deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 03:13:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix errors

Browse Source
This commit is contained in:
Joey Caparas
2017-03-14 12:51:20 -07:00
parent da24d27ec4 75cb863866
commit 34fc132f7f
61 changed files with 1678 additions and 363 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/keep-secure/TOC.md
View File

@ -572,7 +572,7 @@
###### [Domain member: Maximum machine account password age](domain-member-maximum-machine-account-password-age.md)
###### [Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)
###### [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)
###### [Interactive logon: Do not display last user name](interactive-logon-do-not-display-last-user-name.md)
###### [Interactive logon: Don\'t display last signed-in](interactive-logon-do-not-display-last-user-name.md)
###### [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)
###### [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md)
###### [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)

4
windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
View File

@ -45,9 +45,7 @@ You can use System Center Configuration Managers existing functionality to cr
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
3. Onboard your devices using SCCM by following the steps in the [Onboard devices to Windows Defender ATP](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/windows-defender-advanced-threat-protection#onboard-devices-for-windows-defender-atp) topic.
4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
3. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
a. Choose a predefined device collection to deploy the package to.

2
windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
View File

@ -60,7 +60,7 @@ If you took corrective actions and the machine status is still misconfigured, [o
### No sensor data
A misconfigured machine with status No sensor data has communication with the service but can only report partial sensor data.
Follow theses actions to correct known issues related to a misconfigured machine with status Impaired communication:
Follow theses actions to correct known issues related to a misconfigured machine with status No sensor data:
- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)</br>
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service.

BIN
windows/keep-secure/images/atp-machine-details-view.png.pdf Normal file
View File

Binary file not shown.

76
windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
View File

@ -12,77 +12,77 @@ author: brianlic-msft
# Interactive logon: Display user information when the session is locked
**Applies to**
- Windows 10
- Windows 10
Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting.
## Reference
This setting controls whether details such as email address or domain\username appear with the username on the sign-in screen.
For clients that run Windows 10 version 1511 and 1507 (RTM), this setting works similarly to previous versions of Windows.
Due to a new **Privacy** setting in Windows 10 version 1607, this setting affects those clients differently.
This security setting controls whether details such as email address or domain\username appear with the username on the sign-in screen.
For clients that run Windows 10 version 1511 and 1507 (RTM), this setting works similarly to previous versions of Windows.
However, because of a new **Privacy** setting introduced in Windows 10 version 1607, this security setting affects those clients differently.
### Changes in Windows 10 version 1607
Beginning with Windows 10 version 1607, new functionality was added to Windows 10 to hide username details such as email address by default, with the ability to change the default to show the details.
This functionality is controlled by a new **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**.
The Privacy setting is off by default, which hides the details.
Beginning with Windows 10 version 1607, new functionality was added to Windows 10 to hide username details such as email address by default, with the ability to change the default to show the details.
This functionality is controlled by a new **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**.
The Privacy setting is off by default, which hides the details.
![Privacy setting](images\privacy-setting-in-sign-in-options.png)
The **Interactive logon: Display user information when the session is locked** Group Policy setting controls the same functionality.
The **Interactive logon: Display user information when the session is locked** Group Policy setting controls the same functionality.
This setting has these possible values:
- **User display name, domain and user names**
For a local logon, the user's full name is displayed.
If the user signed in using a Microsoft Account, the user's email address is displayed.
For a domain logon, the domain\username is displayed.
This has the same effect as turning on the **Privacy** setting.
For a local logon, the user's full name is displayed.
If the user signed in using a Microsoft account, the user's email address is displayed.
For a domain logon, the domain\username is displayed.
This has the same effect as turning on the **Privacy** setting.
- **User display name only**
The full name of the user who locked the session is displayed.
The full name of the user who locked the session is displayed.
This has the same effect as turning off the **Privacy** setting.
- **Do not display user information**
No names are displayed.
Beginning with Windows 10 version 1607, this option is not supported.
If this option is chosen, the full name of the user who locked the session is displayed instead.
This change makes this setting consistent with the functionality of the new **Privacy** setting.
To have no user information displayed, enable the Group Policy setting **Interactive logon: Don't display last signed-in**.
No names are displayed.
Beginning with Windows 10 version 1607, this option is not supported.
If this option is chosen, the full name of the user who locked the session is displayed instead.
This change makes this setting consistent with the functionality of the new **Privacy** setting.
To display no user information, enable the Group Policy setting **Interactive logon: Don't display last signed-in**.
- Blank.
Default setting.
This translates to “Not defined,” but it will display the users full name in the same manner as the option **User display name only**.
Default setting.
This translates to “Not defined,” but it will display the users full name in the same manner as the option **User display name only**.
When an option is set, you cannot reset this policy to blank, or not defined.
### Hotfix for Windows 10 version 1607
Clients that run Windows 10 version 1607 will not show details on the sign-in screen even if the **User display name, domain and user names** option is chosen because the **Privacy** setting is off.
If the **Privacy** setting is turned on, details will show.
Clients that run Windows 10 version 1607 will not show details on the sign-in screen even if the **User display name, domain and user names** option is chosen because the **Privacy** setting is off.
If the **Privacy** setting is turned on, details will show.
The **Privacy** setting cannot be changed for clients in bulk.
Instead, apply [KB 4013429](https://support.microsoft.com/help/4000825/windows-10-and-windows-server-2016-update-history) to clients that run Windows 10 version 1607 so they behave similarly to previous versions of Windows.
The **Privacy** setting cannot be changed for clients in bulk.
Instead, apply KB 4013429 to clients that run Windows 10 version 1607 so they behave similarly to previous versions of Windows.
There are related Group Policy settings:
- **Computer Configuration\Policies\Administrative Templates\System\Logon\Block user from showing account details on sign-in** prevents users from showing account details on the sign-in screen.
- **Computer Configuration\Policies\Administrative Templates\System\Logon\Block user from showing account details on sign-in** prevents users from showing account details on the sign-in screen.
- **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Dont display last signed-in** prevents the username of the last user to sign in from being shown.
- **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Dont display user name at sign in** prevents the username from being shown at Windows sign-in and immediately after credentials are entered and before the desktop appears.
- **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Dont display username at sign-in** prevents the username from being shown at Windows sign-in and immediately after credentials are entered and before the desktop appears.
### Interaction with related Group Policy settings
For all versions of Windows 10, only the user display name is shown by default.
For all versions of Windows 10, only the user display name is shown by default.
If **Block user from showing account details on sign-in** is enabled, then only the user display name is shown regardless of any other Group Policy settings.
If **Block user from showing account details on sign-in** is enabled, then only the user display name is shown regardless of any other Group Policy settings.
Users will not be able to show details.
If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** to show additional details such as domain\username.
In this case, clients that run Windows 10 version 1607 need [KB 4013429](https://support.microsoft.com/help/4000825/windows-10-and-windows-server-2016-update-history) applied.
Users will not be able to hide additional details.
If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** to show additional details such as domain\username.
In this case, clients that run Windows 10 version 1607 need KB 4013429 applied.
Users will not be able to hide additional details.
If **Block user from showing account details on sign-in** is not enabled and **Dont display last signed-in** is enabled, the username will not be shown.
@ -100,13 +100,13 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
| Server type or Group Policy object (GPO) | Default value |
| - | - |
| Default domain policy| Not defined|
| Default domain controller policy | Not defined|
| Stand-alone server default settings | Not defined|
| Domain controller effective default settings | **User display name, domain and user names**|
| Member server effective default settings | **User display name, domain and user names**|
| Effective GPO default settings on client computers | **User display name, domain and user names**|
 
| Default domain policy| Not defined|
| Default domain controller policy | Not defined|
| Stand-alone server default settings | Not defined|
| Domain controller effective default settings | **User display name, domain and user names**|
| Member server effective default settings | **User display name, domain and user names**|
| Effective GPO default settings on client computers | **User display name, domain and user names**|
## Policy management
This section describes features and tools that are available to help you manage this policy.

20
windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
View File

@ -1,5 +1,5 @@
---
title: Interactive logon Do not display last user name (Windows 10)
title: Interactive logon Don't display last signed-in (Windows 10)
description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not display last user name security policy setting.
ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
ms.prod: w10
@ -9,12 +9,12 @@ ms.pagetype: security
author: brianlic-msft
---
# Interactive logon: Do not display last user name
# Interactive logon: Don't display last signed-in
**Applies to**
- Windows 10
Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display last user name** security policy setting.
Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting. Before Windows 10 version 1703, this policy setting was named **Interactive logon:Do not display last user name.**
## Reference
@ -40,14 +40,14 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
### Default values
| Server type or Group Policy object (GPO) | Default value|
| Server type or Group Policy object (GPO) | Default value|
| - | - |
| Default domain policy| Disabled|
| Default domain controller policy| Disabled|
| Stand-alone server default settings | Disabled|
| Domain controller effective default settings | Disabled|
| Member server effective default settings | Disabled|
| Effective GPO default settings on client computers | Disabled|
| Default domain policy| Disabled|
| Default domain controller policy| Disabled|
| Stand-alone server default settings | Disabled|
| Domain controller effective default settings | Disabled|
| Member server effective default settings | Disabled|
| Effective GPO default settings on client computers | Disabled|
 
## Policy management

5
windows/manage/TOC.md
View File

@ -3,11 +3,12 @@
## [Cortana integration in your business or enterprise](cortana-at-work-overview.md)
### [Testing scenarios using Cortana in your business or organization](cortana-at-work-testing-scenarios.md)
#### [Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook](cortana-at-work-scenario-1.md)
#### [Test scenario 2 - Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work-scenario-2.md)
#### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work-scenario-2.md)
#### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work-scenario-3.md)
#### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work-scenario-4.md)
#### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work-scenario-5.md)
#### [Test scenario 6 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device](cortana-at-work-scenario-6.md)
#### [Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email](cortana-at-work-scenario-6.md)
#### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device](cortana-at-work-scenario-7.md)
### [Set up and test Cortana with Office 365 in your organization](cortana-at-work-o365.md)
### [Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization](cortana-at-work-crm.md)
### [Set up and test Cortana for Power BI in your organization](cortana-at-work-powerbi.md)

23
windows/manage/change-history-for-manage-and-update-windows-10.md
View File

@ -14,6 +14,12 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
>If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
## March 2017
| New or changed topic | Description |
| --- | --- |
|[Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email](cortana-at-work-scenario-6.md) |New |
## February 2017
| New or changed topic | Description |
@ -26,11 +32,12 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Added Express updates. |
| [Distribute offline apps](distribute-offline-apps.md) | General updates to topic. Added links to supporting content for System Center Configuration Manager and Microsoft Intune. |
## January 2017
| New or changed topic | Description |
| --- | --- |
| [Cortana integration in your business or enterprise](cortana-at-work-overview.md) | New |
| [Cortana integration in your business or enterprise and sub-topics](cortana-at-work-overview.md) |New |
| [Start layout XML for desktop editions of Windows 10](start-layout-xml-desktop.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Start layout XML for mobile editions of Windows 10](start-layout-xml-mobile.md) | New (previously published in Hardware Dev Center on MSDN) |
| [Quick guide to Windows as a service](waas-quick-start.md) | Added video that explains how Windows as a service works. |
@ -58,7 +65,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
| [Manage device restarts after updates](waas-restart.md) | New |
| [Manage Windows 10 in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | New |
| [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) |Added an important note about Cortana and Office 365 integration. |
| [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) | Fixed the explanation for Start behavior when the .xml file containing the layout is not available when the user signs in. |
| [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) | Fixed the explanation for Start behavior when the .xml file containing the layout is not available when the user signs in. |
| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added link to the Windows Restricted Traffic Limited Functionality Baseline. Added Teredo Group Policy. |
| [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Added Current Branch for Business (CBB) support for Windows 10 IoT Mobile. |
@ -85,7 +92,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
## RELEASE: Windows 10, version 1607
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
- [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
@ -117,7 +124,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | New telemetry content |
| [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) |Removed info about sharing wi-fi network access with contacts, since it's been deprecated. |
| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Corrected script for setting a custom shell using Shell Launcher |
| [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md) | Removed Windows 10 Mobile from **Applies to** |
| [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md) | Removed Windows 10 Mobile from **Applies to** |
@ -142,12 +149,12 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| New or changed topic | Description |
| ---|---|
| [Configure telemetry and other settings in your organization](disconnect-your-organization-from-microsoft.md) | Added call history and email to the Settings &gt; Privacy section.<br />Added the Turn off Windows Mail application Group Policy to the Mail synchronization section. |
| [Customize and export Start layout](customize-and-export-start-layout.md) | Added a note to clarify that partial Start layout is only supported in Windows 10, version 1511 and later |
| [Customize and export Start layout](customize-and-export-start-layout.md) | Added a note to clarify that partial Start layout is only supported in Windows 10, version 1511 and later |
| [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Added instructions for replacing markup characters with escape characters in Start layout XML |
| [Introduction to configuration service providers (CSPs) for IT pros](how-it-pros-can-use-configuration-service-providers.md) | New |
| [Windows 10 Mobile and MDM](windows-10-mobile-and-mdm.md) | New |
| [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md) | Added information on servicing options for Windows 10 Mobile, Windows 10 Mobile Enterprise, and Windows 10 IoT Core (IoT Core). |
 
| [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md) | Added information on servicing options for Windows 10 Mobile, Windows 10 Mobile Enterprise, and Windows 10 IoT Core (IoT Core). |
## December 2015
@ -185,5 +192,3 @@ The topics in this library have been updated for Windows 10, version 1607 (also
[Change history for Deploy Windows 10](../deploy/change-history-for-deploy-windows-10.md)
[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
 

17
windows/manage/configure-windows-telemetry-in-your-organization.md
View File

@ -98,17 +98,17 @@ Windows telemetry also helps Microsoft better understand how customers use (or d
### Insights into your own organization
Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Windows 10 Upgrade Analytics](../deploy/manage-windows-upgrades-with-upgrade-analytics.md).
Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well. Microsoft is in the process of developing a set of analytics customized for your internal use. The first of these, called [Upgrade Readiness](../deploy/manage-windows-upgrades-with-upgrade-readiness.md).
#### Windows 10 Upgrade Analytics
#### Upgrade Readiness
Upgrading to new operating system versions has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
To better help customers through this difficult process, Microsoft developed Upgrade Analytics to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
To better help customers through this difficult process, Microsoft developed Upgrade Readiness to give enterprises the tools to plan and manage the upgrade process end to end and allowing them to adopt new Windows releases more quickly and on an ongoing basis.
With Windows telemetry enabled, Microsoft collects computer, application, and driver compatibility-related information for analysis. We then identify compatibility issues that can block your upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Analytics to get:
Use Upgrade Readiness to get:
- A visual workflow that guides you from pilot to production
- Detailed computer, driver, and application inventory
@ -118,7 +118,7 @@ Use Upgrade Analytics to get:
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
- Data export to commonly used software deployment tools
The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
## How is telemetry data handled by Microsoft?
@ -179,7 +179,7 @@ The levels are cumulative and are illustrated in the following diagram. Also, th
### Security level
The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windos IoT Core editions.
The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windows IoT Core editions.
> [!NOTE]
> If your organization relies on Windows Update for updates, you shouldnt use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
@ -216,6 +216,8 @@ No user content, such as user files or communications, is gathered at the **Secu
The Basic level gathers a limited set of data thats critical for understanding the device and its configuration. This level also includes the **Security** level data. This level helps to identify problems that can occur on a particular hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. The Connected User Experience and Telemetry component does not gather telemetry data about System Center, but it can transmit telemetry for other non-Windows applications if they have user consent.
The normal upload range for the Basic telemetry level is between 109 KB - 159 KB per day, per device.
The data gathered at this level includes:
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 in the ecosystem. Examples include:
@ -256,12 +258,15 @@ The data gathered at this level includes:
- **Windows Store**. Provides information about how the Windows Store performs, including app downloads, installations, and updates. It also includes Windows Store launches, page views, suspend and resumes, and obtaining licenses.
### Enhanced level
The Enhanced level gathers data about how Windows and apps are used and how they perform. This level also includes data from both the **Basic** and **Security** levels. This level helps to improve the user experience with the operating system and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
This is the default level for Windows 10 Enterprise and Windows 10 Education editions, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
The normal upload range for the Enhanced telemetry level is between 239 KB - 348 KB per day, per device.
The data gathered at this level includes:
- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.

37
windows/manage/cortana-at-work-scenario-6.md
View File

@ -1,13 +1,14 @@
---
title: Test scenario 6 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device (Windows 10)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
title: Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email (Windows 10)
description: A test scenario about how to use Cortana with the Suggested reminders feature.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
localizationpriority: high
---
# Test scenario 6 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device
# Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email
- Windows 10, Windows Insider Program
- Windows 10 Mobile, Windows Insider Program
@ -16,22 +17,32 @@ localizationpriority: high
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
>[!IMPORTANT]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/en-us/servicesagreement).
This optional scenario helps you to protect your organizations data on a device, based on an inspection by Cortana.
Cortana automatically finds patterns in your email, suggesting reminders based things that you said you would do so you dont forget about them. For example, Cortana recognizes that if you include the text, _Ill get this to you by the end of the week_ in an email, you're making a commitment to provide something by a specific date. Cortana can now suggest that you be reminded about this event, letting you decide whether to keep it or to cancel it.
## Use Cortana and WIP to protect your organizations data
>[!NOTE]
>The Suggested reminders feature is currently only available in English (en-us).
1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](../keep-secure/protect-enterprise-data-using-wip.md).
**To use Cortana to create Suggested reminders for you**
2. Create a new email from a non-protected or personal mailbox, including the text _Ill send you that presentation tomorrow_.
1. Make sure that you've connected Cortana to Office 365. For the steps to connect, see [Set up and test Cortana with Office 365 in your organization](cortana-at-work-o365.md).
3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
2. Click on the **Cortana** search box in the taskbar, click the **Notebook** icon, and then click **Permissions**.
Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
3. Make sure the **Contacts, email, calendar, and communication history** option is turned on.
4. Create a new email from a protected mailbox, including the same text as above, _Ill send you that presentation tomorrow_.
![Permissions options for Cortana at work](images/cortana-communication-history-permissions.png)
5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
4. Click the **Notebook** icon again, click the **Suggested reminders** option, click to turn on the **All reminder suggestions cards** option, click the **Notify me when something I mentioned doing is coming up** box, and then click **Save**.
![Suggested reminders options for Cortana at work](images/cortana-suggested-reminder-settings.png)
5. Create and send an email to yourself (so you can see the Suggested reminder), including the text, _Ill finish this project by end of day today_.
6. After you get the email, click on the Cortana **Home** icon, and scroll to todays events.
If the reminder has a specific date or time associated with it, like end of day, Cortana notifies you at the appropriate time and puts the reminder into the Action Center. Also from the Home screen, you can view the email where you made the promise, set aside time on your calendar, officially set the reminder, or mark the reminder as completed.
![Cortana Home screen with your suggested reminder showing](images/cortana-suggested-reminder.png)
Because it was in an WIP-protected email, the presentation info isnt pulled out and it isnt shown to you.

38
windows/manage/cortana-at-work-scenario-7.md Normal file
View File

@ -0,0 +1,38 @@
---
title: Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device (Windows 10)
description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
localizationpriority: high
---
# Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device
- Windows 10, Windows Insider Program
- Windows 10 Mobile, Windows Insider Program
>[!IMPORTANT]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
>[!IMPORTANT]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
This optional scenario helps you to protect your organizations data on a device, based on an inspection by Cortana.
## Use Cortana and WIP to protect your organizations data
1. Create and deploy an WIP policy to your organization. For info about how to do this, see [Protect your enterprise data using Windows Information Protection (WIP)](../keep-secure/protect-enterprise-data-using-wip.md).
2. Create a new email from a non-protected or personal mailbox, including the text _Ill send you that presentation tomorrow_.
3. Wait up to 2 hours to make sure everything has updated, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
Cortana automatically pulls your commitment to sending the presentation out of your email, showing it to you.
4. Create a new email from a protected mailbox, including the same text as above, _Ill send you that presentation tomorrow_.
5. Wait until everything has updated again, click the **Cortana** icon in the taskbar, and then click in the **Search** bar.
Because it was in an WIP-protected email, the presentation info isnt pulled out and it isnt shown to you.

14
windows/manage/cortana-at-work-testing-scenarios.md
View File

@ -18,15 +18,19 @@ localizationpriority: high
We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
- Sign-in to Cortana using Azure AD, manage entries in the notebook, and search for content across your device, Bing, and the cloud, using Cortana.
- [Sign-in to Cortana using Azure AD, manage entries in the notebook, and search for content across your device, Bing, and the cloud, using Cortana](cortana-at-work-scenario-1.md)
- Set a reminder and have it remind you when youve reached a specific location.
- [Perform a quick search with Cortana at work](cortana-at-work-scenario-2.md)
- Search for your upcoming meetings on your work calendar.
- [Set a reminder and have it remind you when youve reached a specific location](cortana-at-work-scenario-3.md)
- Send an email to a co-worker from your work email app.
- [Search for your upcoming meetings on your work calendar](cortana-at-work-scenario-4.md)
- Use WIP to secure content on a device and then try to manage your organizations entries in the notebook.
- [Send an email to a co-worker from your work email app](cortana-at-work-scenario-5.md)
- [Review a reminder suggested by Cortana based on what youve promised in email](cortana-at-work-scenario-6.md)
- [Use Windows Information Protection (WIP) to secure content on a device and then try to manage your organizations entries in the notebook](cortana-at-work-scenario-7.md)
>[!IMPORTANT]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

BIN
windows/manage/images/cortana-communication-history-permissions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
windows/manage/images/cortana-suggested-reminder-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
windows/manage/images/cortana-suggested-reminder.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

2
windows/manage/start-layout-xml-desktop.md
View File

@ -224,7 +224,7 @@ The following example shows how to create a tile of the Web site's URL using the
Column="4"/>
```
The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to *8Size**, **Row**, and *8Column**.
The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to **Size**, **Row**, and **Column**.
| Attribute | Required/optional | Description |
| --- | --- | --- |

2
windows/manage/waas-delivery-optimization.md
View File

@ -99,6 +99,8 @@ Download mode dictates which download sources clients are allowed to use when do
By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and AD DS site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or AD DS site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to peer. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
>[!NOTE]
>To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)
>
>This configuration is optional and not required for most implementations of Delivery Optimization.
### Max Cache Age

22
windows/manage/waas-optimize-windows-10-updates.md
View File

@ -13,24 +13,24 @@ localizationpriority: high
**Applies to**
- Windows 10
- Windows 10
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
When considering your content distribution strategy for Windows 10, think about enabling a form of peer-to-peer content sharing to reduce bandwidth issues during updates. Windows 10 offers two peer-to-peer options for update content distribution: Delivery Optimization and BranchCache. These technologies can be used with several of the servicing tools for Windows 10.
Two methods of peer-to-peer content distribution are available in Windows 10.
Two methods of peer-to-peer content distribution are available in Windows 10.
- [Delivery Optimization](waas-delivery-optimization.md) is a new peer-to-peer distribution method in Windows 10. Windows 10 clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfil peer-to-peer requests.
- [Delivery Optimization](waas-delivery-optimization.md) is a new peer-to-peer distribution method in Windows 10. Windows 10 clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfil peer-to-peer requests.
Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of the Windows Server 2016 Technical Preview and Windows 10 operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of the Windows Server 2016 Technical Preview and Windows 10 operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
>[!NOTE]
>Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations.
Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
Windows Server Update Services (WSUS) and System Center Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
</br></br>
@ -50,7 +50,7 @@ Windows 10 update downloads can be large because every package contains all prev
### How Microsoft supports Express
- **Express on WSUS Standalone**
Express update delivery is available on [all support versions of WSUS](https://technet.microsoft.com/library/cc708456(v=ws.10).aspx).
- **Express on devices directly connected to Windows Update**
- **Enterprise devices managed using [Windows Update for Business](waas-manage-updates-wufb.md)** also get the benefit of Express update delivery support without any change in configuration.
@ -61,7 +61,7 @@ For OS updates that support Express, there are two versions of the file payload
1. **Full-file version** - essentially replacing the local versions of the update binaries.
2. **Express version** - containing the deltas needed to patch the existing binaries on the device.
Both the full-file version and the Express version are referenced in the udpate's metadata, which has been downloaded to the client as part of the scan phase.
Both the full-file version and the Express version are referenced in the update's metadata, which has been downloaded to the client as part of the scan phase.
**Express download works as follows:**
@ -96,7 +96,7 @@ or [Manage Windows 10 updates using System Center Configuration Manager](waas-ma
## Related topics
- [Update Windows 10 in the enterprise](waas-update-windows-10.md)
- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md)
- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md)
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
- [Configure Windows Update for Business](waas-configure-wufb.md)
@ -104,5 +104,3 @@ or [Manage Windows 10 updates using System Center Configuration Manager](waas-ma
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
- [Manage device restarts after updates](waas-restart.md)

62
windows/manage/windows-store-for-business-overview.md
View File

@ -89,50 +89,12 @@ For more information, see [Sign up for the Store for Business](../manage/sign-up
After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
<table>
<colgroup>
<col width="20%" />
<col width="20%" />
<col width="20%" />
<col width="20%" />
<col width="20%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Permission</th>
<th align="left">Account settings</th>
<th align="left">Acquire apps</th>
<th align="left">Distribute apps</th>
<th align="left">Device Guard signing</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Admin</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="even">
<td align="left"><p>Purchaser</p></td>
<td align="left"></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="odd">
<td align="left"><p>Device Guard signer</p></td>
<td align="left"></td>
<td align="left"></td>
<td align="left"></td>
<td align="left"><p>X</p></td>
</tr>
</tbody>
</table>
| Permission | Account settings | Acquire apps | Distribute apps | Device Guard signing |
| ---------- | ---------------- | ------------ | --------------- | -------------------- |
| Admin | X | X | X | |
| Purchaser | | X | X | |
| Device Guard signer | | | | X |
In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md).
Also, if your organization plans to use a management tool, youll need to configure your management tool to sync with the Store for Business.
@ -367,7 +329,19 @@ Store for Business is currently available in these markets.
</tr>
</table>
## Privacy notice
Microsoft Store for Business services get names and email addresses of people in your organization from Azure Active Directory. This information is needed for these admin functions:
- Granting and managing permissions
- Managing app licenses
- Distributing apps to people (names appear in a list that admins can select from)
Store for Business does not save names, or email addresses.
Your use of Store for Business is also governed by the Store for Business Terms of Use.
Information sent to Store for Business is subject to the [Store for Business Privacy Statement](https://privacy.microsoft.com/privacystatement/).
## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business