface reduction rules, you need a Windows 10 Enterprise E3 license or higher. A Windows E5 license gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the M365 Security Center. These advanced capabilities aren't available with an E3 license, but you can use attack surface reduction rule events in Event Viewer to help facilitate deployment. @@ -31,13 +31,13 @@ Attack surface reduction rules target behaviors that malware and malicious apps You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled. It's best to run all rules in audit mode first so you can understand their impact on your line-of-business applications. Many line-of-business applications are written with limited security concerns, and they may perform tasks similar to malware. By monitoring audit data and [adding exclusions](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction#exclude-files-and-folders-from-asr-rules) for necessary applications, you can deploy attack surface reduction rules without impacting productivity. -Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Windows Defender ATP Security Center and on the M365 console. +Triggered rules display a notification on the device. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. The notification also displays in the Windows Defender Security Center and in the Microsoft 365 securty center. For information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md). ## Attack surface reduction rules -The following sections describe each of the 15 attack surface reduction rules. This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy: +The following sections describe each of the 15 attack surface reduction rules. This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use System Center Configuration Manager or Microsoft Intune, you do not need the GUIDs: Rule name | GUID -|- @@ -219,7 +219,7 @@ This rule prevents Outlook from creating child processes. It protects against so >[!NOTE] >This rule applies to Outlook and Outlook.com only. -Intune name: Not yet available +Intune name: Process creation from Office communication products (beta) SCCM name: Not yet available @@ -229,7 +229,7 @@ GUID: 26190899-1602-49e8-8b27-eb1d0a1ce869 Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. This rule prevents attacks like this by blocking Adobe Reader from creating additional processes. -Intune name: Not applicable +Intune name: Process creation from Adobe Reader (beta) SCCM name: Not applicable @@ -238,4 +238,4 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c ## Related topics - [Enable attack surface reduction rules](enable-attack-surface-reduction.md) -- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) \ No newline at end of file +- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index a17ef04dd9..13222c4b4d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -19,7 +19,7 @@ ms.date: 09/18/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md index 9448ed601f..2906976656 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md @@ -18,7 +18,7 @@ ms.date: 08/08/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using attack surface reduction rules, network protection, exploit protection, and controlled folder access. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index 68bff70bd4..77098d4c10 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -18,7 +18,7 @@ ms.date: 11/29/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. Controlled folder access works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 2b00cbb179..b772be4c4c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -18,7 +18,7 @@ ms.date: 12/19/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index 5f501170df..05037553e3 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -11,14 +11,13 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 10/02/2018 --- # Customize controlled folder access **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. @@ -40,7 +39,7 @@ You can add additional folders to be protected, but you cannot remove the defaul Adding other folders to controlled folder access can be useful, for example, if you don't store files in the default Windows libraries or you've changed the location of the libraries away from the defaults. -You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +You can also enter network shares and mapped drives. Environment variables and wildcards are supported. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). You can use the Windows Security app or Group Policy to add and remove additional protected folders. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index 2ad55e0a66..ce3d7cb53f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -18,7 +18,7 @@ ms.date: 11/16/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md index 3b65d090e5..843e0e7f4c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md @@ -18,7 +18,7 @@ ms.date: 08/08/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >[!IMPORTANT] >If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows Defender ATP. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 4f95d8c023..8d9f86a947 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -11,14 +11,13 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 02/14/2019 --- # Enable controlled folder access **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. @@ -82,8 +81,7 @@ Use `Disabled` to turn the feature off. ### Use MDM CSPs to enable controlled folder access -Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders. - +Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-controlledfolderaccessprotectedfolders) configuration service provider (CSP) to allow apps to make changes to protected folders. ## Related topics diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index 69d9054c81..2349416c84 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -18,7 +18,7 @@ ms.date: 02/14/2019 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Exploit protection](exploit-protection-exploit-guard.md) helps protect against malware that uses exploits to infect devices and spread. It consists of a number of mitigations that can be applied to either the operating system or individual apps. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index ee0f20632d..d07a56a851 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -18,7 +18,7 @@ ms.date: 02/14/2019 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 7328140fee..eba904da4b 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -17,7 +17,7 @@ ms.date: 11/15/2018 **Applies to** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10. Some applications, including device drivers, may be incompatible with HVCI. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index 290fbdaae4..5e3d8457aa 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -18,7 +18,7 @@ ms.date: 11/16/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index 3357f3a4fc..a34952ae85 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -18,7 +18,7 @@ ms.date: 11/16/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [Controlled folder access](controlled-folders-exploit-guard.md) is a feature that helps protect your documents and files from modification by suspicious or malicious apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index ec8690b50d..f1870b1c48 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -18,7 +18,7 @@ ms.date: 11/16/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index 9c5516c1de..d0db5aa5a4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -18,7 +18,7 @@ ms.date: 11/16/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Network protection helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index fc9d4153fb..7f7c825798 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -19,7 +19,7 @@ ms.date: 08/08/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) You can review attack surface reduction events in Event Viewer. This is useful so you can monitor what rules or settings are working, and determine if any settings are too "noisy" or impacting your day to day workflow. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index e84b78a8a0..41018cb2ea 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -18,7 +18,7 @@ ms.date: 11/29/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index 99eb36540f..1be2ff6cb2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -18,7 +18,7 @@ ms.date: 04/30/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md index 11ff56a123..aed6d58094 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/memory-integrity.md @@ -18,7 +18,7 @@ ms.date: 08/09/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 78f14e5a59..08ee562873 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -18,7 +18,7 @@ ms.date: 02/14/2019 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index c803573a3f..514a74a4ea 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -17,7 +17,7 @@ ms.date: 10/20/2017 **Applies to** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Computers must meet certain hardware, firmware, and software requirements in order to take adavantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index 46df2bf21d..524e3cc666 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -17,7 +17,7 @@ ms.author: v-anbic **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When you use [attack surface reduction rules](attack-surface-reduction-exploit-guard.md) you may encounter issues, such as: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index ede76cf20a..7820eac52f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -18,7 +18,7 @@ ms.date: 08/09/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) When you create a set of exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md index b091e01721..f7a384b615 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md @@ -18,7 +18,7 @@ ms.date: 08/09/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - IT administrators diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index bdf4311dfe..74f7688832 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -18,7 +18,7 @@ ms.date: 08/09/2018 **Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees. diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md index 14772f6caf..8d052ede68 100644 --- a/windows/whats-new/contribute-to-a-topic.md +++ b/windows/whats-new/contribute-to-a-topic.md @@ -6,6 +6,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.date: 10/13/2017 +ms.topic: tutorial --- # Editing existing Windows IT professional documentation diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json index 12dd2d0312..15581c3398 100644 --- a/windows/whats-new/docfx.json +++ b/windows/whats-new/docfx.json @@ -47,6 +47,7 @@ }, "fileMetadata": {}, "template": [], - "dest": "win-whats-new" + "dest": "win-whats-new", + "markdownEngineName": "dfm" } } \ No newline at end of file diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md index 932997f615..3f464216ef 100644 --- a/windows/whats-new/get-started-with-1709.md +++ b/windows/whats-new/get-started-with-1709.md @@ -9,6 +9,7 @@ author: DaniHalfin ms.author: daniha ms.date: 10/16/2017 ms.localizationpriority: high +ms.topic: article --- # Get started with Windows 10, version 1709 diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md index 47357b364c..a48b1bcd0e 100644 --- a/windows/whats-new/index.md +++ b/windows/whats-new/index.md @@ -7,6 +7,7 @@ ms.prod: w10 author: TrudyHa ms.date: 04/30/2018 ms.localizationpriority: high +ms.topic: article --- # What's new in Windows 10 diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index df4bb4d4b9..de2548056a 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -8,6 +8,7 @@ ms.sitesec: library author: greg-lindsay ms.date: 12/27/2018 ms.localizationpriority: low +ms.topic: article --- # Windows 10 Enterprise LTSC diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index ce85311efd..7b02c68fa1 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.localizationpriority: low +ms.topic: article --- # What's new in Windows 10 Enterprise 2015 LTSC diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 1058f0c9b3..acf81acf24 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.localizationpriority: low +ms.topic: article --- # What's new in Windows 10 Enterprise 2016 LTSC diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 94f4540a5d..4a15ed3e75 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.localizationpriority: low +ms.topic: article --- # What's new in Windows 10 Enterprise 2019 LTSC diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 33588a5731..da039f72df 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -8,6 +8,7 @@ ms.sitesec: library author: TrudyHa ms.localizationpriority: high ms.date: 10/16/2017 +ms.topic: article --- # What's new in Windows 10, versions 1507 and 1511 diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 55c81fa1cf..6ef3ef4059 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -8,6 +8,7 @@ ms.sitesec: library author: TrudyHa ms.localizationpriority: high ms.date: 10/16/2017 +ms.topic: article --- # What's new in Windows 10, version 1607 diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 08f3d814ab..91bac38458 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -9,6 +9,7 @@ author: JasonGerend ms.localizationpriority: high ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617 ms.date: 10/16/2017 +ms.topic: article --- # What's new in Windows 10, version 1703 IT pro content diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index aa01ea5caa..af0c9c725d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -8,6 +8,7 @@ ms.sitesec: library author: greg-lindsay ms.date: 01/24/2018 ms.localizationpriority: high +ms.topic: article --- # What's new in Windows 10, version 1709 IT Pro content diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 622cbcdd98..3baeb61f1b 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -8,6 +8,7 @@ ms.sitesec: library author: greg-lindsay ms.date: 07/07/2018 ms.localizationpriority: high +ms.topic: article --- # What's new in Windows 10, version 1803 IT Pro content diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index de8365b010..8e77afeb8f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -7,6 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.localizationpriority: high +ms.topic: article --- # What's new in Windows 10, version 1809 for IT Pros diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md index 5d236f5f30..7ec491e3ef 100644 --- a/windows/whats-new/windows-10-insider-preview.md +++ b/windows/whats-new/windows-10-insider-preview.md @@ -6,6 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: TrudyHa ms.date: 04/14/2017 +ms.topic: article --- # Documentation for Windows 10 Insider Preview
      Events URLDepending on the location of your datacenter, select either the EU or the US URL:

      **For EU**: https://wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME -
      **For US:** https://wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME      		Depending on the location of your datacenter, select either the EU or the US URL:

      **For EU**: https://wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
      +
      **For US:** https://wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME

      **For UK**: https://wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
      Authentication Type OAuth 2Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.
      Refresh TokenYou can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool.

      For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).

      **Get your refresh token using the restutil tool:**
      a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool.

      b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open.

      c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials.

      d. A refresh token is shown in the command prompt.

      e. Copy and paste it into the **Refresh Token** field. +       		You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool.

      For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).

      **Get your refresh token using the restutil tool:**
      a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool.

      b. Type: `arcsight restutil token -config` from the bin directory.For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080** A Web browser window will open.

      c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials.

      d. A refresh token is shown in the command prompt.

      e. Copy and paste it into the **Refresh Token** field.
      Endpoint URLDepending on the location of your datacenter, select either the EU or the US URL:

      **For EU**: `https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts`
      **For US:**` https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts` +       		Depending on the location of your datacenter, select any of the following URL:

      **For EU**: `https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts`

      **For US:**` https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts`

      **For UK:**` https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts`
      HTTP Method
      Set sourcetypeFrom listManual
      Source type