deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Various fixes: Acrolinx spelling, layout, note styles, indentation

Browse Source
This commit is contained in:
Gary Moore 2020-08-27 15:20:24 -07:00
parent 9eba446699
commit 3a8b0af9d5
3 changed files with 69 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/deployment/update/waas-wufb-csp-mdm.md
View File

@ -52,9 +52,12 @@ Drivers are automatically enabled because they are beneficial to device systems.
#### I want to receive pre-release versions of the next feature update
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
2. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
3. Use [Update/BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
4. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you are testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
1. For any of test devices you want to install pre-release builds, use [Update/ManagePreviewBuilds](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-managepreviewbuilds). Set this to **Enable preview builds**.
1. Use [Update/BranchReadinessLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-branchreadinesslevel) and select one of the preview Builds. Windows Insider Program Slow is the recommended channel for commercial customers who are using pre-release builds for validation.
1. Additionally, you can defer pre-release feature updates the same way as released updates, by setting a deferral period up to 14 days by using [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays). If you are testing with Windows Insider Program Slow builds, we recommend that you receive the preview updates to your IT department on day 0, when the update is released, and then have a 7-10 day deferral before rolling out to your group of testers. This ensures that if a problem is discovered, you can pause the rollout of the preview update before it reaches your tests.
#### I want to manage which released feature update my devices receive
@ -138,7 +141,7 @@ We recommend that you use set specific deadlines for feature and quality updates
- [Update/ConfigureDeadlineGracePeriod](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod)
- [Update/ConfigureDeadlineNoAutoReboot](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-configuredeadlinenoautoreboot)
These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardles of active hours.
These policies also offer an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose:
@ -172,8 +175,8 @@ There are additional settings that affect the notifications.
We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use the [Update/UpdateNotificationLevel](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
**0** (default) Use the default Windows Update notifications
**1** Turn off all notifications, excluding restart warnings
**0** (default) Use the default Windows Update notifications<br/>
**1** Turn off all notifications, excluding restart warnings<br/>
**2** Turn off all notifications, including restart warnings
> [!NOTE]

24
windows/deployment/usmt/usmt-scanstate-syntax.md
View File

@ -313,8 +313,8 @@ USMT provides the following options to specify what files you want to migrate.
USMT provides several options that you can use to analyze problems that occur during migration.
**Note**
The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option.
> [!NOTE]
> The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option.
@ -617,12 +617,11 @@ You can use the following options to migrate encrypted files. In all cases, by d
For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
**Note**
EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files
> [!NOTE]
> EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files
**Caution**
> [!CAUTION]
Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
@ -853,9 +852,8 @@ The following table indicates which command-line options are not compatible with
</table>
**Note**
You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
> [!NOTE]
> You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
@ -864,11 +862,3 @@ You must specify either the /**key** or /**keyfile** option with the /**encrypt*
[XML Elements Library](usmt-xml-elements-library.md)

94
windows/security/threat-protection/microsoft-defender-atp/android-intune.md
View File

@ -54,30 +54,28 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
2. On the **Add app** page and in the *App Information* section enter:
- **Name**
- **Description**
- **Publisher** as Microsoft.
- **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Microsoft Defender ATP Preview app Google Play Store URL)
Other fields are optional. Select **Next**.
- **Name**
- **Description**
- **Publisher** as Microsoft.
- **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Microsoft Defender ATP Preview app Google Play Store URL)
![Image of Microsoft Endpoint Manager Admin Center](images/mda-addappinfo.png)
Other fields are optional. Select **Next**.
3. In the *Assignments* section, go to the **Required** section and select **Add
group.** You can then choose the user group(s) that you would like to target
Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
![Image of Microsoft Endpoint Manager Admin Center](images/mda-addappinfo.png)
3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
>[!NOTE]
>The selected user group should consist of Intune enrolled users.
![Image of Microsoft Endpoint Manager Admin Center](images/363bf30f7d69a94db578e8af0ddd044b.png)
> [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager Admin Center](images/363bf30f7d69a94db578e8af0ddd044b.png)
6. In the **Review+Create** section, verify that all the information entered is
correct and then select **Create**.
6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
In a few moments, the Microsoft Defender ATP app would be created successfully,
and a notification would show up at the top-right corner of the page.
In a few moments, the Microsoft Defender ATP app would be created successfully, and a notification would show up at the top-right corner of the page.
![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png)
@ -86,7 +84,8 @@ and a notification would show up at the top-right corner of the page.
select **Device install status** to verify that the device installation has
completed successfully.
![Image of Microsoft Endpoint Manager Admin Center](images/513cf5d59eaaef5d2b5bc122715b5844.png)
> [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager Admin Center](images/513cf5d59eaaef5d2b5bc122715b5844.png)
### Complete onboarding and check status
@ -98,8 +97,8 @@ completed successfully.
2. Tap the Microsoft Defender ATP app icon and follow the on-screen instructions
to complete onboarding the app. The details include end-user acceptance of Android permissions required by Microsoft Defender ATP for Android.
>[!NOTE]
>If you already have **preview version of Microsoft Defender ATP app** installed, follow onboarding instruction to replace the existing version of app
> [!NOTE]
> If you already have **preview version of Microsoft Defender ATP app** installed, follow onboarding instruction to replace the existing version of app
3. Upon successful onboarding, the device will start showing up on the Devices
list in Microsoft Defender Security Center.
@ -130,7 +129,8 @@ Defender ATP app into your managed Google Play.
center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
**Android Apps** \> **Add** and select **managed Google Play app**.
![Image of Microsoft Endpoint Manager admin center](images/579ff59f31f599414cedf63051628b2e.png)
> [!div class="mx-imgBorder"]
> ![Image of Microsoft Endpoint Manager admin center](images/579ff59f31f599414cedf63051628b2e.png)
2. On your managed Google Play page that loads subsequently, go to the search
@ -144,7 +144,8 @@ ATP app from the Apps search result.
details on Microsoft Defender ATP. Review the information on the page and then
select **Approve**.
![A screenshot of a Managed Google Play](images/07e6d4119f265037e3b80a20a73b856f.png)
> [!div class="mx-imgBorder"]
> ![A screenshot of a Managed Google Play](images/07e6d4119f265037e3b80a20a73b856f.png)
4. You should now be presented with the permissions that Microsoft Defender ATP
@ -161,13 +162,15 @@ Android might ask. Review the choices and select your preferred option. Select
By default, managed Google Play selects *Keep approved when app requests new
permissions*
![Image of notifications tab](images/ffecfdda1c4df14148f1526c22cc0236.png)
> [!div class="mx-imgBorder"]
> ![Image of notifications tab](images/ffecfdda1c4df14148f1526c22cc0236.png)
6. After the permissions handling selection is made, select **Sync** to sync
Microsoft Defender ATP to your apps list.
![Image of sync page](images/34e6b9a0dae125d085c84593140180ed.png)
> [!div class="mx-imgBorder"]
> ![Image of sync page](images/34e6b9a0dae125d085c84593140180ed.png)
7. The sync will complete in a few minutes.
@ -177,48 +180,55 @@ Microsoft Defender ATP to your apps list.
8. Select the **Refresh** button in the Android apps screen and Microsoft
Defender ATP should be visible in the apps list.
![Image of list of Android apps](images/fa4ac18a6333335db3775630b8e6b353.png)
> [!div class="mx-imgBorder"]
> ![Image of list of Android apps](images/fa4ac18a6333335db3775630b8e6b353.png)
9. Microsoft Defender ATP supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
a. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
![Image of Microsoft Endpoint Manager admin center](images/android-mem.png)
![Image of Microsoft Endpoint Manager admin center](images/android-mem.png)
b. In the **Create app configuration policy** page, enter the following details:
1. In the **Create app configuration policy** page, enter the following details:
- Name: Microsoft Defender ATP.
- Choose **Android Enterprise** as platform.
- Choose **Work Profile only** as Profile Type.
- Click **Select App**, choose **Microsoft Defender ATP**, select **OK** and then **Next**.
![Image of create app configuration policy page](images/android-create-app.png)
> [!div class="mx-imgBorder"]
> ![Image of create app configuration policy page](images/android-create-app.png)
c. In the **Settings** page, go to the Permissions section click on Add to view the list of supported permissions. In the Add Permissions section, select the following permissions
- External storage (read)
- External storage (write)
1. In the **Settings** page, go to the Permissions section click on Add to view the list of supported permissions. In the Add Permissions section, select the following permissions:
Then select **OK**.
- External storage (read)
- External storage (write)
![Image of create app configuration policy](images/android-create-app-config.png)
Then select **OK**.
> [!div class="mx-imgBorder"]
![Image of create app configuration policy](images/android-create-app-config.png)
d. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
1. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
![Image of create app configuration policy](images/android-auto-grant.png)
> [!div class="mx-imgBorder"]
> ![Image of create app configuration policy](images/android-auto-grant.png)
e. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app.
1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app.
![Image of create app configuration policy](images/android-select-group.png)
> [!div class="mx-imgBorder"]
> ![Image of create app configuration policy](images/android-select-group.png)
f. In the **Review + Create** page that comes up next, review all the information and then select **Create**. <br>
1. In the **Review + Create** page that comes up next, review all the information and then select **Create**. <br>
The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
![Image of create app configuration policy](images/android-review-create.png)
The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
> [!div class="mx-imgBorder"]
> ![Image of create app configuration policy](images/android-review-create.png)
10. Select **Microsoft Defender ATP** app in the list \> **Properties** \>
@ -232,7 +242,8 @@ the device via Company Portal app. This assignment can be done by navigating to
the *Required* section \> **Add group,** selecting the user group and click
**Select**.
![Image of edit application page](images/ea06643280075f16265a596fb9a96042.png)
> [!div class="mx-imgBorder"]
> ![Image of edit application page](images/ea06643280075f16265a596fb9a96042.png)
12. In the **Edit Application** page, review all the information that was entered
@ -245,7 +256,8 @@ assignment.
clicking on the **Device Install Status**. Verify that the device is
displayed here.
![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png)
> [!div class="mx-imgBorder"]
> ![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png)
2. On the device, you can confirm the same by going to the **work profile** and