deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-05 17:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'DeviceRegistrationMigrationAndRedirect' of https://github.com/MicrosoftGuyJFlo/windows-docs-pr into DeviceRegistrationMigrationAndRedirect

Browse Source
This commit is contained in:
John Flores 2021-08-19 14:36:00 -04:00
commit 389fce4db1
28 changed files with 1239 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

898
windows/application-management/apps-in-windows-10.md
View File

@ -1,5 +1,5 @@
---
title: Windows 10 - Apps
title: Learn about the different app types in Windows 10 | Microsoft Docs
ms.reviewer:
manager: dansimp
description: Use this article to understand the different types of apps that run on Windows 10, such as UWP and Win32 apps.
@ -16,172 +16,788 @@ ms.topic: article
>Applies to: Windows 10
The following types of apps run on Windows 10:
- Windows apps - introduced in Windows 8, primarily installed from the Store app.
- Universal Windows Platform (UWP) apps - designed to work across platforms, can be installed on multiple platforms including Windows client, Windows Phone, and Xbox. All UWP apps are also Windows apps, but not all Windows apps are UWP apps.
- "Win32" apps - traditional Windows applications.
On your Windows 10 devices, you can run the following app types:
Digging into the Windows apps, there are two categories:
- Apps - All other apps, installed in C:\Program Files\WindowsApps. There are two classes of apps:
- Provisioned: Installed in user account the first time you sign in with a new user account.
- Installed: Installed as part of the OS.
- System apps - Apps that are installed in the C:\Windows\* directory. These apps are integral to the OS.
- **Windows apps**: These apps are included with the Windows OS, and are also installed from the Microsoft Store app. There are two categories:
The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1709, 1803, and 1809 and indicate whether an app can be uninstalled through the UI.
- **Apps**: All apps installed in `C:\Program Files\WindowsApps`. There are two classes of apps:
Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running.
- **Provisioned**: Installed in user account the first time you sign in with a new user account.
- **Installed**: Installed as part of the OS.
- **System apps**: Apps installed in the `C:\Windows\` directory. These apps are part of the Windows OS.
- **Universal Windows Platform (UWP) apps**: These apps run and can be installed on many Windows platforms, including tablets, Microsoft HoloLens, Xbox, and more. All UWP apps are Windows apps. But, not all Windows apps are UWP apps.
- **Win32 apps**: These apps are traditional Windows applications.
This article lists the provisioned Windows apps and system apps installed on a standard Windows 10 Enterprise device. If you use custom images, your specific apps might be different.
Some of the apps show up in multiple areas. That's because their status changed between versions. Make sure to check the version column for the version you're currently running.
## Provisioned Windows apps
You can list all provisioned Windows apps with this PowerShell command:
The first time a user signs into a Windows device, some apps are automatically provisioned. To get a list of all provisioned Windows apps, run the following Windows PowerShell command:
```Powershell
Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
```
Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004.
The following information lists the provisioned apps on the supported Windows 10 OS versions:
<br/>
- [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | Package name: Microsoft.3DBuilder
- Supported versions:
| Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? |
|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:|
| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes |
| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App |
| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | | No |
| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | | No |
| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | |
| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | | No |
| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | x | No |
| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.VP9VideoExtensions | | | x | x | x | x | No |
| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | x | No |
| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | x | No |
| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | x | No |
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ✔️ | ✔️ | | | | | |
>[!NOTE]
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
---
- [Bing Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | Package name: Microsoft.BingWeather
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
- [Desktop App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | Package name: Microsoft.DesktopAppInstaller
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| Use Settings App | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
- [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | Package name: Microsoft.GetHelp
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | Package name: Microsoft.Getstarted
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
- [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | Package name: Microsoft.HEIFImageExtension
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | Package name:Microsoft.Messaging
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
---
- [Microsoft 3D Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | Package name: Microsoft.Microsoft3DViewer
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftOfficeHub
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftSolitaireCollection
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftStickyNotes
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | Package name: Microsoft.MixedReality.Portal
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | Package name: Microsoft.MSPaint
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | Package name: Microsoft.Office.OneNote
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ✔️ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | Package name: Microsoft.OneConnect
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
---
- Microsoft.Outlook.DesktopIntegrationServices
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| | ✔️ | ✔️| | ✔️| | |
---
- [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | Package name: Microsoft.People
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | Package name: Microsoft.Print3D
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
---
- [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | Package name: Microsoft.ScreenSketch
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | Package name: Microsoft.SkypeApp
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | Package name: Microsoft.StorePurchaseApp
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- Microsoft.VP9VideoExtensions
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | Package name: Microsoft.Wallet
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | Package name: Microsoft.WebMediaExtensions
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | Package name: Microsoft.WebpImageExtension
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | Package name: Microsoft.Windows.Photos
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | Package name: Microsoft.WindowsAlarms
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | Package name: Microsoft.WindowsCalculator
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | Package name: Microsoft.WindowsCamera
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | Package name: microsoft.windowscommunicationsapps
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | Package name: Microsoft.WindowsFeedbackHub
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | Package name: Microsoft.WindowsMaps
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | Package name: Microsoft.WindowsSoundRecorder
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | Package name: Microsoft.WindowsStore
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- The Store app shouldn't be removed. If you remove the Store app, and want to reinstall it, you can restore your system from a backup, or reset your system. Instead of removing the Store app, use group policies to hide or disable it.
- [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | Package name: Microsoft.Xbox.TCUI
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | Package name: Microsoft.XboxApp
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | Package name: Microsoft.XboxGameOverlay
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | Package name: Microsoft.XboxGamingOverlay
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | Package name: Microsoft.XboxIdentityProvider
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- Microsoft.XboxSpeechToTextOverlay
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | Package name: Microsoft.YourPhone
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | Package name: Microsoft.ZuneMusic
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
- [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | Package name: Microsoft.ZuneVideo
- Supported versions:
---
| Uninstall through UI? | 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
| --- | --- | --- | --- | --- | --- |--- |
| ❌ | ✔️ | ✔️| ✔️ | ✔️| ✔️| ✔️|
---
## System apps
System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1709, 1803, and 1809.
You can list all system apps with this PowerShell command:
System apps are used by the operating system. To get a list of all the system apps, run the following Windows PowerShell command:
```Powershell
Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation
```
<br/>
| Name | Package Name | 1709 | 1803 | 1809 |Uninstall through UI? |
|----------------------------------|---------------------------------------------|:-----:|:----:|:----:|-----------------------|
| File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | x | x | No |
| File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | x | x | No |
| App Resolver UX | E2A4F912-2574-4A75-9BB0-0D023378592B | | x | x | No |
| Add Suggested Folders To Library | F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE | | x | x | No |
| | InputApp | x | x | x | No |
| Microsoft.AAD.Broker.Plugin | Microsoft.AAD.Broker.Plugin | x | x | x | No |
| Microsoft.AccountsControl | Microsoft.AccountsControl | x | x | x | No |
| Microsoft.AsyncTextService | Microsoft.AsyncTextService | | x | x | No |
| Hello setup UI | Microsoft.BioEnrollment | x | x | x | No |
| | Microsoft.CredDialogHost | x | x | x | No |
| | Microsoft.ECApp | x | x | x | No |
| | Microsoft.LockApp | x | x | x | No |
| Microsoft Edge | Microsoft.MicrosoftEdge | x | x | x | No |
| | Microsoft.MicrosoftEdgeDevToolsClient | | x | x | No |
| | Microsoft.PPIProjection | x | x | x | No |
| | Microsoft.Win32WebViewHost | | x | x | No |
| | Microsoft.Windows.Apprep.ChxApp | x | x | x | No |
| | Microsoft.Windows.AssignedAccessLockApp | x | x | x | No |
| | Microsoft.Windows.CapturePicker | | x | x | No |
| | Microsoft.Windows.CloudExperienceHost | x | x | x | No |
| | Microsoft.Windows.ContentDeliveryManager | x | x | x | No |
| Cortana | Microsoft.Windows.Cortana | x | x | x | No |
| | Microsoft.Windows.Holographic.FirstRun | x | x | | No |
| | Microsoft.Windows.OOBENetworkCaptivePort | x | x | x | No |
| | Microsoft.Windows.OOBENetworkConnectionFlow | x | x | x | No |
| | Microsoft.Windows.ParentalControls | x | x | x | No |
| People Hub | Microsoft.Windows.PeopleExperienceHost | x | x | x | No |
| | Microsoft.Windows.PinningConfirmationDialog | x | x | x | No |
| | Microsoft.Windows.SecHealthUI | x | x | x | No |
| | Microsoft.Windows.SecondaryTileExperience | x | | | No |
| | Microsoft.Windows.SecureAssessmentBrowser | x | x | x | No |
| Start | Microsoft.Windows.ShellExperienceHost | x | x | x | No |
| Windows Feedback | Microsoft.WindowsFeedback | * | | | No |
| | Microsoft.XboxGameCallableUI | x | x | x | No |
| | Windows.CBSPreview | | x | x | No |
| Contact Support* | Windows.ContactSupport | * | | | Via Settings App |
| Settings | Windows.immersivecontrolpanel | x | x | x | No |
| Print 3D | Windows.Print3D | | x | x | Yes |
| Print UI | Windows.PrintDialog | x | x | x | No |
The following information lists the system apps on some Windows 10 OS versions:
- File Picker | Package name: 1527c705-839a-4832-9118-54d4Bd6a0c89
> [!NOTE]
> The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
## Installed Windows apps
---
Here are the typical installed Windows apps in Windows 10 versions 1709, 1803, and 1809.
- File Explorer | Package name: c5e2524a-ea46-4f67-841f-6a9465d9d515
<br/>
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
| Name | Full name | 1709 | 1803 | 1809 | Uninstall through UI? |
|-----------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:|
| Remote Desktop | Microsoft.RemoteDesktop | x | | x | Yes |
| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | | Yes |
| Eclipse Manager | 46928bounde.EclipseManager | x | x | | Yes |
| Pandora | PandoraMediaInc.29680B314EFC2 | x | x | | Yes |
| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | | Yes |
| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | | Yes |
| Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes |
| News | Microsoft.BingNews | x | x | x | Yes |
| Sway | Microsoft.Office.Sway | x | x | x | Yes |
| Microsoft.Advertising | Microsoft.Advertising.Xaml | x | x | x | Yes |
| | Microsoft.NET.Native.Framework.1.2 | x | x | | Yes |
| | Microsoft.NET.Native.Framework.1.3 | x | x | | Yes |
| | Microsoft.NET.Native.Framework.1.6 | x | x | x | Yes |
| | Microsoft.NET.Native.Framework.1.7 | | x | x | Yes |
| | Microsoft.NET.Native.Framework.2.0 | x | x | | Yes |
| | Microsoft.NET.Native.Runtime.1.1 | x | x | | Yes |
| | Microsoft.NET.Native.Runtime.1.3 | x | | | Yes |
| | Microsoft.NET.Native.Runtime.1.4 | x | x | | Yes |
| | Microsoft.NET.Native.Runtime.1.6 | x | x | x | Yes |
| | Microsoft.NET.Native.Runtime.1.7 | x | x | x | Yes |
| | Microsoft.NET.Native.Runtime.2.0 | x | x | | Yes |
| | Microsoft.Services.Store.Engagement | x | x | | Yes |
| | Microsoft.VCLibs.120.00 | x | x | | Yes |
| | Microsoft.VCLibs.140.00 | x | x | x | Yes |
| | Microsoft.VCLibs.120.00.Universal | x | | | Yes |
| | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes |
---
- App Resolver UX | Package name: E2A4F912-2574-4A75-9BB0-0D023378592B
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Add Suggested Folders To Library | Package name: F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- InputApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
---
- Microsoft.AAD.Broker.Plugin | Package name: Microsoft.AAD.Broker.Plugin
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.AccountsControl | Package name: Microsoft.AccountsControl
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.AsyncTextService | Package name: Microsoft.AsyncTextService
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Hello setup UI | Package name: Microsoft.BioEnrollment
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.CredDialogHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.ECApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.LockApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft Edge | Package name: Microsoft.MicrosoftEdge
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.MicrosoftEdgeDevToolsClient
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.PPIProjection
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
---
- Microsoft.Win32WebViewHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.Apprep.ChxApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.AssignedAccessLockApp
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.CapturePicker
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.CloudExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.ContentDeliveryManager
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Cortana | Package name: Microsoft.Windows.Cortana
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | | | ✔️ |
---
- Microsoft.Windows.OOBENetworkCaptivePort
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.OOBENetworkConnectionFlow
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.ParentalControls
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- People Hub | Package name: Microsoft.Windows.PeopleExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.PinningConfirmationDialog
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.SecHealthUI
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.Windows.SecureAssessmentBrowser
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Start | Package name: Microsoft.Windows.ShellExperienceHost
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Microsoft.XboxGameCallableUI
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Windows.CBSPreview
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Settings | Package name: Windows.immersivecontrolpanel
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
- Print 3D | Package name: Windows.Print3D
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ✔️ | | | ✔️ |
---
- Print UI | Package name: Windows.PrintDialog
---
| Uninstall through UI? | 21H1 | 20H2 | 1809 |
| --- | --- | --- | --- |
| ❌ | ✔️ | ✔️| ✔️ |
---
---

2
windows/application-management/sideload-apps-in-windows-10.md
View File

@ -14,10 +14,10 @@ ms.date: 05/20/2019
---
# Sideload LOB apps in Windows 10
**Applies to**
- Windows 10
- Windows 10 Mobile
> [!NOTE]
> As of Windows Insider Build 18956, sideloading is enabled by default. Now, you can deploy a signed package onto a device without a special configuration.

8
windows/application-management/toc.yml
View File

@ -3,16 +3,16 @@ items:
href: index.yml
- name: Application management
items:
- name: Apps in Windows 10
href: apps-in-windows-10.md
- name: Add apps and features in Windows 10
href: add-apps-and-features.md
- name: Sideload apps
href: sideload-apps-in-windows-10.md
- name: Remove background task resource restrictions
href: enterprise-background-activity-controls.md
- name: Enable or block Windows Mixed Reality apps in the enterprise
href: manage-windows-mixed-reality.md
- name: Understand apps in Windows 10
href: apps-in-windows-10.md
- name: Add apps and features in Windows 10
href: add-apps-and-features.md
- name: Repackage win32 apps in the MSIX format
href: msix-app-packaging-tool.md
- name: Application Virtualization (App-V)

180
windows/client-management/mdm/defender-csp.md
View File

@ -35,6 +35,18 @@ Defender
------------InitialDetectionTime
------------LastThreatStatusChangeTime
------------NumberOfDetections
----EnableNetworkProtection
--------AllowNetworkProtectionDownLevel
--------AllowNetworkProtectionOnWinServer
--------DisableNetworkProtectionPerfTelemetry
--------DisableDatagramProcessing
--------DisableInboundConnectionFiltering
--------EnableDnsSinkhole
--------DisableDnsOverTcpParsing
--------DisableHttpParsing
--------DisableRdpParsing
--------DisableSshParsing
--------DisableTlsParsing
----Health
--------ProductStatus (Added in Windows 10 version 1809)
--------ComputerState
@ -125,7 +137,7 @@ The following table describes the supported values:
| 7 | Remote access Trojan |
| 8 | Trojan |
| 9 | Email flooder |
| 10 | Keylogger |
| 10 | Key logger |
| 11 | Dialer |
| 12 | Monitoring software |
| 13 | Browser modifier |
@ -185,7 +197,28 @@ The following list shows the supported values:
- 7 = Removed
- 8 = Cleaned
- 9 = Allowed
- 10 = No Status ( Cleared)
- 10 = No Status (Cleared)
Supported operation is Get.
<a href="" id="detections-threatid-currentstatus"></a>**Detections/*ThreatId*/CurrentStatus**
Information about the current status of the threat.
The data type is integer.
The following list shows the supported values:
- 0 = Active
- 1 = Action failed
- 2 = Manual steps required
- 3 = Full scan required
- 4 = Reboot required
- 5 = Remediated with noncritical failures
- 6 = Quarantined
- 7 = Removed
- 8 = Cleaned
- 9 = Allowed
- 10 = No Status (Cleared)
Supported operation is Get.
@ -217,6 +250,139 @@ The data type is integer.
Supported operation is Get.
<a href="" id="enablenetworkprotection"></a>**EnableNetworkProtection**
The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources.
The acceptable values for this parameter are:
- 0: Disabled. The Network Protection service will not block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections.
- 1: Enabled. The Network Protection service will block connections to malicious websites based on URL Reputation from the SmartScreen URL reputation service.
- 2: AuditMode. As above, but the Network Protection service will not block connections to malicious websites, but will instead log the access to the event log.
Accepted values: Disabled, Enabled, and AuditMode
Position: Named
Default value: Disabled
Accept pipeline input: False
Accept wildcard characters: False
<a href="" id="enablenetworkprotection-allownetworkprotectiondownlevel"></a>**EnableNetworkProtection/AllowNetworkProtectionDownLevel**
By default, network protection is not allowed to be enabled on Windows versions before 1709, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode.
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-allownetworkprotectiononwinserver"></a>**EnableNetworkProtection/AllowNetworkProtectionOnWinServer**
By default, network protection is not allowed to be enabled on Windows Server, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode.
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disablenetworkprotectionperftelemetry"></a>**EnableNetworkProtection/DisableNetworkProtectionPerfTelemetry**
Network Protection sends up anonymized performance statistics about its connection monitoring to improve our product and help to find bugs. You can disable this behavior by setting this configuration to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disabledatagramprocessing"></a>**EnableNetworkProtection/DisableDatagramProcessing**
Network Protection inspects UDP connections allowing us to find malicious DNS or other UDP Traffic. To disable this functionality, set this configuration to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disableinboundconnectionfiltering"></a>**EnableNetworkProtection/DisableInboundConnectionFiltering**
Network Protection inspects and can block both connections that originate from the host machine, as well as those that originates from outside the machine. To have network connection to inspect only outbound connections, set this configuration to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-enablednssinkhole"></a>**EnableNetworkProtection/EnableDnsSinkhole**
Network Protection can inspect the DNS traffic of a machine and, in conjunction with behavior monitoring, detect and sink hole DNS exfiltration attempts and other DNS based malicious attacks. Set this configuration to "$true" to enable this feature.
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disablednsovertcpparsing"></a>**EnableNetworkProtection/DisableDnsOverTcpParsing**
Network Protection inspects DNS traffic that occurs over a TCP channel, to provide metadata for Anti-malware Behavior Monitoring or to allow for DNS sink holing if the -EnableDnsSinkhole configuration is set. This can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disablednsparsing"></a>**EnableNetworkProtection/DisableDnsParsing**
Network Protection inspects DNS traffic that occurs over a UDP channel, to provide metadata for Anti-malware Behavior Monitoring or to allow for DNS sink holing if the -EnableDnsSinkhole configuration is set. This can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disablehttpparsing"></a>**EnableNetworkProtection/DisableHttpParsing**
Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disablerdpparsing"></a>**EnableNetworkProtection/DisableRdpParsing**
Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disablesshparsing"></a>**EnableNetworkProtection/DisableSshParsing**
Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="enablenetworkprotection-disabletlsparsing"></a>**EnableNetworkProtection/DisableTlsParsing**
Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
- Type: Boolean
- Position: Named
- Default value: False
- Accept pipeline input: False
- Accept wildcard characters: False
<a href="" id="health"></a>**Health**
An interior node to group information about Windows Defender health status.
@ -248,7 +414,7 @@ Supported product status values:
- Service is shutting down as part of system shutdown = 1 << 16
- Threat remediation failed critically = 1 << 17
- Threat remediation failed non-critically = 1 << 18
- No status flags set (well initialized state) = 1 << 19
- No status flags set (well-initialized state) = 1 << 19
- Platform is out of date = 1 << 20
- Platform update is in progress = 1 << 21
- Platform is about to be outdated = 1 << 22
@ -552,7 +718,7 @@ Beta Channel: Devices set to this channel will be the first to receive new updat
Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested applying to a small, representative part of your production population (~10%).
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
@ -581,7 +747,7 @@ Beta Channel: Devices set to this channel will be the first to receive new updat
Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments.
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%).
Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested applying to a small, representative part of your production population (~10%).
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
@ -637,8 +803,8 @@ The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
1 Enabled.
0 (default) Not Configured.
- 1 Enabled.
- 0 (default) Not Configured.
More details:

8
windows/client-management/mdm/surfacehub-csp.md
View File

@ -295,7 +295,7 @@ SurfaceHub
<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
<a href="" id="inboxapps-welcome-currentbackgroundpath"></a>**InBoxApps/Welcome/CurrentBackgroundPath**
<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
<p style="margin-left: 20px">Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
<p style="margin-left: 20px">The data type is string. Supported operation is Get and Replace.
@ -316,12 +316,12 @@ SurfaceHub
<p style="margin-left: 20px">Invitations to collaborate from the Whiteboard app are not allowed.
<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
<a href="" id="inboxapps-whiteboard-signindisabled"></a>**InBoxApps/Whiteboard/SigninDisabled**
<p style="margin-left: 20px">Sign-ins from the Whiteboard app are not allowed.
<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
<a href="" id="inboxapps-whiteboard-telemetrydisabled"></a>**InBoxApps/Whiteboard/TelemeteryDisabled**
<p style="margin-left: 20px">Telemetry collection from the Whiteboard app is not allowed.
@ -571,7 +571,7 @@ SurfaceHub
<p style="margin-left: 20px">If this setting is true, the device account will be used for proxy authentication. If false, a separate account will be used.
<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
<a href="" id="properties-proxyservers"></a>**Properties/ProxyServers**
<p style="margin-left: 20px">Added in <a href="https://support.microsoft.com/topic/may-28-2019-kb4499162-os-build-15063-1839-ed6780ab-38d6-f590-d789-5ba873b1e142" data-raw-source="[KB4499162](https://support.microsoft.com/topic/may-28-2019-kb4499162-os-build-15063-1839-ed6780ab-38d6-f590-d789-5ba873b1e142)">KB4499162</a> for Windows 10, version 1703. Specifies FQDNs of proxy servers to provide device account credentials to before any user interaction (if AllowAutoProxyAuth is enabled). This is a semi-colon separated list of server names, without any additional prefixes (e.g. https://).

6
windows/client-management/toc.yml
View File

@ -55,6 +55,12 @@ items:
items:
- name: Collect data using Network Monitor
href: troubleshoot-tcpip-netmon.md
- name: "Part 1: TCP/IP performance overview"
href: /troubleshoot/windows-server/networking/overview-of-tcpip-performance
- name: "Part 2: TCP/IP performance underlying network issues"
href: /troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network
- name: "Part 3: TCP/IP performance known issues"
href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues
- name: Troubleshoot TCP/IP connectivity
href: troubleshoot-tcpip-connectivity.md
- name: Troubleshoot port exhaustion

3
windows/client-management/troubleshoot-tcpip.md
View File

@ -17,6 +17,9 @@ manager: dansimp
In these topics, you will learn how to troubleshoot common problems in a TCP/IP network environment.
- [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
- [Part 1: TCP/IP performance overview](/troubleshoot/windows-server/networking/overview-of-tcpip-performance)
- [Part 2: TCP/IP performance underlying network issues](/troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network)
- [Part 3: TCP/IP performance known issues](/troubleshoot/windows-server/networking/tcpip-performance-known-issues)
- [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
- [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md)
- [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)

228
windows/deployment/TOC.yml
View File

@ -273,7 +273,7 @@
href: upgrade/windows-10-upgrade-paths.md
- name: Deploy Windows 10 with Microsoft 365
href: deploy-m365.md
- name: Understanding the Unified Update Platform
- name: Understand the Unified Update Platform
href: update/windows-update-overview.md
- name: Servicing stack updates
href: update/servicing-stack-updates.md
@ -321,57 +321,69 @@
- name: Active Directory-Based Activation Overview
href: volume-activation/active-directory-based-activation-overview.md
- name: Install and Configure VAMT
href: volume-activation/install-configure-vamt.md
- name: VAMT Requirements
href: volume-activation/vamt-requirements.md
- name: Install VAMT
href: volume-activation/install-vamt.md
- name: Configure Client Computers
href: volume-activation/configure-client-computers-vamt.md
items:
- name: Overview
href: volume-activation/install-configure-vamt.md
- name: VAMT Requirements
href: volume-activation/vamt-requirements.md
- name: Install VAMT
href: volume-activation/install-vamt.md
- name: Configure Client Computers
href: volume-activation/configure-client-computers-vamt.md
- name: Add and Manage Products
href: volume-activation/add-manage-products-vamt.md
- name: Add and Remove Computers
href: volume-activation/add-remove-computers-vamt.md
- name: Update Product Status
href: volume-activation/update-product-status-vamt.md
- name: Remove Products
href: volume-activation/remove-products-vamt.md
items:
- name: Overview
href: volume-activation/add-manage-products-vamt.md
- name: Add and Remove Computers
href: volume-activation/add-remove-computers-vamt.md
- name: Update Product Status
href: volume-activation/update-product-status-vamt.md
- name: Remove Products
href: volume-activation/remove-products-vamt.md
- name: Manage Product Keys
href: volume-activation/manage-product-keys-vamt.md
- name: Add and Remove a Product Key
href: volume-activation/add-remove-product-key-vamt.md
- name: Install a Product Key
href: volume-activation/install-product-key-vamt.md
- name: Install a KMS Client Key
href: volume-activation/install-kms-client-key-vamt.md
items:
- name: Overview
href: volume-activation/manage-product-keys-vamt.md
- name: Add and Remove a Product Key
href: volume-activation/add-remove-product-key-vamt.md
- name: Install a Product Key
href: volume-activation/install-product-key-vamt.md
- name: Install a KMS Client Key
href: volume-activation/install-kms-client-key-vamt.md
- name: Manage Activations
href: volume-activation/manage-activations-vamt.md
- name: Perform Online Activation
href: volume-activation/online-activation-vamt.md
- name: Perform Proxy Activation
href: volume-activation/proxy-activation-vamt.md
- name: Perform KMS Activation
href: volume-activation/kms-activation-vamt.md
- name: Perform Local Reactivation
href: volume-activation/local-reactivation-vamt.md
- name: Activate an Active Directory Forest Online
href: volume-activation/activate-forest-vamt.md
- name: Activate by Proxy an Active Directory Forest
href: volume-activation/activate-forest-by-proxy-vamt.md
items:
- name: Overview
href: volume-activation/manage-activations-vamt.md
- name: Run Online Activation
href: volume-activation/online-activation-vamt.md
- name: Run Proxy Activation
href: volume-activation/proxy-activation-vamt.md
- name: Run KMS Activation
href: volume-activation/kms-activation-vamt.md
- name: Run Local Reactivation
href: volume-activation/local-reactivation-vamt.md
- name: Activate an Active Directory Forest Online
href: volume-activation/activate-forest-vamt.md
- name: Activate by Proxy an Active Directory Forest
href: volume-activation/activate-forest-by-proxy-vamt.md
- name: Manage VAMT Data
href: volume-activation/manage-vamt-data.md
- name: Import and Export VAMT Data
href: volume-activation/import-export-vamt-data.md
- name: Use VAMT in Windows PowerShell
href: volume-activation/use-vamt-in-windows-powershell.md
items:
- name: Overview
href: volume-activation/manage-vamt-data.md
- name: Import and Export VAMT Data
href: volume-activation/import-export-vamt-data.md
- name: Use VAMT in Windows PowerShell
href: volume-activation/use-vamt-in-windows-powershell.md
- name: VAMT Step-by-Step Scenarios
href: volume-activation/vamt-step-by-step.md
- name: "Scenario 1: Online Activation"
href: volume-activation/scenario-online-activation-vamt.md
- name: "Scenario 2: Proxy Activation"
href: volume-activation/scenario-proxy-activation-vamt.md
- name: "Scenario 3: KMS Client Activation"
href: volume-activation/scenario-kms-activation-vamt.md
items:
- name: Overview
href: volume-activation/vamt-step-by-step.md
- name: "Scenario 1: Online Activation"
href: volume-activation/scenario-online-activation-vamt.md
- name: "Scenario 2: Proxy Activation"
href: volume-activation/scenario-proxy-activation-vamt.md
- name: "Scenario 3: KMS Client Activation"
href: volume-activation/scenario-kms-activation-vamt.md
- name: VAMT Known Issues
href: volume-activation/vamt-known-issues.md
@ -486,67 +498,75 @@
- name: Application Compatibility Toolkit (ACT) Technical Reference
items:
- name: SUA User's Guide
href: planning/sua-users-guide.md
- name: Using the SUA Wizard
href: planning/using-the-sua-wizard.md
- name: Using the SUA Tool
href: planning/using-the-sua-tool.md
- name: Tabs on the SUA Tool Interface
href: planning/tabs-on-the-sua-tool-interface.md
- name: Showing Messages Generated by the SUA Tool
href: planning/showing-messages-generated-by-the-sua-tool.md
- name: Applying Filters to Data in the SUA Tool
href: planning/applying-filters-to-data-in-the-sua-tool.md
- name: Fixing Applications by Using the SUA Tool
href: planning/fixing-applications-by-using-the-sua-tool.md
items:
- name: Overview
href: planning/sua-users-guide.md
- name: Use the SUA Wizard
href: planning/using-the-sua-wizard.md
- name: Use the SUA Tool
href: planning/using-the-sua-tool.md
- name: Tabs on the SUA Tool Interface
href: planning/tabs-on-the-sua-tool-interface.md
- name: Show Messages Generated by the SUA Tool
href: planning/showing-messages-generated-by-the-sua-tool.md
- name: Apply Filters to Data in the SUA Tool
href: planning/applying-filters-to-data-in-the-sua-tool.md
- name: Fix apps using the SUA Tool
href: planning/fixing-applications-by-using-the-sua-tool.md
- name: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
href: planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
- name: Compatibility Administrator User's Guide
href: planning/compatibility-administrator-users-guide.md
- name: Using the Compatibility Administrator Tool
href: planning/using-the-compatibility-administrator-tool.md
- name: Available Data Types and Operators in Compatibility Administrator
href: planning/available-data-types-and-operators-in-compatibility-administrator.md
- name: Searching for Fixed Applications in Compatibility Administrator
href: planning/searching-for-fixed-applications-in-compatibility-administrator.md
- name: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
- name: Creating a Custom Compatibility Fix in Compatibility Administrator
href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
- name: Creating a Custom Compatibility Mode in Compatibility Administrator
href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
- name: Creating an AppHelp Message in Compatibility Administrator
href: planning/creating-an-apphelp-message-in-compatibility-administrator.md
- name: Viewing the Events Screen in Compatibility Administrator
href: planning/viewing-the-events-screen-in-compatibility-administrator.md
- name: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
- name: Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
- name: Managing Application-Compatibility Fixes and Custom Fix Databases
href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
- name: Understanding and Using Compatibility Fixes
href: planning/understanding-and-using-compatibility-fixes.md
- name: Compatibility Fix Database Management Strategies and Deployment
href: planning/compatibility-fix-database-management-strategies-and-deployment.md
- name: Testing Your Application Mitigation Packages
href: planning/testing-your-application-mitigation-packages.md
- name: Using the Sdbinst.exe Command-Line Tool
href: planning/using-the-sdbinstexe-command-line-tool.md
items:
- name: Overview
href: planning/compatibility-administrator-users-guide.md
- name: Use the Compatibility Administrator Tool
href: planning/using-the-compatibility-administrator-tool.md
- name: Available Data Types and Operators in Compatibility Administrator
href: planning/available-data-types-and-operators-in-compatibility-administrator.md
- name: Search for Fixed Applications in Compatibility Administrator
href: planning/searching-for-fixed-applications-in-compatibility-administrator.md
- name: Search for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
- name: Create a Custom Compatibility Fix in Compatibility Administrator
href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
- name: Create a Custom Compatibility Mode in Compatibility Administrator
href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
- name: Create an AppHelp Message in Compatibility Administrator
href: planning/creating-an-apphelp-message-in-compatibility-administrator.md
- name: View the Events Screen in Compatibility Administrator
href: planning/viewing-the-events-screen-in-compatibility-administrator.md
- name: Enable and Disable Compatibility Fixes in Compatibility Administrator
href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
- name: Install and Uninstall Custom Compatibility Databases in Compatibility Administrator
href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
- name: Manage Application-Compatibility Fixes and Custom Fix Databases
items:
- name: Overview
href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
- name: Understand and Use Compatibility Fixes
href: planning/understanding-and-using-compatibility-fixes.md
- name: Compatibility Fix Database Management Strategies and Deployment
href: planning/compatibility-fix-database-management-strategies-and-deployment.md
- name: Test Your Application Mitigation Packages
href: planning/testing-your-application-mitigation-packages.md
- name: Use the Sdbinst.exe Command-Line Tool
href: planning/using-the-sdbinstexe-command-line-tool.md
- name: Volume Activation
href: volume-activation/volume-activation-windows-10.md
- name: Plan for volume activation
href: volume-activation/plan-for-volume-activation-client.md
- name: Activate using Key Management Service
href: volume-activation/activate-using-key-management-service-vamt.md
- name: Activate using Active Directory-based activation
href: volume-activation/activate-using-active-directory-based-activation-client.md
- name: Activate clients running Windows 10
href: volume-activation/activate-windows-10-clients-vamt.md
- name: Monitor activation
href: volume-activation/monitor-activation-client.md
- name: Use the Volume Activation Management Tool
href: volume-activation/use-the-volume-activation-management-tool-client.md
items:
- name: Overview
href: volume-activation/volume-activation-windows-10.md
- name: Plan for volume activation
href: volume-activation/plan-for-volume-activation-client.md
- name: Activate using Key Management Service
href: volume-activation/activate-using-key-management-service-vamt.md
- name: Activate using Active Directory-based activation
href: volume-activation/activate-using-active-directory-based-activation-client.md
- name: Activate clients running Windows 10
href: volume-activation/activate-windows-10-clients-vamt.md
- name: Monitor activation
href: volume-activation/monitor-activation-client.md
- name: Use the Volume Activation Management Tool
href: volume-activation/use-the-volume-activation-management-tool-client.md
- name: "Appendix: Information sent to Microsoft during activation "
href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md

6
windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
View File

@ -145,8 +145,8 @@ When you configure your MDT Build Lab deployment share, you can also add applica
On **MDT01**:
1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC1902120058_en_US.exe) to **D:\\setup\\adobe** on MDT01.
2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC1902120058_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100520060_en_US.exe) to **D:\\setup\\adobe** on MDT01.
2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC2100520060_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
4. Right-click the **Applications** node, and create a new folder named **Adobe**.
@ -316,7 +316,7 @@ On **MDT01**:
### For the HP EliteBook 8560w
For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](https://go.microsoft.com/fwlink/p/?LinkId=619545).
For the HP EliteBook 8560w, you use HP Image Assistant to get the drivers. The HP Image Assistant can be accessed on the [HP Support site](https://ftp.ext.hp.com/pub/caps-softpaq/cmit/HPIA.html).
In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the **D:\\Drivers\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder.

2
windows/privacy/changes-to-windows-diagnostic-data-collection.md
View File

@ -52,7 +52,7 @@ Starting in Windows 10, version 1903 and newer, both the **Out-of-Box-Experience
In an upcoming release of Windows 10, were simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change. For a list of steps, see [Configure a Windows 11 device to limit crash dumps and logs](#configure-a-windows-11-device-to-limit-crash-dumps-and-logs). For more information on services that rely on Enhanced diagnostic data, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data).
Additionally, you will see the following policy changes in an upcoming release of Windows 10:
Additionally, you will see the following policy changes in an upcoming release of Windows Holographic, version 21H1 (HoloLens 2), Windows Server 2022 and Windows 11:
| Policy type | Current policy | Renamed policy |
| --- | --- | --- |

4
windows/security/identity-protection/access-control/active-directory-security-groups.md
View File

@ -3716,7 +3716,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-1000</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-&lt;variable RID&gt;</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -3760,4 +3760,4 @@ This security group was introduced in Windows Server 2012, and it has not chang
- [Special Identities](special-identities.md)
- [Access Control Overview](access-control.md)
- [Access Control Overview](access-control.md)

27
windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
View File

@ -21,16 +21,33 @@ ms.reviewer:
**Applies to**
- Windows 10
- Windows Server 2016
- Windows Server 2019
Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
The following known issue has been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/help/4051033):
- Scheduled tasks with stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
"Task Scheduler failed to log on \Test . <br>
Failure occurred in LogonUserExEx . <br>
- Scheduled tasks with domain user stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
"Task Scheduler failed to log on \Test. <br>
Failure occurred in LogonUserExEx. <br>
User Action: Ensure the credentials for the task are correctly specified. <br>
Additional Data: Error Value: 2147943726. 2147943726 : ERROR\_LOGON\_FAILURE (The user name or password is incorrect)."
Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect)."
- When enabling NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. For example:
> Log Name: Microsoft-Windows-NTLM/Operational
Source: Microsoft-Windows-Security-Netlogon
Event ID: 8004
Task Category: Auditing NTLM
Level: Information
Description:
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: \<Secure Channel Name>
User name:
@@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA
Domain name: NULL
- This event stems from a scheduled task running under local user context with the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4) or later and happens when Credential Guard is enabled.
- The username appears in an unusual format because local accounts arent protected by Credential Guard. The task also fails to execute.
- As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account.
The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
@ -107,4 +124,4 @@ Windows Defender Credential Guard is not supported by either these products, pro
This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard.
Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.

3
windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
View File

@ -82,6 +82,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
|-------------|---------|
| 0X80072F0C | Unknown |
| 0x80070057 | Invalid parameter or argument is passed. |
| 0x80090010 | NTE_PERM |
| 0x80090020 | NTE\_FAIL |
| 0x80090027 | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. |
| 0x8009002D | NTE\_INTERNAL\_ERROR |
@ -110,4 +111,4 @@ For errors listed in this table, contact Microsoft Support for assistance.
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)

18
windows/security/information-protection/tpm/trusted-platform-module-overview.md
View File

@ -14,12 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/29/2018
---
# Trusted Platform Module Technology Overview
**Applies to**
- Windows 11
- Windows 10
- Windows Server 2016
- Windows Server 2019
@ -28,7 +28,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a
## Feature description
Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:
[Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:
- Generate, store, and limit the use of cryptographic keys.
@ -54,13 +54,13 @@ Certificates can be installed or created on computers that are using the TPM. Af
Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process.
Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and later editions or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
## New and changed functionality
For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module).
For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module)
## Device health attestation
@ -75,14 +75,14 @@ Some things that you can check on the device are:
- Is SecureBoot supported and enabled?
> [!NOTE]
> Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
> Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
## Supported versions for device health attestation
| TPM version | Windows 10 | Windows Server 2016 | Windows Server 2019 |
|-------------|-------------|---------------------|---------------------|
| TPM 1.2 | >= ver 1607 | >= ver 1607 | Yes |
| TPM 2.0 | Yes | Yes | Yes |
| TPM version | Windows 11 | Windows 10 | Windows Server 2016 | Windows Server 2019 |
|-------------|-------------|-------------|---------------------|---------------------|
| TPM 1.2 | | >= ver 1607 | >= ver 1607 | Yes |
| TPM 2.0 | Yes | Yes | Yes | Yes |
## Related topics

3
windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -17,7 +17,8 @@ ms.technology: mde
# Enable virtualization-based protection of code integrity
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to**
- Windows 10
This topic covers different ways to enable Hypervisor-protected code integrity (HVCI) on Windows 10.
Some applications, including device drivers, may be incompatible with HVCI.

3
windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md
View File

@ -18,7 +18,8 @@ ms.technology: mde
# Baseline protections and additional qualifications for virtualization-based protection of code integrity
**Applies to** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to**
- Windows 10
Computers must meet certain hardware, firmware, and software requirements in order to take advantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.

2
windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
View File

@ -19,7 +19,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
- Windows 10
Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain.

2
windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
View File

@ -17,7 +17,7 @@ metadata:
title: Frequently asked questions - Microsoft Defender Application Guard
summary: |
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration.

2
windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
View File

@ -18,7 +18,7 @@ ms.technology: mde
# Prepare to install Microsoft Defender Application Guard
**Applies to:**
- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
- - Windows 10
## Review system requirements

3
windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
View File

@ -17,7 +17,8 @@ ms.technology: mde
# Microsoft Defender Application Guard overview
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to**
- Windows 10
Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.

5
windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
View File

@ -1,5 +1,5 @@
---
title: System requirements for Microsoft Defender Application Guard (Windows 10)
title: System requirements for Microsoft Defender Application Guard
description: Learn about the system requirements for installing and running Microsoft Defender Application Guard.
ms.prod: m365-security
ms.mktglfcycl: manage
@ -17,7 +17,8 @@ ms.technology: mde
# System requirements for Microsoft Defender Application Guard
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
**Applies to**
- Windows 10
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.

2
windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
View File

@ -19,7 +19,7 @@ ms.technology: mde
**Applies to:**
- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
- Windows 10
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.

2
windows/security/threat-protection/security-compliance-toolkit-10.md
View File

@ -45,7 +45,7 @@ The Security Compliance Toolkit consists of:
- Microsoft 365 Apps for enterprise, Version 2104
- Microsoft Edge security baseline
- Version 88
- Version 92
- Windows Update security baseline
- Windows 10 20H2 and below (October 2020 Update)

4
windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
View File

@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 08/16/2021
ms.technology: mde
---
@ -35,7 +35,7 @@ This policy setting is dependent on the **Account lockout threshold** policy set
- A user-defined number of minutes from 0 through 99,999
- Not defined
If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If th **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually.
If [Account lockout threshold](account-lockout-threshold.md) is configured, after the specified number of failed attempts, the account will be locked out. If the **Account lockout duration** is set to 0, the account will remain locked until an administrator unlocks it manually.
It is advisable to set **Account lockout duration** to approximately 15 minutes. To specify that the account will never be locked out, set the **Account lockout threshold** value to 0.

106
windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
View File

@ -14,7 +14,7 @@ author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
ms.date: 07/15/2021
ms.date: 08/10/2021
ms.technology: mde
---
@ -93,27 +93,86 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
```
An example of a valid Managed Installer rule collection using Microsoft Endpoint Config Manager (MEMCM) is shown below.
An example of a valid Managed Installer rule collection, using Microsoft Endpoint Config Manager (MEMCM), MEM (Intune), Powershell, and PowerShell ISE, is shown below. Remove any rules that you do not wish to designate as a Managed Installer.
```xml
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
<FilePublisherRule Id="6cc9a840-b0fd-4f86-aca7-8424a22b4b93" Name="MEMCM - CCMEXEC.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<AppLockerPolicy Version="1">
<RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
<RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
<FilePublisherRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Allow all" Description="Allow all" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="CCMEXEC.EXE">
<BinaryVersionRange LowSection="5.0.0.0" HighSection="*" />
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="780ae2d3-5047-4240-8a57-767c251cbb12" Name="MEMCM - CCMSETUP.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<RuleCollectionExtensions>
<ThresholdExtensions>
<Services EnforcementMode="Enabled" />
</ThresholdExtensions>
<RedstoneExtensions>
<SystemApps Allow="Enabled"/>
</RedstoneExtensions>
</RuleCollectionExtensions>
</RuleCollection>
<RuleCollection Type="Exe" EnforcementMode="AuditOnly">
<FilePublisherRule Id="9420c496-046d-45ab-bd0e-455b2649e41e" Name="Allow all" Description="Allow all" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<RuleCollectionExtensions>
<ThresholdExtensions>
<Services EnforcementMode="Enabled" />
</ThresholdExtensions>
<RedstoneExtensions>
<SystemApps Allow="Enabled"/>
</RedstoneExtensions>
</RuleCollectionExtensions>
</RuleCollection>
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
<RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
<FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® INTUNE™" BinaryName="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE">
<BinaryVersionRange LowSection="1.39.200.2" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6ead5a35-5bac-4fe4-a0a4-be8885012f87" Name="CMM - CCMEXEC.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="CCMEXEC.EXE">
<BinaryVersionRange LowSection="5.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="8e23170d-e0b7-4711-b6d0-d208c960f30e" Name="CCM - CCMSETUP.EXE, 5.0.0.0+, Microsoft signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="CCMSETUP.EXE">
<BinaryVersionRange LowSection="5.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
<FilePublisherRule Id="a8cb325e-b26e-4f52-b528-a137764cae42" Name="POWERSHELL.EXE, version 10.0.0.0 and above, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="POWERSHELL.EXE">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="a8cb325e-b26e-4f52-b528-a137764cae54" Name="POWERSHELL_ISE.EXE, version 10.0.0.0 and above, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="POWERSHELL_ISE.EXE">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
</AppLockerPolicy>
```
### Enable service enforcement in AppLocker policy
Since many installation processes rely on services, it is typically necessary to enable tracking of services.
@ -214,3 +273,32 @@ Ea Value Length: 7e
## Enabling managed installer logging events
Refer to [Understanding Application Control Events](event-id-explanations.md#optional-intelligent-security-graph-isg-or-managed-installer-mi-diagnostic-events) for information on enabling optional managed installer diagnostic events.
## Deploying the Managed Installer rule collection
Once you've completed configuring your chosen Managed Installer, by specifying which option to use in the AppLocker policy, enabling the service enforcement of it, and by enabling the Managed Installer option in a WDAC policy, you'll need to deploy it.
1. Use the following command to deploy the policy.
```powershell
$policyFile=
@"
Raw_AppLocker_Policy_XML
"@
Set-AppLockerPolicy -XmlPolicy $policyFile -Merge -ErrorAction SilentlyContinue
```
2. Verify Deployment of the ruleset was successful
```powershell
Get-AppLockerPolicy -Local
Version RuleCollections RuleCollectionTypes
------- --------------- -------------------
1 {0, 0, 0, 0...} {Appx, Dll, Exe, ManagedInstaller...}
```
Verify the output shows the ManagedInstaller rule set.
3. Get the policy XML (optional) using PowerShell:
```powershell
Get-AppLockerPolicy -Effective -Xml -ErrorVariable ev -ErrorAction SilentlyContinue
```
This command will show the raw XML to verify the individual rules that were set.

10
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
View File

@ -24,15 +24,15 @@ ms.date:
- Windows 10
- Windows Server 2016 and above
Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they are patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy which is applied to the following sets of devices:
Microsoft has strict requirements for code running in kernel. Consequently, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
- Hypervisor-protected code integrity (HVCI) enabled devices
- Windows 10 in S mode (S mode) devices
Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
> [!Note]
> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode.
> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It's recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode.
```xml
<?xml version="1.0" encoding="utf-8"?>
@ -55,8 +55,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
<EKUs />
<!--File Rules-->
<FileRules>
<Allow ID="ID_ALLOW_ALL_1" FriendlyName="" FileName="*" />
<Allow ID="ID_ALLOW_ALL_2" FriendlyName="" FileName="*" />
<Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
<Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
<Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
@ -315,7 +313,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
</DeniedSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_ALL_1"/>
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
@ -425,7 +422,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
<ProductSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_ALL_2" />
</FileRulesRef>
</ProductSigners>
</SigningScenario>

4
windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
View File

@ -14,7 +14,7 @@ audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
ms.reviewer: isbrahm
ms.date: 05/03/2018
ms.date: 08/12/2021
ms.technology: mde
---
@ -38,7 +38,7 @@ For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll**
```powershell
$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP2.exe'
New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs
```

22
windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
View File

@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 05/25/2017
ms.date: 08/16/2021
ms.technology: mde
---
@ -40,17 +40,15 @@ First, create the WMI filter and configure it to look for a specified version (o
1. Open the Group Policy Management console.
2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **WMI Filters**.
2. In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, and then select **WMI Filters**.
3. Click **Action**, and then click **New**.
3. Select **Action**, and then select **New**.
4. In the **Name** text box, type the name of the WMI filter.
>**Note:**  Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention.
4. In the **Name** text box, type the name of the WMI filter. Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention.
5. In the **Description** text box, type a description for the WMI filter. For example, if the filter excludes domain controllers, you might consider stating that in the description.
6. Click **Add**.
6. Select **Add**.
7. Leave the **Namespace** value set to **root\\CIMv2**.
@ -66,7 +64,7 @@ First, create the WMI filter and configure it to look for a specified version (o
... where Version like "6.1%" or Version like "6.2%"
```
To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
The following clause returns **true** for all devices that are not domain controllers:
@ -92,9 +90,9 @@ First, create the WMI filter and configure it to look for a specified version (o
select * from Win32_OperatingSystem where Version like "10.%" and ProductType="3"
```
9. Click **OK** to save the query to the filter.
9. Select **OK** to save the query to the filter.
10. Click **Save** to save your completed filter.
10. Select **Save** to save your completed filter.
> [!NOTE]
> If you're using multiple queries in the same WMI filter, these queries must all return **TRUE** for the filter requirements to be met and for the GPO to be applied.
@ -105,8 +103,8 @@ After you have created a filter with the correct query, link the filter to the G
1. Open the Group Policy Management console.
2. In the navigation pane, find and then click the GPO that you want to modify.
2. In the navigation pane, find and then select the GPO that you want to modify.
3. Under **WMI Filtering**, select the correct WMI filter from the list.
4. Click **Yes** to accept the filter.
4. Select **Yes** to accept the filter.