From cdc77db37ad061e9f98acdcc851e096b2b3a8c02 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 7 Sep 2021 20:49:41 +0530
Subject: [PATCH 01/38] Updated
---
.../mdm/policy-csp-admx-errorreporting.md | 641 +++++++++++-------
.../mdm/policy-csp-admx-eventforwarding.md | 45 +-
.../mdm/policy-csp-admx-eventlog.md | 460 ++++++++-----
.../mdm/policy-csp-admx-explorer.md | 109 +--
.../mdm/policy-csp-admx-filerecovery.md | 20 +-
.../policy-csp-admx-fileservervssprovider.md | 22 +-
.../mdm/policy-csp-admx-filesys.md | 177 +++--
.../mdm/policy-csp-admx-folderredirection.md | 155 +++--
.../mdm/policy-csp-admx-globalization.md | 395 +++++++----
9 files changed, 1283 insertions(+), 741 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index f54ecfc994..5db935cf84 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -120,28 +120,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
-  |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
-  |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -158,7 +164,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled.
+This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled.
If you enable this policy setting, you can instruct Windows Error Reporting in the Default pull-down menu to report either all application errors (the default setting), or no application errors.
@@ -195,28 +201,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -233,7 +245,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
+This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.
@@ -266,28 +278,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -304,7 +322,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies applications for which Windows Error Reporting should always report errors.
+This policy setting specifies applications for which Windows Error Reporting should always report errors.
To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.
@@ -343,28 +361,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -381,7 +405,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled.
+This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled.
This policy setting does not enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
@@ -433,28 +457,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -471,7 +501,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.
+This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.
If you enable this policy setting, Windows Error Reporting includes operating system errors.
@@ -506,28 +536,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -544,7 +580,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the behavior of the Windows Error Reporting archive.
+This policy setting controls the behavior of the Windows Error Reporting archive.
If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.
@@ -575,28 +611,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -613,7 +655,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the behavior of the Windows Error Reporting archive.
+This policy setting controls the behavior of the Windows Error Reporting archive.
If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.
@@ -644,28 +686,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -682,7 +730,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
+This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.
@@ -713,28 +761,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -751,7 +805,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
+This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.
If you enable or do not configure this policy setting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user.
@@ -782,28 +836,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -820,7 +880,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.
+This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.
If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.
@@ -851,28 +911,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -889,7 +955,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.
+This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.
If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.
@@ -920,28 +986,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -958,7 +1030,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
+This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.
@@ -989,28 +1061,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1027,7 +1105,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
+This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.
If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.
@@ -1058,28 +1136,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1096,7 +1180,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.
+This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.
If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.
@@ -1127,28 +1211,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1165,7 +1255,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.
+This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.
If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.
@@ -1196,28 +1286,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
-
+`
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1234,7 +1330,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft).
+This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft).
If you enable this policy setting, you can specify the name or IP address of an error report destination server on your organization’s network. You can also select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destination server for transmission.
@@ -1265,28 +1361,33 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
-
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1303,7 +1404,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
+This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
@@ -1344,28 +1445,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ No |
+ No |
| Education |
- |
+ No |
+ No |
@@ -1382,7 +1489,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
+This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.
@@ -1413,28 +1520,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1451,7 +1564,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
+This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.
If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.
@@ -1482,28 +1595,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1520,7 +1639,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the default consent behavior of Windows Error Reporting.
+This policy setting determines the default consent behavior of Windows Error Reporting.
If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
@@ -1559,28 +1678,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1597,7 +1722,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the default consent behavior of Windows Error Reporting.
+This policy setting determines the default consent behavior of Windows Error Reporting.
If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:
@@ -1636,28 +1761,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1674,7 +1805,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
+This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.
@@ -1705,28 +1836,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1743,7 +1880,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
+This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.
@@ -1775,28 +1912,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1813,7 +1956,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
+This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.
If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.
@@ -1844,28 +1987,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1882,7 +2031,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
+This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.
@@ -1913,28 +2062,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1951,7 +2106,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
+This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.
If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.
@@ -1982,28 +2137,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -2020,7 +2181,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
+This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
@@ -2051,28 +2212,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -2089,7 +2256,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Windows Error Reporting report queue.
+This policy setting determines the behavior of the Windows Error Reporting report queue.
If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel.
@@ -2122,28 +2289,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -2160,7 +2333,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of the Windows Error Reporting report queue.
+This policy setting determines the behavior of the Windows Error Reporting report queue.
If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page in Control Panel.
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index bd419345c7..dc00ad7337 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -40,28 +40,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -78,7 +84,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
+This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
@@ -113,29 +119,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
-
+ No |
+ No |
@@ -151,7 +162,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
+This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 7c171edf2e..1dda6c7ce0 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -96,28 +96,33 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
-
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -134,7 +139,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns on logging.
+This policy setting turns on logging.
If you enable or do not configure this policy setting, then events can be written to this log.
@@ -165,28 +170,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -203,7 +214,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
If you enable this policy setting, the Event Log uses the path specified in this policy setting.
@@ -234,28 +245,33 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
-
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -272,7 +288,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
If you enable this policy setting, the Event Log uses the path specified in this policy setting.
@@ -303,28 +319,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -341,7 +363,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
If you enable this policy setting, the Event Log uses the path specified in this policy setting.
@@ -372,28 +394,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -410,7 +438,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
+This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.
If you enable this policy setting, the Event Log uses the path specified in this policy setting.
@@ -441,28 +469,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -479,7 +513,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size of the log file in kilobytes.
+This policy setting specifies the maximum size of the log file in kilobytes.
If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.
@@ -510,28 +544,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -548,7 +588,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
@@ -581,28 +621,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -619,7 +665,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
@@ -652,28 +698,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -690,7 +742,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
@@ -723,28 +775,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -761,7 +819,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
+This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.
If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.
@@ -799,23 +857,28 @@ ADMX Info:
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -832,7 +895,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
If you enable this policy setting, only those users matching the security descriptor can access the log.
@@ -866,28 +929,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -904,7 +973,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.
@@ -938,28 +1007,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -976,7 +1051,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
If you enable this policy setting, only those users matching the security descriptor can access the log.
@@ -1010,28 +1085,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1048,7 +1129,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.
@@ -1082,28 +1163,33 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
-
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1120,7 +1206,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
If you enable this policy setting, only those users matching the security descriptor can access the log.
@@ -1153,28 +1239,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1191,7 +1283,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.
If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.
@@ -1224,28 +1316,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1262,7 +1360,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string. You must set both "configure log access" policy settings for this log in order to affect the both modern and legacy tools.
If you enable this policy setting, only those users matching the security descriptor can access the log.
@@ -1295,28 +1393,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1333,7 +1437,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
+This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) string.
If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.
@@ -1366,28 +1470,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ No |
+ No |
| Education |
- |
+ No |
+ No |
@@ -1404,7 +1514,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
@@ -1437,28 +1547,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1475,7 +1591,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
@@ -1508,28 +1624,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes | >
| Education |
- |
+ No |
+ No |
@@ -1546,7 +1668,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index be619c2c3b..a74f3183f5 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -48,28 +48,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -86,7 +92,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
+Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
> [!TIP]
@@ -113,28 +119,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -188,28 +200,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -226,7 +244,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.
+This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.
If you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
@@ -255,28 +273,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -293,7 +317,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
+This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
@@ -327,28 +351,33 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
-
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -365,7 +394,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
+This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
> [!TIP]
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 7f2635d2ab..5b451adc45 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -34,28 +34,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 2896e4cc5a..2d631edea5 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -36,28 +36,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -74,7 +80,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
+This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 079c55e92e..010a794280 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -55,28 +55,33 @@ manager: dansimp
**ADMX_FileSys/DisableCompression**
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
-
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -93,7 +98,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
+Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
> [!TIP]
@@ -119,28 +124,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -157,7 +168,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
+Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
A value of 0, the default, will enable delete notifications for all volumes.
@@ -186,28 +197,34 @@ ADMX Info:
**ADMX_FileSys/DisableEncryption**
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -224,7 +241,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
+Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
> [!TIP]
@@ -249,28 +266,34 @@ ADMX Info:
**ADMX_FileSys/EnablePagefileEncryption**
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -287,7 +310,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
> [!TIP]
@@ -312,28 +335,34 @@ ADMX Info:
**ADMX_FileSys/LongPathsEnabled**
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -350,7 +379,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
> [!TIP]
@@ -375,28 +404,34 @@ ADMX Info:
**ADMX_FileSys/ShortNameCreationSettings**
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -413,7 +448,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
+This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.
@@ -441,28 +476,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ No |
+ No |
| Education |
- |
+ No |
+ No |
@@ -479,7 +520,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
+Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
- Local Link to a Local Target
- Local Link to a Remote Target
@@ -514,28 +555,34 @@ ADMX Info:
**ADMX_FileSys/TxfDeprecatedFunctionality**
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -552,7 +599,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
+TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
> [!TIP]
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index ed28fb4638..9f945c9f33 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -53,28 +53,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -91,7 +97,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
+This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
If you enable this policy setting, users must manually select the files they wish to make available offline.
@@ -128,28 +134,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -166,7 +178,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether individual redirected shell folders are available offline by default.
+This policy setting allows you to control whether individual redirected shell folders are available offline by default.
For the folders affected by this setting, users must manually select the files they wish to make available offline.
@@ -202,28 +214,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -240,7 +258,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
+This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location.
@@ -271,28 +289,33 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
-
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -309,7 +332,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
+This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
@@ -343,28 +366,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -381,7 +410,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
+This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
@@ -414,28 +443,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -452,7 +487,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
+This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
@@ -487,28 +522,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -525,7 +566,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
+This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 857ff5d89f..69442d3b5d 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -105,28 +105,34 @@ manager: dansimp
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -143,7 +149,7 @@ manager: dansimp
-Available in the latest Windows 10 Insider Preview Build. This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.
+This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.
Note this does not affect the availability of user input methods on the lock screen or with the UAC prompt.
@@ -176,28 +182,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -214,7 +226,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
+This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.
@@ -253,28 +265,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ No |
+ No |
| Education |
- |
+ No |
+ No |
@@ -291,7 +309,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
+This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.
This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.
@@ -330,28 +348,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -368,7 +392,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Administrative options from the Region settings control panel.
+This policy setting removes the Administrative options from the Region settings control panel.
Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not, however, prevent an administrator or another application from changing these values programmatically.
@@ -407,28 +431,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -445,7 +475,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.
+This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.
This policy setting is used only to simplify the Regional Options control panel.
@@ -481,28 +511,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -519,7 +555,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.
+This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.
This policy setting is used only to simplify the Regional Options control panel.
@@ -554,28 +590,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -592,7 +634,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting removes the regional formats interface from the Region settings control panel.
+This policy setting removes the regional formats interface from the Region settings control panel.
This policy setting is used only to simplify the Regional and Language Options control panel.
@@ -625,28 +667,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -663,7 +711,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the automatic learning component of handwriting recognition personalization.
+This policy setting turns off the automatic learning component of handwriting recognition personalization.
Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user. Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored.
@@ -708,28 +756,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -746,7 +800,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the automatic learning component of handwriting recognition personalization.
+This policy setting turns off the automatic learning component of handwriting recognition personalization.
Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user. Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored.
@@ -791,28 +845,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -829,7 +889,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting does not change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list.
+This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting does not change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list.
The locale list is specified using language names, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States) and English (Canada).
@@ -862,28 +922,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -900,7 +966,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
+This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.
@@ -935,28 +1001,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -973,7 +1045,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
+This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.
To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.
@@ -1010,28 +1082,33 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
-
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1048,7 +1125,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the Windows UI language for all users.
+This policy setting restricts the Windows UI language for all users.
This is a policy setting for computers with more than one UI language installed.
@@ -1081,28 +1158,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1119,7 +1202,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the Windows UI language for specific users.
+This policy setting restricts the Windows UI language for specific users.
This policy setting applies to computers with more than one UI language installed.
@@ -1154,28 +1237,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1192,7 +1281,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their user geographical location (GeoID).
+This policy setting prevents users from changing their user geographical location (GeoID).
If you enable this policy setting, users cannot change their GeoID.
@@ -1227,28 +1316,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No |
@@ -1265,7 +1360,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their user geographical location (GeoID).
+This policy setting prevents users from changing their user geographical location (GeoID).
If you enable this policy setting, users cannot change their GeoID.
@@ -1300,28 +1395,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ No |
+ No | >
@@ -1338,7 +1439,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from customizing their locale by changing their user overrides.
+This policy setting prevents the user from customizing their locale by changing their user overrides.
Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.
@@ -1377,28 +1478,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
From 9684f9de539514cac158435315d1c3e360233e8e Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Tue, 21 Sep 2021 00:05:11 +0530
Subject: [PATCH 02/38] u
---
.../mdm/policy-csp-admx-folderredirection.md | 24 +-
.../mdm/policy-csp-admx-globalization.md | 206 ++++++++++--------
2 files changed, 133 insertions(+), 97 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index 9f945c9f33..dd4a6ae95e 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -79,8 +79,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -160,8 +160,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -240,8 +240,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -314,8 +314,8 @@ ADMX Info:
Yes |
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -392,8 +392,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -469,8 +469,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 69442d3b5d..d558de2248 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -131,8 +131,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -208,8 +208,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -286,13 +286,13 @@ ADMX Info:
| Enterprise |
- No |
- No |
+ Yes |
+ Yes |
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -374,8 +374,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -457,8 +457,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -537,8 +537,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -616,8 +616,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -693,8 +693,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -782,8 +782,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -871,8 +871,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -948,8 +948,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1027,8 +1027,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1107,8 +1107,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1184,8 +1184,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1263,8 +1263,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1342,8 +1342,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1421,8 +1421,8 @@ ADMX Info:
| Education |
- No |
- No | >
+ Yes |
+ Yes | >
@@ -1522,7 +1522,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from customizing their locale by changing their user overrides.
+This policy setting prevents the user from customizing their locale by changing their user overrides.
Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.
@@ -1561,28 +1561,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
@@ -1599,7 +1605,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer, the language selection defaults to English.
+This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer, the language selection defaults to English.
If you enable this policy setting, the dialog box controls in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a language different than the one used.
@@ -1632,28 +1638,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
@@ -1670,7 +1682,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.
The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected.
@@ -1704,28 +1716,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No | /td>
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
@@ -1742,7 +1760,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically.
The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted.
@@ -1777,28 +1795,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
@@ -1815,7 +1839,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an application from changing the setting programmatically.
The insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard.
@@ -1849,28 +1873,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
@@ -1887,7 +1917,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from changing the setting programmatically.
+This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from changing the setting programmatically.
The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard.
@@ -1922,28 +1952,34 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
- |
+ No |
+ No |
| Pro |
- |
+ No |
+ No |
| Business |
- |
+ No |
+ No |
| Enterprise |
- |
+ Yes |
+ Yes |
| Education |
- |
+ Yes |
+ Yes |
@@ -1960,7 +1996,7 @@ ADMX Info:
-Available in the latest Windows 10 Insider Preview Build. This policy setting determines how programs interpret two-digit years.
+This policy setting determines how programs interpret two-digit years.
This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly, consult the documentation or manufacturer of the program.
From 48ee84838917af9a3f73b9af3ca036115adaa112 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 23 Sep 2021 12:36:56 +0530
Subject: [PATCH 03/38] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 8 +
.../policy-configuration-service-provider.md | 39 ++
.../mdm/policy-csp-admx-globalization.md | 2 -
.../mdm/policy-csp-admx-touchinput.md | 333 ++++++++++++++++++
.../mdm/policy-csp-admx-wdi.md | 185 ++++++++++
.../mdm/policy-csp-admx-windowscolorsystem.md | 182 ++++++++++
windows/client-management/mdm/toc.yml | 6 +
7 files changed, 753 insertions(+), 2 deletions(-)
create mode 100644 windows/client-management/mdm/policy-csp-admx-touchinput.md
create mode 100644 windows/client-management/mdm/policy-csp-admx-wdi.md
create mode 100644 windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 6c81fd4df2..914708f36d 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1070,6 +1070,10 @@ ms.date: 10/08/2020
- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
+- [ADMX_TouchInput/TouchInputOff_1](./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_1)
+- [ADMX_TouchInput/TouchInputOff_2](./policy-csp-admx-touchinput.md#admx-touchinput-touchinputoff_2)
+- [ADMX_TouchInput/PanningEverywhereOff_1](./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_1)
+- [ADMX_TouchInput/PanningEverywhereOff_2](./policy-csp-admx-touchinput.md#admx-touchinput-panningeverywhereoff_2)
- [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
- [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
- [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
@@ -1221,9 +1225,13 @@ ms.date: 10/08/2020
- [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
- [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
- [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
+- [ADMX_WDI/WdiDpsScenarioExecutionPolicy](./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenarioexecutionpolicy)
+- [ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy](./policy-csp-admx-wdi.md#admx-wdi-wdidpsscenariodatasizelimitpolicy)
- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
+- [ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1](./policy-csp-admx-windowscolorsystem.md#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_1]
+- [ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2](./policy-csp-admx-windowscolorsystem.md#admx-windowscolorsystem-prohibitchanginginstalledprofilelist_2]
- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a03f3f09f7..392a113392 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -3727,6 +3727,23 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_TouchInput policies
+
+
+ -
+ ADMX_TouchInput/TouchInputOff_1
+
+ -
+ ADMX_TouchInput/TouchInputOff_2
+
+ -
+ ADMX_TouchInput/PanningEverywhereOff_1
+
+ -
+ ADMX_TouchInput/PanningEverywhereOff_2
+
+
+
### ADMX_TPM policies
@@ -4205,6 +4222,17 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WDI Policies
+
+
+ -
+ ADMX_WDI/WdiDpsScenarioExecutionPolicy
+
+ -
+ ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy
+
+
+
### ADMX_WinCal policies
@@ -4224,6 +4252,17 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WindowsColorSystem policies
+
+
+ -
+ ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1
+
+ -
+ ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2
+
+
+
### ADMX_WindowsConnectNow policies
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index d558de2248..6c360c3c98 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -13,8 +13,6 @@ manager: dansimp
---
# Policy CSP - ADMX_Globalization
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
new file mode 100644
index 0000000000..a5a34ab417
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -0,0 +1,333 @@
+---
+title: Policy CSP - ADMX_TouchInput
+description: Policy CSP - ADMX_TouchInput
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/23/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TouchInput
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+
+
+## ADMX_TouchInput policies
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ -
+ ADMX_TouchInput/TouchInputOff_1
+
+ -
+ ADMX_TouchInput/TouchInputOff_2
+
+ -
+ ADMX_TouchInput/PanningEverywhereOff_1
+
+ -
+ ADMX_TouchInput/PanningEverywhereOff_2
+
+
+
+
+
+
+
+**ADMX_TouchInput/TouchInputOff_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+
+- If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
+- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+
+If you do not configure this setting, touch input is on by default. Note: Changes to this setting will not take effect until the user logs off.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Turn off Tablet PC touch input*
+- GP name: *TouchInputOff_1*
+- GP path: *Windows Components\Tablet PC\Touch Input*
+- GP ADMX file name: *TouchInput.admx*
+
+
+
+
+**ADMX_TouchInput/TouchInputOff_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+
+- If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
+- If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+
+If you do not configure this setting, touch input is on by default. Note: Changes to this setting will not take effect until the user logs off.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Turn off Tablet PC touch input*
+- GP name: *TouchInputOff_2*
+- GP path: *Windows Components\Tablet PC\Touch Input*
+- GP ADMX file name: *TouchInput.admx*
+
+
+
+
+
+
+
+**ADMX_TouchInput/PanningEverywhereOff_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+
+- If you enable this setting, the user will not be able to pan windows by touch.
+
+- If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Panning is on by default.
+
+> [!NOTE]
+> Changes to this setting will not take effect until the user logs off.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Turn off Touch Panning*
+- GP name: *PanningEverywhereOff_1*
+- GP path: *Windows Components\Tablet PC\Touch Input*
+- GP ADMX file name: *TouchInput.admx*
+
+
+
+
+
+**ADMX_TouchInput/PanningEverywhereOff_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+
+- If you enable this setting, the user will not be able to pan windows by touch.
+
+- If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Panning is on by default.
+
+> [!NOTE]
+> Changes to this setting will not take effect until the user logs off.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Turn off Touch Panning*
+- GP name: *PanningEverywhereOff_2*
+- GP path: *Windows Components\Tablet PC\Touch Input*
+- GP ADMX file name: *TouchInput.admx*
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
new file mode 100644
index 0000000000..900905feee
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -0,0 +1,185 @@
+---
+title: Policy CSP - ADMX_WDI
+description: Policy CSP - ADMX_WDI
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 11/09/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WDI
+
+
+
+
+## ADMX_WDI policies
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ -
+ ADMX_WDI/WdiDpsScenarioExecutionPolicy
+
+ -
+ ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy
+
+
+
+
+
+
+
+**ADMX_WDI/WdiDpsScenarioExecutionPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.
+- If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
+- If you disable or do not configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+This policy setting will only take effect when the Diagnostic Policy Service is in the running state.
+When the service is stopped or disabled, diagnostic scenario data will not be deleted.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Diagnostics: Configure scenario retention*
+- GP name: *WdiDpsScenarioExecutionPolicy*
+- GP path: *System\Troubleshooting and Diagnostics*
+- GP ADMX file name: *WDI.admx*
+
+
+
+
+
+
+**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.
+
+- If you enable this policy setting, you must select an execution level from the drop-down menu.
+
+If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
+
+- If you disable this policy setting, Windows cannot detect, troubleshoot, or resolve any problems that are handled by the DPS.
+
+If you do not configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it is enabled or disabled. Scenario-specific policy settings only take effect if this policy setting is not configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Diagnostics: Configure scenario execution level*
+- GP name: *WdiDpsScenarioDataSizeLimitPolicy*
+- GP path: *System\Troubleshooting and Diagnostics*
+- GP ADMX file name: *WDI.admx*
+
+
+
+
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
new file mode 100644
index 0000000000..fe79bb59e1
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -0,0 +1,182 @@
+---
+title: Policy CSP - ADMX_WindowsColorSystem
+description: Policy CSP - ADMX_WindowsColorSystem
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsColorSystem
+
+
+
+
+## ADMX_WindowsColorSystem policies
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ -
+ ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_1
+
+ -
+ ADMX_WindowsColorSystem/ProhibitChangingInstalledProfileList_2
+
+
+
+
+
+
+
+**WindowsColorSystem/ProhibitChangingInstalledProfileList_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy setting affects the ability of users to install or uninstall color profiles.
+
+- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
+
+- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prohibit installing or uninstalling color profiles*
+- GP name: *ProhibitChangingInstalledProfileList_1*
+- GP path: *Windows Components\Windows Color System*
+- GP ADMX file name: *WindowsColorSystem.admx*
+
+
+
+
+
+
+**WindowsColorSystem/ProhibitChangingInstalledProfileList_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy setting affects the ability of users to install or uninstall color profiles.
+
+- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
+
+- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prohibit installing or uninstalling color profiles*
+- GP name: *ProhibitChangingInstalledProfileList_2*
+- GP path: *Windows Components\Windows Color System*
+- GP ADMX file name: *WindowsColorSystem.admx*
+
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 1d385366fb..d04dd64448 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -577,6 +577,8 @@ items:
href: policy-csp-admx-tcpip.md
- name: ADMX_Thumbnails
href: policy-csp-admx-thumbnails.md
+ - name: ADMX_TouchInput
+ href: policy-csp-admx-touchinput.md
- name: ADMX_TPM
href: policy-csp-admx-tpm.md
- name: ADMX_UserExperienceVirtualization
@@ -587,10 +589,14 @@ items:
href: policy-csp-admx-w32time.md
- name: ADMX_WCM
href: policy-csp-admx-wcm.md
+ - name: ADMX_WDI
+ href: policy-csp-admx-wdi.md
- name: ADMX_WinCal
href: policy-csp-admx-wincal.md
- name: ADMX_WindowsAnytimeUpgrade
href: policy-csp-admx-windowsanytimeupgrade.md
+ - name: ADMX_WindowsColorSystem
+ href: policy-csp-admx-windowscolorsystem.md
- name: ADMX_WindowsConnectNow
href: policy-csp-admx-windowsconnectnow.md
- name: ADMX_WindowsExplorer
From 72328e9427e400cf593faee1aaee0802c973c716 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 23 Sep 2021 16:32:10 +0530
Subject: [PATCH 04/38] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 8 +
.../policy-configuration-service-provider.md | 29 +
.../mdm/policy-csp-admx-errorreporting.md | 295 ++------
.../mdm/policy-csp-admx-eventforwarding.md | 32 +-
.../mdm/policy-csp-admx-eventlog.md | 226 ++----
.../mdm/policy-csp-admx-explorer.md | 63 +-
.../mdm/policy-csp-admx-filerecovery.md | 21 +-
.../policy-csp-admx-fileservervssprovider.md | 21 +-
.../mdm/policy-csp-admx-filesys.md | 100 +--
.../mdm/policy-csp-admx-folderredirection.md | 59 +-
.../mdm/policy-csp-admx-globalization.md | 155 +----
.../mdm/policy-csp-admx-previousversions.md | 646 ++++++++++++++++++
windows/client-management/mdm/toc.yml | 2 +
13 files changed, 892 insertions(+), 765 deletions(-)
create mode 100644 windows/client-management/mdm/policy-csp-admx-previousversions.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 914708f36d..bedfa39992 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -821,6 +821,14 @@ ms.date: 10/08/2020
- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
+- [ADMX_PreviousVersions/DisableLocalPage_1](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_1)
+- [ADMX_PreviousVersions/DisableLocalPage_2](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalpage_2)
+- [ADMX_PreviousVersions/DisableRemotePage_1](./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_1)
+- [ADMX_PreviousVersions/DisableRemotePage_2](./policy-csp-admx-previousversions.md#admx-previousversions-disableremotepage_2)
+- [ADMX_PreviousVersions/HideBackupEntries_1](./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_1)
+- [ADMX_PreviousVersions/HideBackupEntries_2](./policy-csp-admx-previousversions.md#admx-previousversions-hidebackupentries_2)
+- [ADMX_PreviousVersions/DisableLocalRestore_1](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_1)
+- [ADMX_PreviousVersions/DisableLocalRestore_2](./policy-csp-admx-previousversions.md#admx-previousversions-disablelocalrestore_2)
- [ADMX_Printing/AllowWebPrinting](./policy-csp-admx-printing.md#admx-printing-allowwebprinting)
- [ADMX_Printing/ApplicationDriverIsolation](./policy-csp-admx-printing.md#admx-printing-applicationdriverisolation)
- [ADMX_Printing/CustomizedSupportUrl](./policy-csp-admx-printing.md#admx-printing-customizedsupporturl)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 392a113392..9218729fca 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2862,6 +2862,35 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_PreviousVersions policies
+
+
+ -
+ ADMX_PreviousVersions/DisableLocalPage_1
+
+ -
+ ADMX_PreviousVersions/DisableLocalPage_2
+
+ -
+ ADMX_PreviousVersions/DisableRemotePage_1
+
+ -
+ ADMX_PreviousVersions/DisableRemotePage_2
+
+ -
+ ADMX_PreviousVersions/HideBackupEntries_1
+
+ -
+ ADMX_PreviousVersions/HideBackupEntries_2
+
+ -
+ ADMX_PreviousVersions/DisableLocalRestore_1
+
+ -
+ ADMX_PreviousVersions/DisableLocalRestore_2
+
+
+
### ADMX_Printing policies
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 5db935cf84..05786ce5b4 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -13,14 +13,19 @@ manager: dansimp
---
# Policy CSP - ADMX_ErrorReporting
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
## ADMX_ErrorReporting policies
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
-
ADMX_ErrorReporting/PCH_AllOrNoneDef
@@ -146,8 +151,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -177,12 +182,6 @@ This policy setting is ignored if the Configure Error Reporting policy setting i
For related information, see the Configure Error Reporting and Report Operating System Errors policy settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -227,8 +226,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -254,12 +253,6 @@ If this policy setting is enabled, the Exclude errors for applications on this l
If you disable or do not configure this policy setting, the Default application reporting settings policy setting takes precedence.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -304,8 +297,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -337,12 +330,7 @@ Also see the "Default Application Reporting" and "Application Exclusion List" po
This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -387,8 +375,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -433,12 +421,6 @@ If you disable this policy setting, configuration settings in the policy setting
See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -483,8 +465,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -512,12 +494,6 @@ If you do not configure this policy setting, users can change this setting in Co
See also the Configure Error Reporting policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -562,8 +538,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -587,12 +563,6 @@ If you enable this policy setting, you can configure Windows Error Reporting arc
If you disable or do not configure this policy setting, no Windows Error Reporting information is stored.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -662,12 +632,6 @@ If you enable this policy setting, you can configure Windows Error Reporting arc
If you disable or do not configure this policy setting, no Windows Error Reporting information is stored.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -712,8 +676,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -737,12 +701,6 @@ If you enable or do not configure this policy setting, any memory dumps generate
If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -811,14 +769,6 @@ If you enable or do not configure this policy setting, any memory dumps generate
If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
@@ -862,8 +812,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -887,12 +837,6 @@ If you enable this policy setting, WER does not throttle data; that is, WER uplo
If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -937,8 +881,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -963,11 +907,6 @@ If you disable or do not configure this policy setting, WER throttles data by de
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1012,8 +951,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1037,12 +976,6 @@ If you enable this policy setting, WER does not check for network cost policy re
If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1087,8 +1020,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1112,12 +1045,6 @@ If you enable this policy setting, WER does not check for network cost policy re
If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1162,8 +1089,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1187,12 +1114,6 @@ If you enable this policy setting, WER does not determine whether the computer i
If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1237,8 +1158,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1262,12 +1183,6 @@ If you enable this policy setting, WER does not determine whether the computer i
If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1312,8 +1227,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1337,12 +1252,6 @@ If you enable this policy setting, you can specify the name or IP address of an
If you disable or do not configure this policy setting, Windows Error Reporting sends error reports to Microsoft.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1386,8 +1295,8 @@ ADMX Info:
Yes |
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1421,12 +1330,6 @@ If you enable this policy setting, you can add specific event types to a list by
If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1471,8 +1374,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1496,12 +1399,6 @@ If you enable this policy setting, the default consent levels of Windows Error R
If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1546,8 +1443,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1571,12 +1468,6 @@ If you enable this policy setting, the default consent levels of Windows Error R
If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1621,8 +1512,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1654,12 +1545,6 @@ If you enable this policy setting, you can set the default consent handling for
If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1704,8 +1589,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1737,12 +1622,6 @@ If you enable this policy setting, you can set the default consent handling for
If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sending data.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1787,8 +1666,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1812,12 +1691,6 @@ If you enable this policy setting, Windows Error Reporting does not send any pro
If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1862,8 +1735,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1888,12 +1761,6 @@ If you disable or do not configure this policy setting, errors are reported on a
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1938,8 +1805,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1963,12 +1830,6 @@ If you enable this policy setting, you can create a list of applications that ar
If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2013,8 +1874,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -2038,12 +1899,6 @@ If you enable this policy setting, Windows Error Reporting events are not record
If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2088,8 +1943,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -2113,12 +1968,6 @@ If you enable this policy setting, Windows Error Reporting events are not record
If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2163,8 +2012,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -2188,12 +2037,6 @@ If you enable this policy setting, any additional data requests from Microsoft i
If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2238,8 +2081,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -2265,12 +2108,6 @@ The Maximum number of reports to queue setting determines how many reports can b
If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2315,8 +2152,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -2342,12 +2179,6 @@ The Maximum number of reports to queue setting determines how many reports can b
If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time that a problem occurs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2360,7 +2191,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index dc00ad7337..6c88919cf8 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -14,14 +14,19 @@ manager: dansimp
# Policy CSP - ADMX_EventForwarding
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
## ADMX_EventForwarding policies
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
-
ADMX_EventForwarding/ForwarderResourceUsage
@@ -66,8 +71,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -93,12 +98,7 @@ If you disable or do not configure this policy setting, forwarder resource usage
This setting applies across all subscriptions for the forwarder (source computer).
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -145,8 +145,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -178,12 +178,6 @@ When using the HTTP protocol, use port 5985.
If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -196,8 +190,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 1dda6c7ce0..e5bb236763 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -13,14 +13,19 @@ manager: dansimp
---
# Policy CSP - ADMX_EventLog
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
## ADMX_EventLog policies
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
-
ADMX_EventLog/Channel_LogEnabled
@@ -121,8 +126,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -146,12 +151,6 @@ If you enable or do not configure this policy setting, then events can be writte
If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -196,8 +195,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -221,12 +220,6 @@ If you enable this policy setting, the Event Log uses the path specified in this
If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -270,8 +263,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -295,12 +288,6 @@ If you enable this policy setting, the Event Log uses the path specified in this
If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -345,8 +332,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -370,12 +357,6 @@ If you enable this policy setting, the Event Log uses the path specified in this
If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -420,8 +401,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -445,12 +426,6 @@ If you enable this policy setting, the Event Log uses the path specified in this
If you disable or do not configure this policy setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -495,8 +470,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -520,12 +495,6 @@ If you enable this policy setting, you can configure the maximum log file size t
If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -570,8 +539,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -597,12 +566,6 @@ If you disable this policy setting and the "Retain old events" policy setting is
If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -647,8 +610,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -674,12 +637,6 @@ If you disable this policy setting and the "Retain old events" policy setting is
If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -724,8 +681,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -751,12 +708,6 @@ If you disable this policy setting and the "Retain old events" policy setting is
If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -801,8 +752,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -828,12 +779,6 @@ If you disable this policy setting and the "Retain old events" policy setting is
If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -852,8 +797,9 @@ ADMX Info:
- | Windows Edition |
- Supported? |
+ Edition |
+ Windows 10 |
+ Windows 11 |
| Home |
@@ -877,8 +823,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -905,12 +851,6 @@ If you disable or do not configure this policy setting, all authenticated users
> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -955,8 +895,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -983,12 +923,6 @@ If you disable or do not configure this policy setting, only system software and
> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1033,8 +967,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1061,12 +995,6 @@ If you disable or do not configure this policy setting, all authenticated users
> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1111,8 +1039,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1139,12 +1067,6 @@ If you disable or do not configure this policy setting, only system software and
> If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1188,8 +1110,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1215,12 +1137,6 @@ If you disable this policy setting, all authenticated users and system services
If you do not configure this policy setting, the previous policy setting configuration remains in effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1265,8 +1181,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1292,12 +1208,6 @@ If you disable this policy setting, only system software and administrators can
If you do not configure this policy setting, the previous policy setting configuration remains in effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1342,8 +1252,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1369,12 +1279,6 @@ If you disable this policy setting, all authenticated users and system services
If you do not configure this policy setting, the previous policy setting configuration remains in effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1419,8 +1323,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1446,12 +1350,6 @@ If you disable this policy setting, only system software and administrators can
If you do not configure this policy setting, the previous policy setting configuration remains in effect.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1496,8 +1394,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1523,12 +1421,6 @@ If you disable or do not configure this policy setting and a log file reaches it
Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1573,8 +1465,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1600,12 +1492,6 @@ If you disable or do not configure this policy setting and a log file reaches it
Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1650,8 +1536,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -1677,12 +1563,6 @@ If you disable or do not configure this policy setting and a log file reaches it
Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1695,7 +1575,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index a74f3183f5..c7514101dd 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -13,14 +13,19 @@ manager: dansimp
---
# Policy CSP - ADMX_Explorer
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
## ADMX_Explorer policies
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
-
ADMX_Explorer/AdminInfoUrl
@@ -74,8 +79,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -95,12 +100,6 @@ manager: dansimp
Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -145,8 +144,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -175,14 +174,6 @@ If you disable or do not configure this policy setting, the menu bar will not be
> [!NOTE]
> When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
ADMX Info:
- GP Friendly name: *Display the menu bar in File Explorer*
@@ -226,8 +217,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -249,12 +240,6 @@ This policy setting allows administrators who have configured roaming profile in
If you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -299,8 +284,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -327,12 +312,6 @@ If you disable or do not configure this policy setting, users will be able to ad
> Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -376,8 +355,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -397,12 +376,6 @@ ADMX Info:
This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -415,6 +388,4 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 5b451adc45..aeb520d2ea 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -13,9 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_FileRecovery
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -60,8 +64,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -81,12 +85,7 @@ manager: dansimp
> This policy setting applies to all sites in Trusted zones.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -96,8 +95,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 2d631edea5..416b833dea 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -13,8 +13,13 @@ manager: dansimp
---
# Policy CSP - ADMX_FileServerVSSProvider
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -62,8 +67,8 @@ manager: dansimp
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -90,12 +95,6 @@ By default, the RPC protocol message between File Server VSS provider and File S
> To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -108,8 +107,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 010a794280..54c474440a 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -13,13 +13,18 @@ manager: dansimp
---
# Policy CSP - ADMX_FileSys
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
-## ADMX_FileSys policies
+## ADMX_FileSys policies
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
@@ -80,8 +85,8 @@ manager: dansimp
| Yes |
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -101,12 +106,7 @@ manager: dansimp
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -150,8 +150,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -175,12 +175,6 @@ A value of 0, the default, will enable delete notifications for all volumes.
A value of 1 will disable delete notifications for all volumes.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -223,8 +217,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -243,13 +237,6 @@ ADMX Info:
Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
-
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -292,8 +279,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -313,12 +300,6 @@ ADMX Info:
Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -361,8 +342,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -382,12 +363,6 @@ ADMX Info:
Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -430,8 +405,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ | Yes |
@@ -453,12 +428,6 @@ This policy setting provides control over whether or not short names are generat
If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -497,13 +466,13 @@ ADMX Info:
| Enterprise |
- No |
- No |
+ Yes |
+ Yes |
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -533,12 +502,6 @@ For more information, refer to the Windows Help section.
> If this policy is disabled or not configured, local administrators may select the types of symbolic links to be evaluated.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -581,8 +544,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -602,12 +565,7 @@ ADMX Info:
TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -620,8 +578,6 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index dd4a6ae95e..9bdab22253 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -13,14 +13,19 @@ manager: dansimp
---
# Policy CSP - ADMX_FolderRedirection
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
## ADMX_FolderRedirection policies
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
-
ADMX_FolderRedirection/DisableFRAdminPin
@@ -111,12 +116,6 @@ If you disable or do not configure this policy setting, redirected shell folders
> If one or more valid folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -190,12 +189,6 @@ If you disable or do not configure this policy setting, all redirected shell fol
> The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline".
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -265,12 +258,6 @@ If you enable this policy setting, when the path to a redirected folder is chang
If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network location.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -342,12 +329,6 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
> This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -420,12 +401,6 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
> This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -499,12 +474,6 @@ If you disable or do not configure this policy setting and the user has redirect
> If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -548,8 +517,8 @@ ADMX Info:
| Education |
- No |
- No |
+ Yes |
+ Yes |
@@ -578,12 +547,7 @@ If you disable or do not configure this policy setting and the user has redirect
> If you enable this policy setting in Computer Configuration and User Configuration, the Computer Configuration policy setting takes precedence.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -596,8 +560,5 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 6c360c3c98..812087e3a5 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -19,6 +19,13 @@ manager: dansimp
## ADMX_Globalization policies
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
-
ADMX_Globalization/BlockUserInputMethodsForSignIn
@@ -156,12 +163,7 @@ If the policy is Enabled, then the user will get input methods enabled for the s
If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
ADMX Info:
@@ -239,12 +241,6 @@ If this policy setting is enabled at the machine level, it cannot be disabled by
To set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -322,12 +318,6 @@ If this policy setting is enabled at the machine level, it cannot be disabled by
To set this policy setting on a per-user basis, make sure that you do not configure the per-machine policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -405,12 +395,6 @@ If you disable or do not configure this policy setting, the user can see the Adm
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -485,12 +469,6 @@ If you disable or do not configure this policy setting, the user sees the option
> Even if a user can see the GeoID option, the "Disallow changing of geographical location" option can prevent them from actually changing their current geographical location.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -564,12 +542,6 @@ If you enable this policy setting, the user does not see the option for changing
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -641,12 +613,6 @@ If you enable this policy setting, the user does not see the regional formats op
If you disable or do not configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -730,12 +696,6 @@ This policy setting is related to the "Turn off handwriting personalization" pol
> Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -819,12 +779,6 @@ This policy setting is related to the "Turn off handwriting personalization" pol
> Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -896,12 +850,6 @@ If you enable this policy setting, administrators can select a system locale onl
If you disable or do not configure this policy setting, administrators can select any system locale shipped with the operating system.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -975,12 +923,6 @@ If you enable this policy setting, only locales in the specified locale list can
If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, restrictions are based on per-user policies.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1056,12 +998,6 @@ If you disable or do not configure this policy setting, users can select any loc
If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, restrictions are based on per-user policies.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1132,12 +1068,6 @@ If you enable this policy setting, the UI language of Windows menus and dialogs
If you disable or do not configure this policy setting, the user can specify which UI language is used.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1211,12 +1141,6 @@ If you disable or do not configure this policy setting, there is no restriction
To enable this policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the "Restrict selection of Windows menus and dialogs language" policy setting.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1290,12 +1214,6 @@ If you enable this policy setting at the computer level, it cannot be disabled b
To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1369,12 +1287,6 @@ If you enable this policy setting at the computer level, it cannot be disabled b
To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1452,12 +1364,6 @@ If this policy is set to Enabled at the computer level, then it cannot be disabl
To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1535,12 +1441,6 @@ If this policy is set to Enabled at the computer level, then it cannot be disabl
To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1612,12 +1512,6 @@ To enable this policy setting in Windows Vista, use the "Restricts the UI langua
If you disable or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1690,12 +1584,6 @@ If the policy is Disabled or Not Configured, then the user will be free to chang
Note that the availability and function of this setting is dependent on supported languages being enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1769,12 +1657,6 @@ If the policy is Disabled or Not Configured, then the user will be free to chang
Note that the availability and function of this setting is dependent on supported languages being enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1847,12 +1729,6 @@ If the policy is Disabled or Not Configured, then the user will be free to chang
Note that the availability and function of this setting is dependent on supported languages being enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -1926,12 +1802,6 @@ If the policy is Disabled or Not Configured, then the user will be free to chang
Note that the availability and function of this setting is dependent on supported languages being enabled.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2005,12 +1875,6 @@ For example, the default value, 2029, specifies that all two-digit years less th
If you disable or do not configure this policy setting, Windows does not interpret two-digit year formats using this scheme for the program.
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
ADMX Info:
@@ -2023,7 +1887,4 @@ ADMX Info:
-> [!NOTE]
-> These policies are currently only available as part of a Windows Insider release.
-
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
new file mode 100644
index 0000000000..b129567b19
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -0,0 +1,646 @@
+---
+title: Policy CSP - ADMX_PreviousVersions
+description: Policy CSP - ADMX_PreviousVersions
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 12/01/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PreviousVersions
+
+
+
+
+## ADMX_PreviousVersions policies
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ -
+ ADMX_PreviousVersions/DisableLocalPage_1
+
+ -
+ ADMX_PreviousVersions/DisableLocalPage_2
+
+ -
+ ADMX_PreviousVersions/DisableRemotePage_1
+
+ -
+ ADMX_PreviousVersions/DisableRemotePage_2
+
+ -
+ ADMX_PreviousVersions/HideBackupEntries_1/a>
+
+ -
+ ADMX_PreviousVersions/HideBackupEntries_2
+
+ -
+ ADMX_PreviousVersions/DisableLocalRestore_1
+
+ -
+ ADMX_PreviousVersions/DisableLocalRestore_2
+
+
+
+
+
+
+
+**ADMX_PreviousVersions/DisableLocalPage_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prevent restoring local previous versions*
+- GP name: *DisableLocalPage_1*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+**ADMX_PreviousVersions/DisableLocalPage_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prevent restoring local previous versions*
+- GP name: *DisableLocalPage_2*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+**ADMX_PreviousVersions/DisableRemotePage_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prevent restoring remote previous versions*
+- GP name: *DisableRemotePage_1*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+**ADMX_PreviousVersions/DisableRemotePage_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prevent restoring remote previous versions*
+- GP name: *DisableRemotePage_1*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+
+**ADMX_PreviousVersions/HideBackupEntries_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
+
+- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+
+- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.
+
+If you do not configure this policy setting, it is disabled by default.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Hide previous versions of files on backup location*
+- GP name: *HideBackupEntries_1*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+**ADMX_PreviousVersions/HideBackupEntries_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
+
+- If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+
+- If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.
+
+If you do not configure this policy setting, it is disabled by default.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Hide previous versions of files on backup location*
+- GP name: *HideBackupEntries_2*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+**ADMX_PreviousVersions/DisableLocalRestore_1**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prevent restoring remote previous versions*
+- GP name: *DisableLocalRestore_1*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
+
+**ADMX_PreviousVersions/DisableLocalRestore_2**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
+
+
+
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+
+- If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Prevent restoring remote previous versions*
+- GP name: *DisableLocalRestore_2*
+- GP path: *Windows Components\File Explorer\Previous Versions*
+- GP ADMX file name: *PreviousVersions.admx*
+
+
+
+
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index d04dd64448..91a4c42484 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -529,6 +529,8 @@ items:
href: policy-csp-admx-power.md
- name: ADMX_PowerShellExecutionPolicy
href: policy-csp-admx-powershellexecutionpolicy.md
+ - name: ADMX_PreviousVersions
+ href: policy-csp-admx-previousversions.md
- name: ADMX_Printing
href: policy-csp-admx-printing.md
- name: ADMX_Printing2
From 4c41d91252348e32bb716e269736984524614ac4 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 23 Sep 2021 16:35:18 +0530
Subject: [PATCH 05/38] Update policy-csp-admx-touchinput.md
---
windows/client-management/mdm/policy-csp-admx-touchinput.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index a5a34ab417..61f1751ef3 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -36,7 +36,7 @@ manager: dansimp
ADMX_TouchInput/TouchInputOff_2
-
- ADMX_TouchInput/PanningEverywhereOff_1
+ ADMX_TouchInput/PanningEverywhereOff_1
-
ADMX_TouchInput/PanningEverywhereOff_2
From e1847122f0694ca23d8fd1f6b157334dda2141b8 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Thu, 23 Sep 2021 16:53:48 +0530
Subject: [PATCH 06/38] Updated
---
.../mdm/policies-in-policy-csp-admx-backed.md | 1 +
.../policy-configuration-service-provider.md | 7 ++
.../mdm/policy-csp-admx-pushtoinstall.md | 103 ++++++++++++++++++
windows/client-management/mdm/toc.yml | 2 +
4 files changed, 113 insertions(+)
create mode 100644 windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index bedfa39992..cc3b267bd9 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -872,6 +872,7 @@ ms.date: 10/08/2020
- [ADMX_Programs/NoProgramsCPL](./policy-csp-admx-programs.md#admx-programs-noprogramscpl)
- [ADMX_Programs/NoWindowsFeatures](./policy-csp-admx-programs.md#admx-programs-nowindowsfeatures)
- [ADMX_Programs/NoWindowsMarketplace](./policy-csp-admx-programs.md#admx-programs-nowindowsmarketplace)
+- [ADMX_PushToInstall/DisablePushToInstall](./policy-csp-admx-pushtoinstall.md#admx-pushtoinstall-disablepushtoinstall)
- [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
- [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
- [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 9218729fca..a5a16c472b 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -3033,6 +3033,13 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_PushToInstall policies
+
+
+ -
+ ADMX_PushToInstall/DisablePushToInstall
+
+
### ADMX_Reliability policies
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
new file mode 100644
index 0000000000..2dd314e5ca
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -0,0 +1,103 @@
+---
+title: Policy CSP - ADMX_PushToInstall
+description: Policy CSP - ADMX_PushToInstall
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 12/01/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PushToInstall
+
+
+
+
+## ADMX_PushToInstall policies
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ -
+ ADMX_PushToInstall/DisablePushToInstall
+
+
+
+
+
+
+
+**ADMX_PushToInstall/DisablePushToInstall**
+
+
+
+
+ | Edition |
+ Windows 10 |
+ Windows 11 |
+
+
+ | Home |
+ No |
+ No |
+
+
+ | Pro |
+ No |
+ No |
+
+
+ | Business |
+ No |
+ No |
+
+
+ | Enterprise |
+ Yes |
+ Yes |
+
+
+ | Education |
+ Yes |
+ Yes |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
+
+
+
+
+ADMX Info:
+- GP Friendly name: *Turn off Push To Install service*
+- GP name: *DisablePushToInstall*
+- GP path: *Windows Components\Push To Install*
+- GP ADMX file name: *PushToInstall.admx*
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 91a4c42484..719aa56b63 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -537,6 +537,8 @@ items:
href: policy-csp-admx-printing2.md
- name: ADMX_Programs
href: policy-csp-admx-programs.md
+ - name: ADMX_PushToInstall
+ href: policy-csp-admx-pushtoinstall.md
- name: ADMX_Reliability
href: policy-csp-admx-reliability.md
- name: ADMX_RemoteAssistance
From 792889b6e7774c3706369317654cf2a8b623d681 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Mon, 27 Sep 2021 17:43:50 +0530
Subject: [PATCH 07/38] Update policy-csp-admx-touchinput.md
---
windows/client-management/mdm/policy-csp-admx-touchinput.md | 2 --
1 file changed, 2 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 61f1751ef3..e5ddae159b 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -13,8 +13,6 @@ manager: dansimp
---
# Policy CSP - ADMX_TouchInput
-> [!WARNING]
-> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
From eb7a3e90be308b89390132003127536f69e9303e Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Wed, 29 Sep 2021 08:38:18 -0700
Subject: [PATCH 08/38] updating one file as a test
---
windows/deployment/update/waas-delivery-optimization.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index ab8834382a..423c1dc58e 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -21,7 +21,8 @@ ms.custom: seo-marvel-apr2020
**Applies to**
-- Windows 10
+- Windows 10
+- Windows 11
> **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
From 55cd2d95d797a9c18affdcbca11eea94e654cdc6 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Wed, 29 Sep 2021 08:58:58 -0700
Subject: [PATCH 09/38] remainder of Delivery Optimization updates
---
.../update/delivery-optimization-proxy.md | 5 +-
.../update/delivery-optimization-workflow.md | 4 +-
.../waas-delivery-optimization-reference.md | 11 ++-
.../waas-delivery-optimization-setup.md | 5 +-
.../update/waas-delivery-optimization.md | 77 +++----------------
5 files changed, 29 insertions(+), 73 deletions(-)
diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md
index 5e3fa30528..a03d3f5fb1 100644
--- a/windows/deployment/update/delivery-optimization-proxy.md
+++ b/windows/deployment/update/delivery-optimization-proxy.md
@@ -15,7 +15,10 @@ ms.topic: article
# Using a proxy with Delivery Optimization
-**Applies to**: Windows 10
+**Applies to**
+
+- Windows 10
+- Windows 11
When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls.
diff --git a/windows/deployment/update/delivery-optimization-workflow.md b/windows/deployment/update/delivery-optimization-workflow.md
index 4336f3ab23..4b2a35812c 100644
--- a/windows/deployment/update/delivery-optimization-workflow.md
+++ b/windows/deployment/update/delivery-optimization-workflow.md
@@ -17,8 +17,8 @@ ms.topic: article
**Applies to**
-- Windows 10
-- Windows 11
+- Windows 10
+- Windows 11
## Download request workflow
diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md
index df12b64c2c..47e7f5cd13 100644
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@@ -20,6 +20,7 @@ ms.custom: seo-marvel-apr2020
**Applies to**
- Windows 10
+- Windows 11
> **Looking for more Group Policy settings?** See the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
@@ -116,6 +117,9 @@ Download mode dictates which download sources clients are allowed to use when do
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
|Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using Configuration Manager. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. |
+> [!NOTE]
+> Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of Download Mode is no longer used.
+
>[!NOTE]
>Group mode is a best-effort optimization and should not be relied on for an authentication of identity of devices participating in the group.
@@ -160,7 +164,7 @@ In environments configured for Delivery Optimization, you might want to set an e
### Max Cache Size
-This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows 10 client device that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. The default value for this setting is 20.
+This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. The default value for this setting is 20.
### Absolute Max Cache Size
@@ -197,8 +201,9 @@ Starting in Windows 10, version 1803, specifies the maximum background download
Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
### Select a method to restrict peer selection
-Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option.
-Currently the only available option is **1 = Subnet mask**. The subnet mask option applies to both Download Modes LAN (1) and Group (2).
+Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2).
+
+When you set option 0, Delivery Optimization will find peers behind the same NAT (same public IP) but still prioritize same subnet peers. When you set option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). When GroupID mode is set, it will default to using the same subnet. If you want to use the GroupID across subnets, use the NAT option = 0.
### Delay background download from http (in secs)
Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md
index ef3f3040cc..b15133d690 100644
--- a/windows/deployment/update/waas-delivery-optimization-setup.md
+++ b/windows/deployment/update/waas-delivery-optimization-setup.md
@@ -2,7 +2,7 @@
title: Set up Delivery Optimization
ms.reviewer:
manager: laurawi
-description: In this article, learn how to set up Delivery Optimization, a new peer-to-peer distribution method in Windows 10.
+description: In this article, learn how to set up Delivery Optimization.
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
ms.prod: w10
ms.mktglfcycl: deploy
@@ -15,11 +15,12 @@ ms.topic: article
ms.custom: seo-marvel-apr2020
---
-# Set up Delivery Optimization for Windows 10 updates
+# Set up Delivery Optimization for Windows client updates
**Applies to**
- Windows 10
+- Windows 11
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 423c1dc58e..c6738e732c 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -1,5 +1,5 @@
---
-title: Delivery Optimization for Windows 10 updates
+title: Delivery Optimization for Windows client updates
manager: laurawi
description: This article provides information about Delivery Optimization, a peer-to-peer distribution method in Windows 10.
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
@@ -16,13 +16,12 @@ ms.topic: article
ms.custom: seo-marvel-apr2020
---
-# Delivery Optimization for Windows 10 updates
-
+# Delivery Optimization for Windows client updates
**Applies to**
-- Windows 10
-- Windows 11
+- Windows 10
+- Windows 11
> **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
@@ -30,44 +29,17 @@ Windows updates, upgrades, and applications can contain packages with very large
Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet.
-For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows 10 updates](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
+For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
>[!NOTE]
>WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead.
-## New in Windows 10, version 2004
+## New in Windows 10, version 20H2 and Windows 11
-- Enterprise network throttling: new settings have been added in Group Policy and mobile device management (MDM) to control foreground and background throttling as absolute values (Maximum Background Download Bandwidth in (in KB/s)). These settings are also available in the Windows user interface:
-
- 
-
-- Activity Monitor now identifies the cache server used for as the source for Microsoft Connected Cache. For more information about using Microsoft Connected Cache with Configuration Manager, see [Microsoft Connected Cache](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
-
-- New options for [`Get-DeliveryOptimizationPerfSnap`](waas-delivery-optimization-setup.md#analyze-usage).
-
-- New cmdlets:
- - `Enable-DeliveryOptimizationVerboseLogs`
- - `Disable-DeliveryOptimizationVerboseLogs`
- - `Get-DeliveryOptimizationLogAnalysis [ETL Logfile path] [-ListConnections]`
-
-- New policy settings:
- - [DOCacheHost](waas-delivery-optimization-reference.md#cache-server-hostname)
- - [DOCacheHostSource](waas-delivery-optimization-reference.md#cache-server-hostname-source)
- - [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs); replaces DOPercentageMaxDownloadBandwidth
- - [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs)
-
-- Removed policy settings (if you set these policies in Windows 10, 2004, they will have no effect):
- - DOMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) or [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead.
- - DOPercentageMaxDownloadBandwidth; use [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) or [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) instead.
- - DOMaxUploadBandwidth
-
-- Support for new types of downloads:
- - Office installs and updates
- - Xbox game pass games
- - MSIX apps (HTTP downloads only)
- - Microsoft Edge browser installations and updates
- - [Dynamic updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-benefits-of-windows-10-dynamic-update/ba-p/467847)
+- New peer selection options: Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). When you set Option 0, Delivery Optimization will find peers behind the same NAT (same public IP) but still prioritize same subnet peers. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). When GroupID mode is set, it will default to using the same subnet. If you want to use the GroupID across subnets, use the NAT option = 0.
+- Local Peer Discovery: a new option for **Restrict Peer Selection By** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID).
+- Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used.
## Requirements
@@ -83,8 +55,8 @@ The following table lists the minimum Windows 10 version that supports Delivery
| Download package | Minimum Windows version |
|------------------|---------------|
-| Windows 10 updates (feature updates and quality updates) | 1511 |
-| Windows 10 drivers | 1511 |
+| Windows client updates (feature updates and quality updates) | 1511 |
+| Windows client drivers | 1511 |
| Windows Store files | 1511 |
| Windows Store for Business files | 1511 |
| Windows Defender definition updates | 1511 |
@@ -101,7 +73,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
-In Windows 10 Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT, but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune.
+In Windows client Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT, but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune.
For more information, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md).
@@ -255,28 +227,3 @@ Check Delivery Optimization settings that could limit participation in peer cach
- Enable peer caching while the device connects using VPN.
- Allow uploads when the device is on battery while under the set battery level
-
-
-
-## Learn more
-
-[Windows 10, Delivery Optimization, and WSUS](/archive/blogs/mniehaus/windows-10-delivery-optimization-and-wsus-take-2)
-
-
-## Related articles
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
From b66eef7c0a7dff33412897185c7f9d095dca80f7 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Wed, 29 Sep 2021 09:10:48 -0700
Subject: [PATCH 10/38] removing view parameter per suggestion
---
windows/deployment/update/waas-delivery-optimization.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index c6738e732c..4909cdd452 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -215,7 +215,7 @@ Try a Telnet test between two devices on the network to ensure they can connect
2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run `telnet 192.168.9.17 7680` (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.
> [!NOTE]
-> You can also use [Test-NetConnection](/powershell/module/nettcpip/test-netconnection?view=windowsserver2019-ps) instead of Telnet to run the test.
+> You can also use [Test-NetConnection](/powershell/module/nettcpip/test-netconnection) instead of Telnet to run the test.
> **Test-NetConnection -ComputerName 192.168.9.17 -Port 7680**
### None of the computers on the network are getting updates from peers
From 9dd415335b8fc5a56e6bbe5b0f38cafd56855172 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Wed, 29 Sep 2021 14:31:35 -0700
Subject: [PATCH 11/38] safety commit
---
.../feature-update-maintenance-window.md | 4 +-
.../get-started-updates-channels-tools.md | 30 ++--
.../update/how-windows-update-works.md | 2 +-
.../deployment/update/plan-define-strategy.md | 17 +--
.../deployment/update/waas-configure-wufb.md | 72 ++++------
...aas-deployment-rings-windows-10-updates.md | 2 +
.../deployment/update/waas-integrate-wufb.md | 32 ++---
.../update/waas-manage-updates-wufb.md | 132 +++---------------
.../waas-optimize-windows-10-updates.md | 6 +-
windows/deployment/update/waas-overview.md | 131 +++++------------
windows/deployment/update/waas-quick-start.md | 43 ++----
...s-servicing-channels-windows-10-updates.md | 124 ++--------------
.../update/waas-servicing-differences.md | 1 +
...s-servicing-strategy-windows-10-updates.md | 43 ++----
windows/deployment/update/waas-wu-settings.md | 24 ++--
.../update/waas-wufb-group-policy.md | 44 ++----
windows/deployment/update/wufb-autoupdate.md | 2 +-
windows/deployment/update/wufb-basics.md | 1 +
.../update/wufb-compliancedeadlines.md | 110 +--------------
.../deployment/update/wufb-managedrivers.md | 2 +-
.../deployment/update/wufb-manageupdate.md | 2 +
windows/deployment/update/wufb-onboard.md | 1 +
22 files changed, 186 insertions(+), 639 deletions(-)
diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
index 771a7648f8..473abc5a46 100644
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ b/windows/deployment/update/feature-update-maintenance-window.md
@@ -13,7 +13,7 @@ ms.collection: M365-modern-desktop
ms.topic: article
ms.custom: seo-marvel-apr2020
---
-
+{DELETE}
# Deploy feature updates during maintenance windows
**Applies to**: Windows 10
@@ -105,7 +105,7 @@ or documentation, even if Microsoft has been advised of the possibility of such
```
> [!NOTE]
-> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
+> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for feature update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
## Manually deploy feature updates
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index b034e4e658..726454837e 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,5 +1,5 @@
---
-title: Windows 10 updates, channels, and tools
+title: Windows client updates, channels, and tools
description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
ms.prod: w10
@@ -12,7 +12,12 @@ manager: laurawi
ms.topic: article
---
-# Windows 10 updates, channels, and tools
+# Windows client updates, channels, and tools
+
+**Applies to**
+
+- Windows 10
+- Windows 11
## How Windows updates work
@@ -30,34 +35,31 @@ version of the software.
We include information here about many different update types you'll hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*.
-- **Feature updates:** Released twice per year, during the first half and second half of each calendar year. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
-- **Quality updates:** Quality updates deliver both security and non-security fixes to Windows 10. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
+- **Feature updates:** Released as soon as they become available. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
+- **Quality updates:** Quality updates deliver both security and non-security fixes. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
- **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates are not necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
- **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they are installed or not.
- **Microsoft product updates:** These update other Microsoft products, such as Office. You can enable or disable Microsoft updates by using policies controlled by various servicing tools.
-
## Servicing channels
-Windows 10 offers three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows 10 "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
+There are three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
-### Semi-annual Channel
+### General Availability Channel
-In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.
+In the General Availability Channel, feature updates are available as soon as Microsoft releases them. As long as a device isn't set to defer feature updates, any device in this channel will install a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
-> [!NOTE]
-> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
### Windows Insider Program for Business
Insider preview releases are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. There are actually three options within the Windows Insider Program for Business channel:
-- Windows Insider Fast
-- Windows Insider Slow
+- Windows Insider Dev
+- Windows Insider Beta
- Windows Insider Release Preview
We recommend that you use the Windows Insider Release Preview channel for validation activities.
@@ -67,10 +69,10 @@ We recommend that you use the Windows Insider Release Preview channel for valida
The **Long-Term Servicing Channel** is designed to be used only for specialized devices (which typically don't run Office) such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years. LTSB releases service a special LTSB edition of Windows 10 and are only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
-The Semi-Annual Channel is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each Windows 10 edition.
+The General Availability Channel is the default servicing channel for all Windows devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition.
-| Windows 10 edition | Semi-Annual Channel | Insider Program | Long-Term Servicing Channel |
+| Edition | General Availability Channel | Insider Program | Long-Term Servicing Channel |
| --- | --- | --- | --- |
| Home | | | |
| Pro |  |  | |
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 1cb0a47bf7..821586a7d8 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,6 +1,6 @@
---
title: How Windows Update works
-description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 devices.
+description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices.
ms.prod: w10
ms.mktglfcycl:
audience: itpro
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index c18d2b0576..289cffc216 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -14,6 +14,11 @@ ms.collection: m365initiative-coredeploy
# Define update strategy with a calendar
+**Applies to**
+
+- Windows 10
+- Windows 11
+
Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
@@ -21,7 +26,7 @@ Today, more organizations are treating deployment as a continual process of upda
Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
## Calendar approaches
-You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
+You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
### Annual
Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Manager and Microsoft 365 Apps release cycles:
@@ -38,14 +43,4 @@ This cadence might be most suitable for you if any of these conditions apply:
- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
-### Rapid
-This calendar shows an example schedule that installs each feature update as it is released, twice per year:
-[  ](images/rapid-calendar.png#lightbox)
-
-This cadence might be best for you if these conditions apply:
-
-- You have a strong appetite for change.
-- You want to continuously update supporting infrastructure and unlock new scenarios.
-- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
-- You have experience with feature updates for Windows 10.
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index d0c4ab43af..0c557a1ac6 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -1,5 +1,5 @@
---
-title: Configure Windows Update for Business (Windows 10)
+title: Configure Windows Update for Business
ms.reviewer:
manager: laurawi
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
@@ -19,13 +19,14 @@ ms.topic: article
**Applies to**
- Windows 10
+- Windows 11
- Windows Server 2016
- Windows Server 2019
+- Windows Server 2022
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
+You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
> [!IMPORTANT]
> Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
@@ -33,7 +34,7 @@ You can use Group Policy or your mobile device management (MDM) service to confi
## Start by grouping devices
-By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed in Windows 10. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization. For more information, see [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md).
+By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.
>[!TIP]
>In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/).
@@ -43,13 +44,13 @@ By grouping devices with similar deferral periods, administrators are able to cl
## Configure devices for the appropriate service channel
-With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the Semi-Annual Channel servicing branch. For more information on this servicing model, see [Windows 10 servicing options](waas-overview.md#servicing-channels).
+With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels).
**Release branch policies**
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
-| GPO for Windows 10, version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
+| GPO for Windows 10, version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when feature updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
| GPO for Windows 10, version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
| MDM for Windows 10, version 1607 or later: ../Vendor/MSFT/Policy/Config/Update/**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
| MDM for Windows 10, version 1511: ../Vendor/MSFT/Policy/Config/Update/**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
@@ -64,9 +65,9 @@ Starting with Windows 10, version 1703, users can configure the branch readiness
## Configure when devices receive feature updates
-After you configure the servicing branch (Windows Insider Preview or Semi-Annual Channel), you can then define if, and for how long, you would like to defer receiving Feature Updates following their availability from Microsoft on Windows Update. You can defer receiving these Feature Updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
+After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
-For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
+For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
@@ -74,7 +75,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
-| GPO for Windows 10, version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
+| GPO for Windows 10, version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when feature updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
| GPO for Windows 10, version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
| MDM for Windows 10, version 1607 and later: ../Vendor/MSFT/Policy/Config/Update/**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
| MDM for Windows 10, version 1511: ../Vendor/MSFT/Policy/Config/Update/**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
@@ -84,7 +85,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
## Pause feature updates
-You can also pause a device from receiving Feature Updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, you can then pause Feature Updates for the device again.
+You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again.
Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
@@ -98,20 +99,20 @@ In cases where the pause policy is first applied after the configured start date
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
-| GPO for Windows 10, version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
+| GPO for Windows 10, version 1607 or later: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when feature updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
| GPO for Windows 10, version 1511: Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
| MDM for Windows 10, version 1607 or later: ../Vendor/MSFT/Policy/Config/Update/**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
| MDM for Windows 10, version 1511: ../Vendor/MSFT/Policy/Config/Update/**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
-You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
+You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
-The local group policy editor (GPEdit.msc) will not reflect whether the Feature Update pause period has expired. Although the device will resume Feature Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking Feature Updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
+The local group policy editor (GPEdit.msc) will not reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
| Value | Status|
| --- | --- |
-| 0 | Feature Updates not paused |
-| 1 | Feature Updates paused |
-| 2 | Feature Updates have auto-resumed after being paused |
+| 0 | feature updates not paused |
+| 1 | feature updates paused |
+| 2 | feature updates have auto-resumed after being paused |
>[!NOTE]
>If not configured by policy, individual users can pause feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
@@ -122,9 +123,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
- Any pending update installations are canceled.
- Any update installation running when pause is activated will attempt to roll back.
-## Configure when devices receive Quality Updates
+## Configure when devices receive quality updates
-Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
+Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
@@ -160,15 +161,15 @@ In cases where the pause policy is first applied after the configured start date
| MDM for Windows 10, version 1607 or later: ../Vendor/MSFT/Policy/Config/Update/**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
| MDM for Windows 10, version 1511: ../Vendor/MSFT/Policy/Config/Update/**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
-You can check the date that quality Updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
+You can check the date that quality updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
-The local group policy editor (GPEdit.msc) will not reflect whether the quality Update pause period has expired. Although the device will resume quality Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
+The local group policy editor (GPEdit.msc) will not reflect whether the quality update pause period has expired. Although the device will resume quality updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
| Value | Status|
| --- | --- |
-| 0 | Quality Updates not paused |
-| 1 | Quality Updates paused |
-| 2 | Quality Updates have auto-resumed after being paused |
+| 0 | quality updates not paused |
+| 1 | quality updates paused |
+| 2 | quality updates have auto-resumed after being paused |
>[!NOTE]
>If not configured by policy, individual users can pause quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
@@ -193,8 +194,8 @@ The **Manage preview builds** setting gives administrators control over enabling
>* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds**
>* MDM: **System/AllowBuildPreview**
-The policy settings to **Select when Feature Updates are received** allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
-* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
+The policy settings to **Select when feature updates are received** allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
+* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and feature updates are received*
* MDM: **Update/BranchReadinessLevel**
## Exclude drivers from quality updates
@@ -216,7 +217,7 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
-| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709) 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709) 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709) 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel 32: systems take Feature Updates from Semi-Annual Channel Note: Other value or absent: receive all applicable updates |
+| BranchReadinessLevel | REG_DWORD | 2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709) 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709) 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709)Other value or absent: receive all applicable updates |
| DeferQualityUpdates | REG_DWORD | 1: defer quality updatesOther value or absent: don’t defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updatesOther value or absent: don’t pause quality updates |
@@ -230,7 +231,7 @@ The following are quick-reference tables of the supported policy values for Wind
| MDM Key | Key type | Value |
| --- | --- | --- |
-| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709) 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709) 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709) 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel 32: systems take Feature Updates from Semi-Annual Channel Note: Other value or absent: receive all applicable updates |
+| BranchReadinessLevel | REG_DWORD |2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709) 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709) 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709) 32: systems take feature updates from General Availability Channel Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updatesOther value or absent: don’t pause quality updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
@@ -253,20 +254,3 @@ When a device running a newer version sees an update available on Windows Update
| PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
| PauseQualityUpdates | PauseQualityUpdatesStartTime |
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
index 4070bb332d..fcb4115629 100644
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
@@ -12,6 +12,8 @@ ms.collection: M365-modern-desktop
ms.topic: article
---
+{DELETE ALTOGETHER??}
+
# Build deployment rings for Windows client updates
**Applies to**
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 6460401d70..b5d5e02b67 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -1,5 +1,5 @@
---
-title: Integrate Windows Update for Business (Windows 10)
+title: Integrate Windows Update for Business
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
ms.prod: w10
ms.mktglfcycl: manage
@@ -17,6 +17,7 @@ ms.topic: article
**Applies to**
- Windows 10
+- Windows 11
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
@@ -25,7 +26,7 @@ You can integrate Windows Update for Business deployments with existing manageme
## Integrate Windows Update for Business with Windows Server Update Services
-For Windows 10, version 1607, devices can now be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup:
+For Windows 10, version 1607 and later, devices can be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup:
- Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies
@@ -34,7 +35,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
**Configuration:**
-- Device is configured to defer Windows Quality Updates using Windows Update for Business
+- Device is configured to defer Windows quality updates using Windows Update for Business
- Device is also configured to be managed by WSUS
- Device is not configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled)
- Admin has opted to put updates to Office and other products on WSUS
@@ -46,11 +47,11 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
| Third-party drivers | WSUS | WSUS | No |
-### Configuration example \#2: Excluding drivers from Windows Quality Updates using Windows Update for Business
+### Configuration example \#2: Excluding drivers from Windows quality updates using Windows Update for Business
**Configuration:**
-- Device is configured to defer Windows Quality Updates and to exclude drivers from Windows Update Quality Updates (**ExcludeWUDriversInQualityUpdate** = enabled)
+- Device is configured to defer Windows quality updates and to exclude drivers from Windows Update quality updates (**ExcludeWUDriversInQualityUpdate** = enabled)
- Device is also configured to be managed by WSUS
- Admin has opted to put Windows Update drivers on WSUS
@@ -66,7 +67,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
**Configuration:**
-- Device is configured to defer Quality Updates using Windows Update for Business and to be managed by WSUS
+- Device is configured to defer quality updates using Windows Update for Business and to be managed by WSUS
- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
@@ -86,26 +87,9 @@ In this example, the deferral behavior for updates to Office and other non-Windo
## Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
-For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (i.e. setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
+For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
-- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
\ No newline at end of file
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 850d6cec44..dea3bbba22 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -1,5 +1,5 @@
---
-title: Windows Update for Business (Windows 10)
+title: Windows Update for Business
ms.reviewer:
manager: laurawi
description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
@@ -18,14 +18,15 @@ ms.custom: seo-marvel-apr2020
**Applies to**
- Windows 10
+- Windows 11
-Windows Update for Business is a free service that is available for all premium editions including Windows 10 Pro, Enterprise, Pro for Workstation, and Education editions.
+Windows Update for Business is a free service that is available for all premium editions including Windows 10 and Windows 11 Pro, Enterprise, Pro for Workstation, and Education editions.
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated.
+Windows Update for Business enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
@@ -46,7 +47,7 @@ Windows Update for Business enables an IT administrator to receive and manage a
Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
-- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
+- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available.
- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
- **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
@@ -62,16 +63,15 @@ You can defer or pause the installation of updates for a set period of time.
The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
-- Windows Insider Fast
-- Windows Insider Slow
-- Windows Insider Release Preview
-- Semi-Annual Channel
+- Windows Insider Dev
+- Windows Insider Beta
+- Windows Insider Preview
+- General Availability Channel
-Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
#### Defer an update
-A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy.
+A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
|Category |Maximum deferral period |
@@ -88,7 +88,7 @@ A Windows Update for Business administrator can defer the installation of both f
If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
-To pause feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
+To pause feature updates, use the **Select when Preview Builds and feature updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
Built-in benefits:
When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
@@ -97,10 +97,10 @@ When updating from Windows Update, you get the added benefits of built-in compat
For the best experience with Windows Update, follow these guidelines:
-- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
-- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
-- Make sure that devices have at least 10 GB of free space.
-- Give devices unobstructed access to the Windows Update service.
+- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
+- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
+- Make sure that devices have at least 10 GB of free space.
+- Give devices unobstructed access to the Windows Update service.
### Manage the end-user experience when receiving Windows Updates
@@ -110,9 +110,9 @@ Windows Update for Business provides controls to help meet your organization’s
Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
-1. Automatically download, install, and restart (default if no restart policies are set up or enabled)
-2. Use the default notifications
-3. Set update deadlines
+1. Automatically download, install, and restart (default if no restart policies are set up or enabled).
+2. Use the default notifications.
+3. Set update deadlines.
##### Setting deadlines
@@ -121,101 +121,11 @@ A compliance deadline policy (released in June 2019) enables you to set separate
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
#### Update Baseline
-The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
+
+The large number of different policies offered can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
>[!NOTE]
->The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when.
+>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -128,40 +168,148 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -174,22 +322,22 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
-
-
-
+
+
+
+
+
+
+
-
+
-
-
-
-
-
+
@@ -225,7 +373,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
-
+
@@ -247,17 +395,26 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
+
+
+
+
+
+
+
+
+
-
+
@@ -288,6 +445,42 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -304,10 +497,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
-
+
@@ -315,118 +508,273 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
@@ -441,7 +789,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
- 10.0.19565.0
+ 10.0.22417.0
From 8fc109633f3cd9c169ce109940b520df8101632c Mon Sep 17 00:00:00 2001
From: Jordan Geurten
Date: Thu, 30 Sep 2021 09:39:22 -0700
Subject: [PATCH 14/38] Microsoft criteria for driver blocks have been updated.
WDSI driver submission page is now linked too.
---
.../microsoft-recommended-driver-block-rules.md | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index c749cb9925..f99fbc4154 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -33,10 +33,15 @@ Microsoft has strict requirements for code running in kernel. So, malicious acto
- Hypervisor-protected code integrity (HVCI) enabled devices
- Windows 10 in S mode (S mode) devices
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+The vulnerable driver blocklist is designed to harden systems against 3rd party-developed drivers across the Windows ecosystem with any of the following:
-> [!Note]
-> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It's recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode.
+- Known security vulnerabilities which can be exploited by attackers to elevate privileges in the Windows kernel
+- Malicious behaviors (i.e. malware) or certificates used to sign malware
+- Behaviors which are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
+
+Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/wdsi/driversubmission).
+
+Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
```xml
From d05ee01ec09c6cf068f99c5586948bd2f7343f85 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Thu, 30 Sep 2021 10:00:20 -0700
Subject: [PATCH 15/38] updates from Aria
---
windows/whats-new/windows-11-plan.md | 4 +---
windows/whats-new/windows-11-prepare.md | 12 +++++-------
2 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index 2aebecdb11..fe62d280f3 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.author: greglin
-ms.date: 08/18/2021
ms.reviewer:
manager: laurawi
ms.localizationpriority: high
@@ -57,8 +56,7 @@ If you manage devices on behalf of your organization, you will be able to upgrad
- Additional insight into safeguard holds. While safeguard holds will function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business will have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11.
> [!NOTE]
-> If you use Windows Update for Business to manage feature update deployments today, you will need to leverage the **Target Version** policy rather than **Feature Update deferrals** to move from Windows 10 to Windows 11. Deferrals are great for quality updates or to move to newer version of the same product (from example, from Windows 10, version 20H2 to 21H1), but they cannot migrate a device between products (from Windows 10 to Windows 11).
-> Also, Windows 11 has a new End User License Agreement. If you are deploying with Windows Update for Business **Target Version** or with Windows Server Update Services, you are accepting this new End User License Agreement on behalf of the end-users within your organization.
+> Also, Windows 11 has new Microsoft Software License Terms. If you are deploying with Windows Update for Business **Target Version** or with Windows Server Update Services, you are accepting these new license terms on behalf of the users in your organization.
##### Unmanaged devices
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index da063c4529..45613110e8 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.author: greglin
-ms.date: 09/03/2021
ms.reviewer:
manager: laurawi
ms.localizationpriority: high
@@ -41,16 +40,15 @@ The tools that you use for core workloads during Windows 10 deployments can stil
- If you use [Microsoft Endpoint Configuration Manager](/mem/configmgr/), you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
> [!NOTE]
- > Configuration Manager will prompt you to accept the End User License Agreement on behalf of the users in your organization.
+ > Configuration Manager will prompt you to accept the Microsoft Software License Terms on behalf of the users in your organization.
#### Cloud-based solutions
-- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1, but do not enable you to move between products (Windows 10 to Windows 11).
+- If you use Windows Update for Business policies, you will need to use the **Target Version** capability (either through policy or the Windows Update for Business deployment service) rather than using feature update deferrals alone to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but won't automatically devices move between products (Windows 10 to Windows 11).
- In Group Policy, **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**.
- - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product.
- - For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version.
-- Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
+ - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version. If you use deferrals today in Group Policy, your devices will continue to get the latest feature update of Windows 10 once it has reached your specified deferral age, but will not be offered Windows 11 until you specify this by using the **Select target Feature Update version** policy. Your deferrals will continue to apply in this case as well.
+- Quality update deferrals and experience policies will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
+- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use the [feature update deployments](/mem/intune/protect/windows-10-feature-updates) page to select **Windows 11, version 21H2** and upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11 on the **Update Rings** page in Intune. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
## Cloud-based management
From 88ae0df07a1411380e2ccbaa3cac9b949b9a790d Mon Sep 17 00:00:00 2001
From: Jordan Geurten
Date: Thu, 30 Sep 2021 10:00:45 -0700
Subject: [PATCH 16/38] Fixed broken link by hardcoding locale
---
.../microsoft-recommended-driver-block-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index f99fbc4154..f88525d4c9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -39,7 +39,7 @@ The vulnerable driver blocklist is designed to harden systems against 3rd party-
- Malicious behaviors (i.e. malware) or certificates used to sign malware
- Behaviors which are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
-Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/wdsi/driversubmission).
+Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission).
Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
From 8262dc1a01114e630db17c31995c250e7993f9c3 Mon Sep 17 00:00:00 2001
From: Jason Sandys <63433304+jasonsandys-microsoft@users.noreply.github.com>
Date: Thu, 30 Sep 2021 12:19:58 -0500
Subject: [PATCH 17/38] Update windows-11-prepare.md
Updated URLs.
---
windows/whats-new/windows-11-prepare.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index d46c11a3bc..77d94ff64c 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -53,7 +53,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
> [!NOTE]
- > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](../client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](../deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy.
+ > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](../../client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](../../deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy.
## Cloud-based management
From d525240ca25c763092f1f2f58434e458000f75e8 Mon Sep 17 00:00:00 2001
From: Jason Sandys <63433304+jasonsandys-microsoft@users.noreply.github.com>
Date: Thu, 30 Sep 2021 12:43:39 -0500
Subject: [PATCH 18/38] Update windows-11-prepare.md
Further URL tweaks.
---
windows/whats-new/windows-11-prepare.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 77d94ff64c..256ab8439e 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -53,7 +53,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
> [!NOTE]
- > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](../../client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](../../deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy.
+ > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy.
## Cloud-based management
From 230d4b44eb56335887421d9e12b684638e3de12f Mon Sep 17 00:00:00 2001
From: Jordan Geurten
Date: Thu, 30 Sep 2021 10:45:11 -0700
Subject: [PATCH 19/38] Added info about disputing blocks and addressed
Acrolinx issues
---
.../microsoft-recommended-driver-block-rules.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index f88525d4c9..2339453f16 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -28,20 +28,20 @@ ms.date:
>[!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
+Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
- Hypervisor-protected code integrity (HVCI) enabled devices
- Windows 10 in S mode (S mode) devices
-The vulnerable driver blocklist is designed to harden systems against 3rd party-developed drivers across the Windows ecosystem with any of the following:
+The vulnerable driver blocklist is designed to harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
-- Known security vulnerabilities which can be exploited by attackers to elevate privileges in the Windows kernel
-- Malicious behaviors (i.e. malware) or certificates used to sign malware
-- Behaviors which are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
+- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
+- Malicious behaviors (malware) or certificates used to sign malware
+- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
-Drivers can be submitted by IHVs, OEMs and Windows customers to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission).
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To dispute a block or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article.
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
```xml
From d8ec34075d74d4890aaa77e848304ba61d9f5c7b Mon Sep 17 00:00:00 2001
From: Jordan Geurten
Date: Thu, 30 Sep 2021 10:50:33 -0700
Subject: [PATCH 20/38] Update microsoft-recommended-driver-block-rules.md
---
.../microsoft-recommended-driver-block-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 2339453f16..886064a829 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -39,7 +39,7 @@ The vulnerable driver blocklist is designed to harden systems against third part
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
-Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To dispute a block or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article.
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article.
Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
From e760c0de5198708ca8b71ac48619505e25e41549 Mon Sep 17 00:00:00 2001
From: Jordan Geurten
Date: Thu, 30 Sep 2021 10:55:11 -0700
Subject: [PATCH 21/38] removed en-us locale from wdsi link
---
.../microsoft-recommended-driver-block-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 886064a829..3d1e37428f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -39,7 +39,7 @@ The vulnerable driver blocklist is designed to harden systems against third part
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
-Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/en-us/wdsi) or submit feedback on this article.
+Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article.
Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
From d62cff733f3cf9eedb58c7208ec56e1912f53148 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 1 Oct 2021 12:01:01 +0530
Subject: [PATCH 22/38] Updated
---
.../client-management/mdm/policy-csp-admx-errorreporting.md | 1 -
windows/client-management/mdm/policy-csp-admx-eventlog.md | 3 ++-
.../client-management/mdm/policy-csp-admx-previousversions.md | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 05786ce5b4..ddb1aea9f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -906,7 +906,6 @@ If you enable this policy setting, WER does not throttle data; that is, WER uplo
If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.
-> [!TIP]
ADMX Info:
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index e5bb236763..acc2191553 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -1505,7 +1505,8 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_4**
+**ADMX_EventLog/Channel_Log_Retention_4**
+
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index b129567b19..3065cc6777 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -40,7 +40,7 @@ manager: dansimp
ADMX_PreviousVersions/DisableRemotePage_2
-
- ADMX_PreviousVersions/HideBackupEntries_1/a>
+ ADMX_PreviousVersions/HideBackupEntries_1/
-
ADMX_PreviousVersions/HideBackupEntries_2
From f4809eb3e7efd82b3f84ef682015fe5306b7dcd8 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 09:11:18 -0700
Subject: [PATCH 23/38] rearranging
---
windows/whats-new/windows-11-plan.md | 4 ++--
windows/whats-new/windows-11-prepare.md | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index fe62d280f3..887ec75b0d 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -38,7 +38,7 @@ If you are looking for ways to optimize your approach to deploying Windows 11, o
As a first step, you will need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it is compatible.
-Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, end-users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. End-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.
+Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. End-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.
Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions.
@@ -56,7 +56,7 @@ If you manage devices on behalf of your organization, you will be able to upgrad
- Additional insight into safeguard holds. While safeguard holds will function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business will have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11.
> [!NOTE]
-> Also, Windows 11 has new Microsoft Software License Terms. If you are deploying with Windows Update for Business **Target Version** or with Windows Server Update Services, you are accepting these new license terms on behalf of the users in your organization.
+> Also, Windows 11 has new Microsoft Software License Terms. If you are deploying with Windows Update for Business or Windows Server Update Services, you are accepting these new license terms on behalf of the users in your organization.
##### Unmanaged devices
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 45613110e8..c030667b92 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -45,10 +45,11 @@ The tools that you use for core workloads during Windows 10 deployments can stil
#### Cloud-based solutions
- If you use Windows Update for Business policies, you will need to use the **Target Version** capability (either through policy or the Windows Update for Business deployment service) rather than using feature update deferrals alone to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but won't automatically devices move between products (Windows 10 to Windows 11).
+ - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use the [feature update deployments](/mem/intune/protect/windows-10-feature-updates) page to select **Windows 11, version 21H2** and upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11 on the **Update Rings** page in Intune. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
- In Group Policy, **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**.
- The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version. If you use deferrals today in Group Policy, your devices will continue to get the latest feature update of Windows 10 once it has reached your specified deferral age, but will not be offered Windows 11 until you specify this by using the **Select target Feature Update version** policy. Your deferrals will continue to apply in this case as well.
- Quality update deferrals and experience policies will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies.
-- If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use the [feature update deployments](/mem/intune/protect/windows-10-feature-updates) page to select **Windows 11, version 21H2** and upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11 on the **Update Rings** page in Intune. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11.
+
## Cloud-based management
From 208e82cb14f56a93688edcc1e630b652617fb809 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 09:25:35 -0700
Subject: [PATCH 24/38] cleaning up some terminology
---
windows/whats-new/windows-11-plan.md | 4 ++--
windows/whats-new/windows-11-prepare.md | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index 887ec75b0d..7841ae8015 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -38,7 +38,7 @@ If you are looking for ways to optimize your approach to deploying Windows 11, o
As a first step, you will need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it is compatible.
-Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. End-users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.
+Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. Users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they are eligible for the upgrade.
Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions.
@@ -83,7 +83,7 @@ The introduction of Windows 11 is also a good time to review your hardware refre
## Servicing and support
-Along with end-user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback.
+Along with user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback.
**Quality updates**: Windows 11 and Windows 10 devices will receive regular monthly quality updates to provide security updates and bug fixes.
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index c030667b92..7e584d2ea8 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -35,7 +35,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
- If you use [Windows Server Update Service (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), you will need to sync the new **Windows 11** product category. After you sync the product category, you will see Windows 11 offered as an option. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
> [!NOTE]
- > During deployment, you will be prompted to agree to the End User License Agreement on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
+ > During deployment, you will be prompted to agree to the Microsoft Software License Terms on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
- If you use [Microsoft Endpoint Configuration Manager](/mem/configmgr/), you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.
@@ -53,7 +53,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
## Cloud-based management
-If you aren’t already taking advantage of cloud-based management capabilities, like those available in [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting end-user privacy.
+If you aren’t already taking advantage of cloud-based management capabilities, like those available in [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting user privacy.
The following are some common use cases and the corresponding Microsoft Endpoint Manager capabilities that support them:
@@ -112,9 +112,9 @@ At a high level, the tasks involved are:
6. Test and support the pilot devices.
7. Determine broad deployment readiness based on the results of the pilot.
-## End-user readiness
+## User readiness
-Do not overlook the importance of end-user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They will also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and your IT support staff Windows 11:
+Do not overlook the importance of user readiness to deliver an effective, enterprise-wide deployment of Windows 11. Windows 11 has a familiar design, but your users will see several enhancements to the overall user interface. They will also need to adapt to changes in menus and settings pages. Therefore, consider the following tasks to prepare users and your IT support staff Windows 11:
- Create a communications schedule to ensure that you provide the right message at the right time to the right groups of users, based on when they will see the changes.
- Draft concise emails that inform users of what changes they can expect to see. Offer tips on how to use or customize their experience. Include information about support and help desk options.
- Update help desk manuals with screenshots of the new user interface, the out-of-box experience for new devices, and the upgrade experience for existing devices.
From 3aaf95e6884c10faf392f96ee2059af44c1da9e1 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 10:18:02 -0700
Subject: [PATCH 25/38] safety/checkpoint commit
---
windows/deployment/TOC.yml | 8 ++++----
windows/deployment/update/index.md | 7 ++++---
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 18817d1d38..2780fe7507 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -15,7 +15,7 @@
href: update/quality-updates.md
- name: Basics of Windows updates, channels, and tools
href: update/get-started-updates-channels-tools.md
- - name: Servicing the Windows 10 operating system
+ - name: Prepare servicing strategy for Windows client updates
href: update/waas-servicing-strategy-windows-10-updates.md
- name: Deployment proof of concept
@@ -47,7 +47,7 @@
href: update/plan-determine-app-readiness.md
- name: Define your servicing strategy
href: update/plan-define-strategy.md
- - name: Delivery Optimization for Windows 10 updates
+ - name: Delivery Optimization for Windows client updates
href: update/waas-delivery-optimization.md
items:
- name: Using a proxy with Delivery Optimization
@@ -85,9 +85,9 @@
href: update/update-policies.md
- name: Update Baseline
href: update/update-baseline.md
- - name: Set up Delivery Optimization for Windows 10 updates
+ - name: Set up Delivery Optimization for Windows client updates
href: update/waas-delivery-optimization-setup.md
- - name: Configure BranchCache for Windows 10 updates
+ - name: Configure BranchCache for Windows client updates
href: update/waas-branchcache.md
- name: Prepare your deployment tools
items:
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index 3f72fde718..08592c252b 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -1,6 +1,6 @@
---
-title: Update Windows 10 in enterprise deployments (Windows 10)
-description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows 10.
+title: Update Windows client in enterprise deployments
+description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client.
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo
@@ -10,12 +10,13 @@ ms.author: jaimeo
ms.topic: article
---
-# Update Windows 10 in enterprise deployments
+# Update Windows client in enterprise deployments
**Applies to**
- Windows 10
+- Windows 11
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
From 62161ac658eed9a50b620d38f4ab29922ef73c69 Mon Sep 17 00:00:00 2001
From: Jordan Geurten
Date: Fri, 1 Oct 2021 10:42:43 -0700
Subject: [PATCH 26/38] Added "help" harden systems
---
.../microsoft-recommended-driver-block-rules.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 3d1e37428f..4e5251d27d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -33,7 +33,7 @@ Microsoft has strict requirements for code running in kernel. So, malicious acto
- Hypervisor-protected code integrity (HVCI) enabled devices
- Windows 10 in S mode (S mode) devices
-The vulnerable driver blocklist is designed to harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
+The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behaviors (malware) or certificates used to sign malware
From 959e157f6d254b40c3976c5ae9d0c8b0564a9f81 Mon Sep 17 00:00:00 2001
From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com>
Date: Fri, 1 Oct 2021 23:56:08 +0530
Subject: [PATCH 27/38] Update policy-csp-admx-previousversions.md
---
.../client-management/mdm/policy-csp-admx-previousversions.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 3065cc6777..64a89c8ccf 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -40,7 +40,7 @@ manager: dansimp
ADMX_PreviousVersions/DisableRemotePage_2
-
- ADMX_PreviousVersions/HideBackupEntries_1/
+ ADMX_PreviousVersions/HideBackupEntries_1
-
ADMX_PreviousVersions/HideBackupEntries_2
From eb99a3d49e0b6494bc1bcda408df2e6aedb85a23 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 11:50:27 -0700
Subject: [PATCH 28/38] clean up TOC and redirects
---
.openpublishing.redirection.json | 55 ++++
windows/deployment/TOC.yml | 32 +-
.../change-history-for-update-windows-10.md | 51 ----
.../update/feature-update-conclusion.md | 25 --
.../feature-update-maintenance-window.md | 264 ----------------
.../update/feature-update-mission-critical.md | 44 ---
windows/deployment/update/index.md | 22 +-
.../update/waas-servicing-differences.md | 127 --------
...s-servicing-strategy-windows-10-updates.md | 42 ---
windows/deployment/update/waas-wufb-intune.md | 285 ------------------
windows/deployment/update/wufb-autoupdate.md | 37 ---
windows/deployment/update/wufb-basics.md | 31 --
.../deployment/update/wufb-managedrivers.md | 68 -----
.../deployment/update/wufb-manageupdate.md | 61 ----
windows/deployment/update/wufb-onboard.md | 48 ---
.../deployment/windows-10-missing-fonts.md | 18 +-
16 files changed, 87 insertions(+), 1123 deletions(-)
delete mode 100644 windows/deployment/update/change-history-for-update-windows-10.md
delete mode 100644 windows/deployment/update/feature-update-conclusion.md
delete mode 100644 windows/deployment/update/feature-update-maintenance-window.md
delete mode 100644 windows/deployment/update/feature-update-mission-critical.md
delete mode 100644 windows/deployment/update/waas-servicing-differences.md
delete mode 100644 windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
delete mode 100644 windows/deployment/update/waas-wufb-intune.md
delete mode 100644 windows/deployment/update/wufb-autoupdate.md
delete mode 100644 windows/deployment/update/wufb-basics.md
delete mode 100644 windows/deployment/update/wufb-managedrivers.md
delete mode 100644 windows/deployment/update/wufb-manageupdate.md
delete mode 100644 windows/deployment/update/wufb-onboard.md
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 00a95b4582..49a449abe6 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18959,6 +18959,61 @@
"source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
"redirect_url": "/windows/security/",
"redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": true
+ },
+ {
+ "source_path": "windows/deployment/update/waas-servicing-differences.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_document_id": false
}
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index a91592e726..78c5ebcab3 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -54,8 +54,6 @@
href: update/delivery-optimization-proxy.md
- name: Delivery Optimization client-service communication
href: update/delivery-optimization-workflow.md
- - name: Best practices for feature updates on mission-critical devices
- href: update/feature-update-mission-critical.md
- name: Windows 10 deployment considerations
href: planning/windows-10-deployment-considerations.md
- name: Windows 10 infrastructure requirements
@@ -79,7 +77,7 @@
items:
- name: Prepare for Windows 11
href: /windows/whats-new/windows-11-prepare
- - name: Prepare to deploy Windows 10 updates
+ - name: Prepare to deploy Windows client updates
href: update/prepare-deploy-windows.md
- name: Evaluate and update infrastructure
href: update/update-policies.md
@@ -97,8 +95,6 @@
href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
- name: Build a successful servicing strategy
items:
- - name: Build deployment rings for Windows 10 updates
- href: update/waas-deployment-rings-windows-10-updates.md
- name: Check release health
href: update/check-release-health.md
- name: Prepare updates using Windows Update for Business
@@ -142,7 +138,7 @@
href: vda-subscription-activation.md
- name: Deploy Windows 10/11 Enterprise licenses
href: deploy-enterprise-licenses.md
- - name: Deploy Windows 10 updates
+ - name: Deploy Windows client updates
items:
- name: Assign devices to servicing channels
href: update/waas-servicing-channels-windows-10-updates.md
@@ -154,20 +150,18 @@
href: update/waas-manage-updates-wsus.md
- name: Deploy updates with Group Policy
href: update/waas-wufb-group-policy.md
- - name: Update Windows 10 media with Dynamic Update
+ - name: Update Windows client media with Dynamic Update
href: update/media-dynamic-update.md
- name: Migrating and acquiring optional Windows content
href: update/optional-content.md
- name: Safeguard holds
href: update/safeguard-holds.md
- - name: Manage the Windows 10 update experience
+ - name: Manage the Windows client update experience
items:
- name: Manage device restarts after updates
href: update/waas-restart.md
- name: Manage additional Windows Update settings
href: update/waas-wu-settings.md
- - name: Deploy feature updates during maintenance windows
- href: update/feature-update-maintenance-window.md
- name: Deploy feature updates for user-initiated installations
href: update/feature-update-user-install.md
- name: Use Windows Update for Business
@@ -189,7 +183,7 @@
href: update/waas-wufb-group-policy.md
- name: 'Walkthrough: use Intune to configure Windows Update for Business'
href: update/deploy-updates-intune.md
- - name: Monitor Windows 10 updates
+ - name: Monitor Windows client updates
items:
- name: Monitor Delivery Optimization
href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
@@ -238,7 +232,7 @@
items:
- name: Resolve upgrade errors
items:
- - name: Resolve Windows 10 upgrade errors
+ - name: Resolve Windows client upgrade errors
href: upgrade/resolve-windows-10-upgrade-errors.md
- name: Quick fixes
href: upgrade/quick-fixes.md
@@ -254,7 +248,7 @@
href: upgrade/log-files.md
- name: Resolution procedures
href: upgrade/resolution-procedures.md
- - name: Submit Windows 10 upgrade errors
+ - name: Submit Windows client upgrade errors
href: upgrade/submit-errors.md
- name: Troubleshoot Windows Update
items:
@@ -275,9 +269,9 @@
items:
- name: How does Windows Update work?
href: update/how-windows-update-works.md
- - name: Windows 10 upgrade paths
+ - name: Windows client upgrade paths
href: upgrade/windows-10-upgrade-paths.md
- - name: Windows 10 edition upgrade
+ - name: Windows client edition upgrade
href: upgrade/windows-10-edition-upgrades.md
- name: Deploy Windows 10 with Microsoft 365
href: deploy-m365.md
@@ -289,11 +283,11 @@
href: update/waas-wu-settings.md
- name: Delivery Optimization reference
href: update/waas-delivery-optimization-reference.md
- - name: Windows 10 in S mode
+ - name: Windows client in S mode
href: s-mode.md
- - name: Switch to Windows 10 Pro or Enterprise from S mode
+ - name: Switch to Windows client Pro or Enterprise from S mode
href: windows-10-pro-in-s-mode.md
- - name: Windows 10 deployment tools
+ - name: Windows client deployment tools
items:
- name: Windows client deployment scenarios and tools
items:
@@ -580,5 +574,5 @@
- name: "Appendix: Information sent to Microsoft during activation "
href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
- - name: Install fonts in Windows 10
+ - name: Install fonts in Windows client
href: windows-10-missing-fonts.md
diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md
deleted file mode 100644
index 1f326784c8..0000000000
--- a/windows/deployment/update/change-history-for-update-windows-10.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: Change history for Update Windows 10 (Windows 10)
-description: This topic lists new and updated topics in the Update Windows 10 documentation for Windows 10.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-author: jaimeo
-ms.author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-
-# Change history for Update Windows 10
-
-This topic lists new and updated topics in the [Update Windows 10](index.md) documentation for [Deploy and Update Windows 10](/windows/deployment).
-
->If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
-
-## September 2018
-
-| New or changed topic | Description |
-| --- | --- |
-| [Get started with Windows Update](windows-update-overview.md) | New |
-
-
-## RELEASE: Windows 10, version 1709
-
-The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update).
-
-## September 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Olympia Corp](olympia/olympia-enrollment-guidelines.md) | New |
-
-## July 2017
-
-All topics were updated to reflect the new [naming changes](waas-overview.md#naming-changes).
-
-## May 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Manage additional Windows Update settings](waas-wu-settings.md) | New |
-
-## RELEASE: Windows 10, version 1703
-
-The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:
-* [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started)
-* [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-register)
\ No newline at end of file
diff --git a/windows/deployment/update/feature-update-conclusion.md b/windows/deployment/update/feature-update-conclusion.md
deleted file mode 100644
index d8206d5491..0000000000
--- a/windows/deployment/update/feature-update-conclusion.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Best practices for feature updates - conclusion
-description: This article includes final thoughts about how to deploy and stay up-to-date with Windows 10 feature updates.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.localizationpriority: medium
-ms.author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
-ms.custom: seo-marvel-apr2020
----
-
-# Conclusion
-
-**Applies to**: Windows 10
-
-Mission critical devices that need to be online 24x7 pose unique challenges for the IT Pro looking to stay current with the latest Windows 10 feature update. Because these devices are online continually, providing mission critical services, with only a small window of time available to apply feature updates, specific procedures are required to effectively keep these devices current, with as little downtime as possible.
-
-Whether you have defined servicing windows at your disposal where feature updates can be installed automatically, or you require user initiated installs by a technician, this whitepaper provides guidelines for either approach. Improvements are continually being made to Windows 10 setup to reduce device offline time for feature updates. This whitepaper will be updated as enhancements become available to improve the overall servicing approach and experience.
-
diff --git a/windows/deployment/update/feature-update-maintenance-window.md b/windows/deployment/update/feature-update-maintenance-window.md
deleted file mode 100644
index 473abc5a46..0000000000
--- a/windows/deployment/update/feature-update-maintenance-window.md
+++ /dev/null
@@ -1,264 +0,0 @@
----
-title: Best practices - deploy feature updates during maintenance windows
-description: Learn how to configure maintenance windows and how to deploy feature updates during a maintenance window.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-author: jaimeo
-ms.localizationpriority: medium
-ms.author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
-ms.custom: seo-marvel-apr2020
----
-{DELETE}
-# Deploy feature updates during maintenance windows
-
-**Applies to**: Windows 10
-
-Use the following information to deploy feature updates during a maintenance window.
-
-## Get ready to deploy feature updates
-
-### Step 1: Configure maintenance windows
-
-1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
-2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
-3. On the **Home** tab, in the **Properties** group, choose **Properties**.
-4. In the **Maintenance Windows** tab of the `` Properties dialog box, choose the New icon.
-5. Complete the `` Schedule dialog.
-6. Select from the Apply this schedule to drop-down list.
-7. Choose **OK** and then close the **\ Properties** dialog box.
-
-### Step 2: Review computer restart device settings
-
-If you're not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration.
-
-For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
-
->[!NOTE]
-> The following settings must be shorter in duration than the shortest maintenance window applied to the computer.
->- **Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes).**
->- **Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes).**
-
-### Step 3: Enable Peer Cache
-
-Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
-
-[Enable Configuration Manager client in full OS to share content](/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update).
-
-### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
-
-If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
-
-**%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini**
-
-```
-[SetupConfig]
-Priority=Normal
-```
-
-You can use the new [Run Scripts](/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices.
-
-```powershell
-#Parameters
-Param(
- [string] $PriorityValue = "Normal"
- )
-
-#Variable for ini file path
-$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
-
-#Variables for SetupConfig
-$iniSetupConfigSlogan = "[SetupConfig]"
-$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
-
-#Init SetupConfig content
-$iniSetupConfigContent = @"
-$iniSetupConfigSlogan
-"@
-
-#Build SetupConfig content with settings
-foreach ($k in $iniSetupConfigKeyValuePair.Keys)
-{
- $val = $iniSetupConfigKeyValuePair[$k]
-
- $iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
-}
-
-#Write content to file
-New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
-
-<#
-Disclaimer
-Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is
-provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without
-limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk
-arising out of the use or performance of the sample script and documentation remains with you. In no event shall
-Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable
-for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption,
-loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script
-or documentation, even if Microsoft has been advised of the possibility of such damages.
-#>
-```
-
-> [!NOTE]
-> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for feature update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
-
-## Manually deploy feature updates
-
-The following sections provide the steps to manually deploy a feature update.
-
-### Step 1: Specify search criteria for feature updates
-There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy.
-
-1. In the Configuration Manager console, click **Software Library**.
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
-3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
- - In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
- - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
-
-4. Save the search for future use.
-
-### Step 2: Download the content for the feature updates
-Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
-
-1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
-2. Choose the **feature update(s)** to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
-
- The **Download Software Updates Wizard** opens.
-3. On the **Deployment Package** page, configure the following settings:
- **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
- - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
- - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
- - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
-
- > [!NOTE]
- > The deployment package source location that you specify cannot be used by another software deployment package.
-
- > [!IMPORTANT]
- > The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
-
- > [!IMPORTANT]
- > You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
-
- Click **Next**.
-4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
-
- > [!NOTE]
- > The Distribution Points page is available only when you create a new software update deployment package.
-5. On the **Distribution Settings** page, specify the following settings:
-
- - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
- - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
- - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
- - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
- - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
- - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
-
- For more information about prestaging content to distribution points, see [Use Prestaged content](/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
- Click **Next**.
-6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
-
- - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
- - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
-
- > [!NOTE]
- > When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
-
- Click **Next**.
-7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
-8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
-9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
-
-#### To monitor content status
-1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
-2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
-3. Select the feature update package that you previously identified to download the feature updates.
-4. On the **Home** tab, in the Content group, click **View Status**.
-
-### Step 3: Deploy the feature update(s)
-After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
-
-1. In the Configuration Manager console, click **Software Library**.
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
-3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
-
- The **Deploy Software Updates Wizard** opens.
-4. On the General page, configure the following settings:
- - **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \\**
- - **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
- - **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
- - **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
- - **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
-5. On the Deployment Settings page, configure the following settings:
-
- - **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
-
- > [!IMPORTANT]
- > After you create the software update deployment, you cannot later change the type of deployment.
-
- > [!NOTE]
- > A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
-
- - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
-
- > [!WARNING]
- > Before you can use this option, computers and networks must be configured for Wake On LAN.
-
- - **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
-6. On the Scheduling page, configure the following settings:
-
- - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
-
- > [!NOTE]
- > When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time.
-
- - **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients:
- - **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
- - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
-
- > [!NOTE]
- > You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
-
- - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links.
-
- > [!NOTE]
- > The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](/sccm/core/clients/deploy/about-client-settings#computer-agent).
-7. On the User Experience page, configure the following settings:
- - **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**.
- - **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](/sccm/core/clients/manage/collections/use-maintenance-windows).
- - **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
-
- > [!IMPORTANT]
- > Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
- - **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
-
- > [!NOTE]
- > When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
- - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
-8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
-
- > [!NOTE]
- > You can review recent software updates alerts from the Software Updates node in the Software Library workspace.
-9. On the Download Settings page, configure the following settings:
- - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
- - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
- - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
- - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
- - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
-
- > [!NOTE]
- > Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source priority](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#content-source-priority).
-10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
-11. Click **Next** to deploy the feature update(s).
-
-### Step 4: Monitor the deployment status
-
-After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
-
-1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
-2. Click the software update group or software update for which you want to monitor the deployment status.
-3. On the **Home** tab, in the **Deployment** group, click **View Status**.
diff --git a/windows/deployment/update/feature-update-mission-critical.md b/windows/deployment/update/feature-update-mission-critical.md
deleted file mode 100644
index 052bebb7c1..0000000000
--- a/windows/deployment/update/feature-update-mission-critical.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Best practices and recommendations for deploying Windows 10 Feature updates to mission-critical devices
-description: Learn how to use the Microsoft Endpoint Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.localizationpriority: medium
-ms.author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
-ms.custom: seo-marvel-apr2020
----
-
-# Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
-
-**Applies to**: Windows 10
-
-Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren't the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the Microsoft Endpoint Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
-
-For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, see [Manage Windows as a service using Configuration Manager](/configmgr/osd/deploy-use/manage-windows-as-a-service).
-
-Devices and shared workstations that are online and available 24 hours a day, 7 days a week, can be serviced via one of two primary methods:
-
-- **Service during maintenance windows** – Devices that have established maintenance windows will need to have feature updates scheduled to fit within these windows.
-- **Service only when manually initiated** – Devices that need physical verification of the availability to update will need to have updates manually initiated by a technician.
-
-You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
-
-- **Upgrade to the next LTSC release.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
-- **Additional required tasks.** When deploying a feature update requires additional steps (for example, suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
-- **Language pack installations.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
-
-If you need to use a task sequence to deploy feature updates, see [Manage Windows as a service using Configuration Manager](/configmgr/osd/deploy-use/manage-windows-as-a-service) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks performed pre-install or pre-commit, see the new [run custom actions](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You might find this option useful in deploying software updates.
-
-Use the following information:
-
-
-- [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md)
-- [Deploy feature updates for user-initiated installations](feature-update-user-install.md)
-- [Conclusion](feature-update-conclusion.md)
\ No newline at end of file
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index 08592c252b..3eef8dae64 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -20,10 +20,8 @@ ms.topic: article
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows 10 devices in your environment. In addition, with the Windows 10 operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them.
+Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them.
->[!TIP]
->See [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) for details about each Windows 10 update released to date.
@@ -31,20 +29,18 @@ Windows as a service provides a new way to think about building, deploying, and
| Topic | Description|
| --- | --- |
-| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the new servicing model for Windows 10. |
-| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
-| [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy. |
-| [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates. |
-| [Assign devices to servicing branches for Windows 10 updates](./waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the Semi-Annual Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
+| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the servicing model for Windows client. |
+| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
+| [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy. |
+| [Assign devices to servicing branches for Windows client updates](/waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the General Availability Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Update Compliance to monitor and manage Windows Updates on devices in your organization. |
-| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
+| [Optimize update delivery](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
| [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. |
-| [Deploy Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
-| [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows 10 updates. |
+| [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. |
+| [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates. |
| [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. |
| [Manage additional Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
| [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started) | Explains how the Windows Insider Program for Business works and how to become an insider. |
>[!TIP]
->Windows servicing is changing, but for disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as Microsoft Endpoint Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows.
->With each release of a new feature update for CB, Microsoft makes available new .iso files for use in updating your custom images. Each Windows 10 build has a finite servicing lifetime, so it’s important that images stay up to date with the latest build. For detailed information about how to deploy Windows 10 to bare-metal machines or to upgrade to Windows 10 from previous builds of Windows, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). Additionally, Windows 10 clients can move from any supported version of Windows 10 (i.e. Version 1511) to the latest version directly (i.e 1709).
\ No newline at end of file
+>For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Endpoint Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.
diff --git a/windows/deployment/update/waas-servicing-differences.md b/windows/deployment/update/waas-servicing-differences.md
deleted file mode 100644
index 96d39838eb..0000000000
--- a/windows/deployment/update/waas-servicing-differences.md
+++ /dev/null
@@ -1,127 +0,0 @@
----
-title: Servicing differences between Windows 10 and older operating systems
-ms.reviewer:
-manager: laurawi
-description: In this article, learn the differences between servicing Windows 10 and servicing older operating systems.
-keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-ms.localizationpriority: medium
-ms.audience: itpro
-author: jaimeo
-ms.topic: article
-ms.collection: M365-modern-desktop
-ms.custom: seo-marvel-apr2020
----
-# Understanding the differences between servicing Windows 10-era and legacy Windows operating systems
-{DELETE}
-
-> Applies to: Windows 10
->
-> **February 15, 2019: This document has been corrected and edited to reflect that security-only updates for legacy OS versions are not cumulative. They were previously identified as cumulative similar to monthly rollups, which is inaccurate.**
-
-Today, many enterprise customers have a mix of modern and legacy client and server operating systems. Managing the servicing and updating differences between those legacy operating systems and Windows 10 versions adds a level of complexity that is not well understood. This can be confusing. With the end of support for legacy [Windows 7 SP1](https://support.microsoft.com/help/4057281/windows-7-support-will-end-on-january-14-2020) and Windows Server 2008 R2 variants on January 14, 2020, System Administrators have a critical need to understand how best to leverage a modern workplace to support system updates.
-
-The following provides an initial overview of how updating client and server differs between the Windows 10-era Operating Systems (such as, Windows 10 version 1709, Windows Server 2016) and legacy operating systems (such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2).
-
-> [!NOTE]
-> A note on naming convention in this article: For brevity, "Windows 10" refers to all operating systems across client, server and IoT released since July 2015, while "legacy" refers to all operating systems prior to that period for client and server, including Windows 7, Window 8.1, Windows Server 2008 R2, Windows Server 2012 R2, etc.
-
-## Infinite fragmentation
-Prior to Windows 10, all updates to operating system (OS) components were published individually. On "Update Tuesday," customers would pick and choose individual updates they wanted to apply. Most chose to update security fixes, while far fewer selected non-security fixes, updated drivers, or installed .NET Framework updates.
-
-As a result, each environment within the global Windows ecosystem that had only a subset of security and non-security fixes installed had a different set of binaries and behaviors than those that consistently installed every available update as tested by Microsoft.
-
-This resulted in a fragmented ecosystem that created diverse challenges in predictively testing interoperability, resulting in high update failure rates - which were subsequently mitigated by customers removing individual updates that were causing issues. Each customer that selectively removed individual updates amplified this fragmentation by creating more diverse environment permutations across the ecosystem. As an IT Administrator once quipped, "If you've seen one Windows 7 PC, you have seen one Windows 7 PC," suggesting no consistency or predictability across more than 250M commercial devices at the time.
-
-## Windows 10 – Next generation
-Windows 10 provided an opportunity to end the era of infinite fragmentation. With Windows 10 and the Windows as a service model, updates came rolled together in the "latest cumulative update" (LCU) packages for both client and server. Every new update published includes all changes from previous updates, as well as new fixes. Since Windows client and server share the same code base, these LCUs allow the same update to be installed on the same client and server OS family, further reducing fragmentation.
-
-This helps simplify servicing. Devices with the original Release to Market (RTM) version of a feature release installed could get up to date by installing the most recent LCU.
-
-Windows publishes the new LCU packages for each Windows 10 version (1607, 1709, etc.) on the second Tuesday of each month. This package is classified as a required security update and contains contents from the previous LCU as well as new security, non-security, and Internet Explorer 11 (IE11) fixes. A reboot of the device might be required to complete installation of the update.
-
-
-
-*Figure 1.0 - High level cumulative update model*
-
-Another benefit of the LCU model is fewer steps. Devices that have the original Release to Market (RTM) version of a release can install the most recent LCU to get up to date in one step, rather than having to install multiple updates with reboots after each.
-
-This cumulative update model for Windows 10 has helped provide the Windows ecosystem with consistent update experiences that can be predicted by baseline testing before release. Even with highly complex updates with hundreds of fixes, the number of incidents with monthly security updates for Windows 10 have fallen month over month since the initial release of Windows 10.
-
-### Points to consider
-
-- Windows 10 does not have the concept of a Security-Only or Monthly Rollup for updates. All updates are an LCU package, which includes the last release plus anything new.
-- Windows 10 no longer has the concept of a "hotfix" since all individual updates must be rolled into the cumulative packages. (Note: Any private fix is offered for customer validation only, and then rolled into an LCU.)
-- [Updates for the .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in the Windows 10 LCU. They are separate packages with different behaviors depending on the version of .NET Framework being updated, and on which OS. As of October 2018, .NET Framework updates for Windows 10 will be separate and have their own cumulative update model.
-- For Windows 10, available update types vary by publishing channel:
- - For customers using Windows Server Update Services (WSUS) and for the Update Catalog, several different updates types for Windows 10 are rolled together for the core OS in a single LCU package, with exception of Servicing Stack Updates.
- - Servicing Stack Updates (SSU) are available for download from the Update Catalog and can be imported through WSUS. Servicing Stack Updates (SSU) will be synced automatically (See this example for Windows 10, version 1709). Learn more about [Servicing Stack Updates](./servicing-stack-updates.md).
- - For customers connecting to Windows Update, the new cloud update architecture uses a database of updates which break out all the different update types, including Servicing Stack Updates (SSU) and Dynamic Updates (DU). The update scanning in the Windows 10 servicing stack on the client automatically takes only the updates that are needed by the device to be completely up to date.
-- Windows 7 and other legacy operating systems have cumulative updates that operate differently than in Windows 10 (see next section).
-
-## Windows 7 and legacy OS versions
-While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in a fragmented environment, we moved Windows 7 to a cumulative update model in October 2016.
-
-Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered one cumulative package (Monthly Rollup) and one individual package (Security Only) for all legacy operating systems.
-
-The Monthly Rollup includes new non-security (if appropriate), security updates, Internet Explorer (IE) updates, and all updates from the previous month similar to the Windows 10 model. The Security-only package includes only new security updates for the month. This means that any security updates from any previous month are not included in current month's Security-Only Package. If a Security-Only update is missed, it is missed. Those updates will not appear in a future Security-Only update. Additionally, a cumulative package is offered for IE, which can be tested and installed separately, reducing the total update package size. The IE cumulative update includes both security and non-security fixes following the same model as Windows 10.
-
-
-*Figure 2.0 - Legacy OS security-only update model*
-
-Moving to the cumulative model for legacy OS versions continues to improve predictability of update quality. The Windows legacy environments which have fully updated machines with Monthly Rollups are running the same baseline against which all legacy OS version updates are tested. These include all of the updates (security and non-security) prior to and after October 2016. Many customer environments do not have all updates prior to this change installed, which leaves some continued fragmentation in the ecosystem. Further, customers who are installing Security-Only Updates and potentially doing so inconsistently are also more fragmented than Microsoft's test environments for legacy OS version. This remaining fragmentation results in issues like those seen when the September 2016 Servicing Stack Update (SSU) was needed for smooth installation of the August 2018 security update. These environments did not have the SSU applied previously.
-
-### Points to consider
-- Windows 7 and Windows 8 legacy operating system updates [moved from individual to cumulative in October 2016](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783). Devices with updates missing prior to that point are still missing those updates, as they were not included in the subsequent cumulative packages.
-- "Hotfixes" are no longer published for legacy OS versions. All updates are rolled into the appropriate package depending on their classification as either non-security, security, or Internet Explorer updates. (Note: any private fix is offered for customer validation only. Once validated they are then rolled into a Monthly Rollup or IE cumulative update, as appropriate.)
-- Both Monthly Rollups and Security-only updates released on Update Tuesday for legacy OS versions are identified as "security required" updates, because both have the full set of security updates in them. The Monthly Rollup may have additional non-security updates that are not included in the Security Only update. The "security" classification requires the device be rebooted so the update can be fully installed.
-- Given the differences between the cumulative Monthly Rollups and the single-month Security-only update packages, switching between these update types is not advised. Differences in the baselines of these packages may result in installation errors and conflicts. Choosing one and staying on that update type with high consistency – Monthly Rollup or Security-only – is recommended.
-- With all Legacy OS versions now in the Extended Support stage of their 10-year lifecycle, they typically receive only security updates for both Monthly Rollup and Security Only updates. Using Express for the Monthly Rollup results in almost the same package size as Security Only, with the added confidence of ensuring all relevant updates are installed.
-- In [February 2017](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798), Windows pulled IE updates out of the legacy OS versions Security-only updates, while leaving them in the Monthly Rollup updates. This was done specifically to reduce package size based on customer feedback.
-- The IE cumulative update includes both security and non-security updates and is also needed for to help secure the entire environment. This update can be installed separately or as part of the Monthly Rollup.
-- [Updates for .NET Framework](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/) are NOT included in legacy Monthly Rollup or Security Only packages. They are separate packages with different behaviors depending on the version of the .NET Framework, and which legacy OS, being updated.
-- For [Windows Server 2008 SP2](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/), cumulative updates began in October 2018, and follow the same model as Windows 7. Updates for IE9 are included in those packages, as the last supported version of Internet Explorer for that Legacy OS version.
-
-## Public preview releases
-Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month's B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month's B release package together with new security updates. Security-only Packages are not part of the C/D preview program.
-
-> [!NOTE]
-> Only preview updates for the most recent release of Windows 10 are published to Windows Server Update Services (WSUS). For customers using the WSUS channel, and products such as Microsoft Endpoint Manager that rely on it, will not see preview updates for older versions of Windows 10.
-
-> [!NOTE]
-> Preview updates for Windows 10 are not named differently than their LCU counterparts and do not contain the word 'Preview'. They can be identified by their release date (C or D week) and their classification as non-security updates.
-
-### Examples
-Windows 10 version 1709:
-- (9B) September 11, 2018 Update Tuesday / B release - includes security, non-security and IE update. This update is categorized as "Required, Security" it requires a system reboot.
-- (9C) September 26, 2018 Preview C release - includes everything from 9B PLUS some non-security updates for testing/validation. This update is qualified as not required, non-security. No system reboot is required.
-- (10B) October 9, 2018 Update Tuesday / B release includes all fixes included in 9B, all fixes in 9C and introduces new security fixes and IE updates. This update is qualified as "Required, Security" and requires a system reboot.
-All of these updates are cumulative and build on each other for Windows 10. This is in contrast to legacy OS versions, where the 9C release becomes part of the "Monthly Rollup," but not the "Security Only" update. In other words, a Window 7 SP1 9C update is part of the cumulative "Monthly Rollup" but not included in the "Security Only" update because the fixes are qualified as "non-security". This is an important variation to note on the two models.
-
-
-*Figure 3.0 - Preview releases within the Windows 10 LCU model*
-
-## Previews vs. on-demand releases
-In 2018, we experienced incidents which required urgent remediation that didn't map to the monthly update release cadence. These incidents were situations that required an immediate fix to an Update Tuesday release. While Windows engineering worked aggressively to respond within a week of the B-release, these "on-demand" releases created confusion with the C Preview releases.
-
-As a general policy, if a Security-Only package has a regression, which is defined as an unintentional error in the code of an update, then the fix for that regression will be added to the next month's Security-Only Update. The fix for that regression may also be offered as part an On-Demand release and will be rolled into the next Monthly Update. (Note: Exceptions do exist to this policy, based on timing.)
-
-### Point to consider
-- When Windows identifies an issue with a Update Tuesday release, engineering teams work to remediate or fix the issue as quickly as possible. The outcome is often a new update which may be released at any time, including during the 3rd or 4th week of the month. Such updates are independent of the regularly scheduled "C" and "D" update previews. These updates are created on-demand to remediate a customer impacting issue. In most cases they are qualified as a "non-security" update, and do not require a system reboot.
-- Rarely do incidents with Update Tuesday releases impact more than .1% of the total population. With the new Windows Update (WU) architecture, updates can be targeted to affected devices. This targeting is not available through the Update Catalog or WSUS channels, however.
-- On-demand releases address a specific issue with an Update Tuesday release and are often qualified as "non-security" for one of two reasons. First, the fix may not be an additional security fix, but a non-security change to the update. Second, the "non-security" designation allows individuals or companies to choose when and how to reboot the devices, rather than forcing a system reboot on all Windows devices receiving the update globally. This trade-off is rarely a difficult choice as it has the potential to impact customer experience across client and server, across consumer and commercial customers for more than one billion devices.
-- Because the cumulative model is used across Window 10 and legacy Windows OS versions, despite variations between these OS versions, an out of band release will include all of the changes from the Update Tuesday release plus the fix that addresses the issue. And since Windows no longer releases hotfixes, everything is cumulative in some way.
-
-In closing, I hope this overview of the update model across current and legacy Windows OS versions highlights the benefits of the Windows 10 cumulative update model to help defragment the Windows ecosystem environments, simplify servicing and help make systems more secure.
-
-## Resources
-- [Simplifying updates for Windows 7 and 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplifying-updates-for-Windows-7-and-8-1/ba-p/166530)
-- [Further simplifying servicing models for Windows 7 and Windows 8.1](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Further-simplifying-servicing-models-for-Windows-7-and-Windows-8/ba-p/166772)
-- [More on Windows 7 and Windows 8.1 servicing changes](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783)
-- [.NET Framework Monthly Rollups Explained](https://blogs.msdn.microsoft.com/dotnet/2016/10/11/net-framework-monthly-rollups-explained/)
-- [Simplified servicing for Windows 7 and Windows 8.1: the latest improvements](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798)
-- [Windows Server 2008 SP2 servicing changes](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/)
-- [Windows 10 update servicing cadence](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376)
-- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434)
\ No newline at end of file
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
deleted file mode 100644
index c10019d563..0000000000
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: Prepare servicing strategy for Windows client updates
-description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
-ms.prod: w10
-ms.mktglfcycl: manage
-author: jaimeo
-ms.localizationpriority: medium
-ms.author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.topic: article
-ms.collection: m365initiative-coredeploy
----
-
-# Prepare servicing strategy for Windows 10 updates
-
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-Here’s an example of what this process might look like:
-
-- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
-- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSB edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
-- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
-- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
-- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
-- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).
-
-
-Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
-
-1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test machines” step of the Predeployment strategy section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. For more information about device and application compatibility, see the section Compatibility.
-2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-Annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it.
-3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department.
-
-
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
deleted file mode 100644
index fe639fa3d6..0000000000
--- a/windows/deployment/update/waas-wufb-intune.md
+++ /dev/null
@@ -1,285 +0,0 @@
----
-title: Walkthrough use Intune to configure Windows Update for Business
-description: In this article, learn how to configure Windows Update for Business settings using Microsoft Intune.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-ms.localizationpriority: medium
-ms.audience: itpro
-ms.date: 07/27/2017
-ms.reviewer:
-manager: laurawi
-ms.topic: article
-ms.author: jaimeo
-author: jaimeo
----
-
-# Walkthrough: use Microsoft Intune to configure Windows Update for Business
-
-
-**Applies to**
-
-- Windows 10
-
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
->[!IMPORTANT]
->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB,CBB and LTSB may still be displayed in some of our products.
->
->In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel.
-
-You can use Intune to configure Windows Update for Business even if you don't have on-premises infrastructure when you use Intune in conjunction with Azure AD. Before configuring Windows Update for Business, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment.
-
-Windows Update for Business in Windows 10 version 1511 allows you to delay quality updates up to 4 weeks and feature updates up to an additional 8 months after Microsoft releases builds to the Current Branch for Business (CBB) servicing branch. In Windows 10 version 1607 and later, you can delay quality updates for up to 30 days and feature updates up to an additional 180 days after the release of either a Current Branch (CB) or CBB build.
-
-To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings.
-
->[!NOTE]
->Coming soon: [Intune Groups will be converted to Azure Active Directory-based Security Groups](/intune/deploy-use/use-groups-to-manage-users-and-devices-with-microsoft-intune)
-
-## Configure Windows Update for Business in Windows 10, version 1511
-
-In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md).
-
-- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they're released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
-- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
-
->[!NOTE]
->Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only.
-
-### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral
-
-1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials.
-
-2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
-
- 
-
-3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
-
-4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**.
-
-5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list.
-
-6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**.
-
-7. In the **Value** box, type **1**, and then click **OK**.
-
- >[!NOTE]
- >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
-
- 
-
-8. For this deployment ring, you're required to enable only CBB, so click **Save Policy**.
-
-9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**.
-
- >[!NOTE]
- >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
-
-10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
-
-You have now configured the **Ring 4 Broad business users** deployment ring to enable the CBB servicing branch. Now, you must configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates.
-
-### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals
-
-1. In the Policy workspace, click **Configuration Policies**, and then click **Add**.
-
-2. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
-
-3. Name the policy **Windows Update for Business – CBB2**. Then, in the **OMA-URI Settings** section, click **Add**.
- In this policy, you add two OMA-URI settings, one for each deferment type.
-
-4. In **Setting name**, type **Enable Clients for CBB**, and then in the **Data type** list, select **Integer**.
-
-6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade**. Then, in the **Value** box, type **1**.
-
-7. Click **OK** to save the setting.
-
-8. In the **OMA-URI Settings** section, click **Add**.
-
-9. For this setting, in **Setting name**, type **Defer Updates for 1 Week**, and then in the **Data type** list, select **Integer**.
-
-11. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod**.
-
-12. In the **Value** box, type **1**.
-
-13. Click **OK** to save the setting.
-
-14. In the **OMA-URI Settings** section, click **Add**.
-
-15. For this setting, in **Setting name**, type **Defer Upgrades for 1 Month**, and then in the **Data type** list, select **Integer**.
-
-17. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferUpgradePeriod**.
-
-18. In the **Value** box, type **1**.
-
-19. Click **OK** to save the setting.
-
- Three settings should appear in the **Windows Update for Business – CBB2** policy.
-
- 
-
-20. Click **Save Policy**, and then click **Yes** at the **Deploy Policy** prompt.
-
-21. In the **Manage Deployment** dialog box, select the **Ring 5 Broad business users #2** computer group, click **Add**, and then click **OK**.
-
-## Configure Windows Update for Business in Windows 10 version 1607
-
-To use Intune to manage quality and feature updates in your environment, you must first create computer groups that align with your constructed deployment rings.
-
-In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates:
-
-- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 28 days after they are released.
-- **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch.
-- **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days.
-
-### Configure Ring 2 Pilot Business Users policy
-
-1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials.
-
-2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
-
- 
-
-3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
-
-4. Name the policy **Windows Update for Business - CB2**. Then, in the **OMA-URI Settings** section, click **Add**.
-
-4. In **Setting name**, type **Enable Clients for CB**, and then select **Integer** from the **Data type** list.
-
-6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**.
-
-7. In the **Value** box, type **0**, and then click **OK**.
-
- >[!NOTE]
- >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
-
- 
-
-8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting.
-
-8. In **Setting name**, type **Defer feature updates for 28 days**, and then select **Integer** from the **Data type** list.
-10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
-11. In the **Value** box, type **28**, and then click **OK**.
-
- 
-
-9. Click **Save Policy**.
-
-9. In the **Deploy Policy: Windows Update for Business – CB2** dialog box, click **Yes**.
-
- >[!NOTE]
- >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
-
-10. In the **Manage Deployment: Windows Update for Business – CB2** dialog box, select the **Ring 2 Pilot Business Users** group, click **Add**, and then click **OK**.
-
-You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they're available.
-
-### Configure Ring 4 Broad business users policy
-
-2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
-
- 
-
-3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
-
-4. Name the policy **Windows Update for Business - CBB1**. Then, in the **OMA-URI Settings** section, click **Add**.
-
-5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list.
-
-6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**.
-
-7. In the **Value** box, type **1**, and then click **OK**.
-
- >[!NOTE]
- >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
-
-
-8. Because the **Ring 4 Broad business users** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting.
-
-9. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list.
-
-10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
-
-11. In the **Value** box, type **0**, and then click **OK**.
-
- 
-
-12. Click **Save Policy**.
-
-13. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**.
-
- >[!NOTE]
- >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
-
-14. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
-
-You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they're available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates.
-
-
-### Configure Ring 5 Broad business users \#2 policy
-
-2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
-
- 
-
-3. In the Create a New Policy Wizard, select **Windows\Custom Configuration (Windows 10 Desktop and Mobile and later)**, and then click **Create Policy**.
-
-4. Name the policy **Windows Update for Business - CBB2**. Then, in the **OMA-URI Settings** section, click **Add**.
-
-5. In **Setting name**, type **Enable Clients for CBB**, and then select **Integer** from the **Data type** list.
-
-6. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/BranchReadinessLevel**.
-
-7. In the **Value** box, type **1**, and then click **OK**.
-
- >[!NOTE]
- >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) for the proper syntax.
-
-
-8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting.
-
-9. In **Setting name**, type **Defer quality updates for 7 days**, and then select **Integer** from the **Data type** list.
-
-10. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferQualityUpdatesPeriodInDays**.
-
-11. In the **Value** box, type **7**, and then click **OK**.
-
-12. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting.
-
-13. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list.
-
-14. In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
-
-15. In the **Value** box, type **14**, and then click **OK**.
-
- 
-
-16. Click **Save Policy**.
-
-17. In the **Deploy Policy: Windows Update for Business – CBB2** dialog box, click **Yes**.
-
- >[!NOTE]
- >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
-
-18. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**.
-
-## Related topics
-
-- [Update Windows 10 in the enterprise](index.md)
-- [Overview of Windows as a service](waas-overview.md)
-- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
-- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
-- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
-- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
-- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
-- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
-- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
-- [Configure Windows Update for Business](waas-configure-wufb.md)
-- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
-- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
-- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
-- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
\ No newline at end of file
diff --git a/windows/deployment/update/wufb-autoupdate.md b/windows/deployment/update/wufb-autoupdate.md
deleted file mode 100644
index 35943d5dac..0000000000
--- a/windows/deployment/update/wufb-autoupdate.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Setting up Automatic Update in Windows Update for Business (Windows 10)
-description: In this article, learn how to configure Automatic Update in Windows Update for Business with group policies.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.audience: itpro
-ms.date: 06/20/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-{DELETE}
-# Set up Automatic Update in Windows Update for Business with group policies
-
->Applies to: Windows 10
-
-Use the Automatic Update group policies to manage the interaction between Windows Update and clients.
-
-Automatic Update governs the "behind the scenes" download and installation processes. It's important to keep in mind the device limitation in your environment as the download and install process can consume processing power. The below section outlines the ideal configuration for devices with the least amount of user experience degradation.
-
-|Policy|Description |
-|-|-|
-|Configure Automatic Updates|Governs the installation activity that happens in the background. This allows you to configure the installation to happen during the [maintenance window](/configmgr/core/clients/manage/collections/use-maintenance-windows). Also, you can specify an installation time where the device will also try to install the latest packages. You can also pick a certain day and or week.|
-|Automatic Update Detection Frequency|Lets you set the scan frequency the device will use to connect to Windows Update to see if there is any available content. Default is 22 hours, but you can increase or decrease the frequency. Keep in mind a desktop computer may need to scan less frequently than laptops, which can have intermittent internet connection.|
-|Specify Intranet Microsoft Update Service Location|Used for Windows Server Update Services or Microsoft Endpoint Manager users who want to install custom packages that are not offered through Windows Update.|
-|Do not connect to any Windows Update Internet locations
Required for Dual Scan|Prevents access to Windows Update.|
-
-## Suggested configuration
-
-|Policy|Location|Suggested configuration|
-|-|-|-|
-|Configure Automatic Updates| GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates| **Attention**: If you are using this policy, don't set it/configure it to get the default behavior. If you have set this policy, delete the reg key. This ensures the device uses the default behavior. Note that this is not the same as the default setting within the policy.
**Default behavior**: Download and installation happen automatically. The device will then be in a pending reboot state.
**Pro tip**: You can configure the scan frequency to be more frequent with the policy below.|
-|Automatic Update Detection Frequency|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Automatic Updates detection frequency|State: Enabled
**Check for updates on the following interval (hours)**: 22|
-|Do not connect to any Windows Update Internet locations (Required for Dual Scan) | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not connect to any Windows Update Internet locations |State: Disabled |
\ No newline at end of file
diff --git a/windows/deployment/update/wufb-basics.md b/windows/deployment/update/wufb-basics.md
deleted file mode 100644
index 5279938d0e..0000000000
--- a/windows/deployment/update/wufb-basics.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Configure the Basic group policy for Windows Update for Business
-description: In this article, you will learn how to configure the basic group policy for Windows Update for Business.
-ms.custom: seo-marvel-apr2020
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.localizationpriority: medium
-ms.audience: itpro
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-# Configure the Basic group policy for Windows Update for Business
-{DELETE}
-
-For Windows Update for Business configurations to work, devices need to be configured with minimum [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) level of "Basic." Additionally, compliance reporting for configured devices is obtained using [Monitor Windows Update with Update Compliance](./update-compliance-monitor.md). To view your data in Update Compliance [diagnostics data must be enabled](/windows/deployment/update/windows-analytics-get-started#set-diagnostic-data-levels) and the devices must be configured with a commercial ID, a unique GUID created for an enterprise at the time of onboarding.
-
-|Policy name|Description |
-|-|-|
-|Allow Telemetry|Enables Microsoft to run diagnostics on your device and troubleshoot.|
-|Configure Commercial ID|This policy allows you to join the device to an entity.|
-
-## Suggested configuration
-
-|Policy|Location|Suggested configuration|
-|-|-|-|
-|Allow Telemetry |GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Allow Telemetry |State: Enabled
**Option**: 1-Basic|
-|Configure Commercial ID|GPO: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Commercial ID |State: Enabled
**Commercial ID**: The GUID created for you at the time of onboarding|
\ No newline at end of file
diff --git a/windows/deployment/update/wufb-managedrivers.md b/windows/deployment/update/wufb-managedrivers.md
deleted file mode 100644
index d021810d58..0000000000
--- a/windows/deployment/update/wufb-managedrivers.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Managing drivers, dual-managed environments, and Delivery Optimization with group policies in Windows Update for Business
-description: Learn how to manage drivers, dual managed environments, and bandwidth (Delivery Optimization) with GPOs in Windows Update for Business.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-ms.audience: itpro
-author: jaimeo
-ms.date: 06/21/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-# Managing drivers, dual-managed environments, and Delivery Optimization with group policies
-{DELETE}
->Applies to: Windows 10
-
-Use the following group policy information to manage drivers, to manage environments using both Windows Update for Business and Windows Server Update Services, and to manage the bandwidth required for updates with Delivery Optimization.
-
-## Managing drivers
-Windows Update for Business provides the ability to manage drivers from the Windows Update service. By default, drivers will be offered to your Windows Update-connected devices. Our guidance here is to continue to receive drivers from Windows Update. Alternatively, you can enable the following policy to stop receiving drivers from Windows Update.
-
-### Policy overview
-
-|Policy| Description |
-|-|-|
-|Do not include drivers with Windows Update |When enabled prevents Windows Update from offering drivers.|
-
-### Suggested configuration
-
-|Policy| Location|Suggested configuration |
-|-|-|-|
-|Do not include drivers with Windows Update |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates|State: Disabled |
-
-## Dual-managed environment
-
-You can use an on-premises catalog, like WSUS, to deploy 3rd Party patches and use Windows Update to deploy feature and quality updates. We provide capabilities to deploy content from both Windows Update Service and from WSUS. In addition to the policies for managing drivers, apply the following configurations to your environment.
-
-|Policy| Description |
-|-|-|
-|Specify Intranet Microsoft Update Service Location| Used for WSUS/Microsoft Endpoint Manager customers who want to install custom packages that are not offered through Windows Update.|
-
-### Suggested configuration
-
-|Policy| Location|Suggested configuration |
-|-|-|-|
-|Specify Intranet Microsoft Update Service Location|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify Intranet Microsoft update service location|State: Enabled
**Set the Intranet Update service for detecting updates**:
**Set the Intranet statistics server**:
**Set the alternate download server**: |
-
-## Download Optimization - Managing your bandwidth
-
-[Delivery Optimization](waas-delivery-optimization.md) is Windows 10's built-in downloader and peer-caching technology that can benefit CSE for network bandwidth reduction of Windows 10 servicing updates. Windows 10 clients can source content from other devices on their local network that have already downloaded the same updates in addition to downloading these updates from Microsoft. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfil peer-to-peer requests. To configure devices for delivery optimization, ensure the following configurations are set.
-
-|Policy| Description |
-|-|-|
-|Download Mode| 2=HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if exist) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2|
-|Minimum Peer Caching Content File Size (in MB)|Specifies the minimum content file size in MB enabled to use peer caching.
Choose a size that meets your environment's constraints.|
-|Allow uploads while the device is on battery while under set battery level (percentage)|Specify a battery level from 1-100, where the device will pause uploads once the battery level drops below that percentage. |
-|Max Cache Age (in seconds)|Maximum number of seconds to keep data in cache.|
-
-### Suggested configuration
-
-|Policy| Location| Suggested configuration |
-|-|-|-|
-|Download Mode|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Download Mode|State: Enabled
**Download Mode**: Group (2)|
-|Minimum Peer Caching Content File Size (in MB)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Minimum Peer Caching Content File Size (in MB)|State: Enabled
**Minimum Peer caching content file size (in MB)**: 10 MB|
-|Allow uploads while the device is on battery while under set battery level (percentage)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Allow uploads while the device is on battery while under set battery level (percentage)|State: Enabled
**Minimum battery level (Percentage)**: 60|
-|Max Cache Age (in seconds)|GPO: Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization > Max Cache Age (in seconds)|State: Enabled
**Max Cache Age (in seconds)**: 604800 ~ 7 days|
diff --git a/windows/deployment/update/wufb-manageupdate.md b/windows/deployment/update/wufb-manageupdate.md
deleted file mode 100644
index c8edc83a4f..0000000000
--- a/windows/deployment/update/wufb-manageupdate.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Managing feature and quality updates with policies in Windows Update for Business (Windows 10)
-description: Learn how to manage feature and quality updates using group policies in Windows Update for Business.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-author: jaimeo
-ms.audience: itpro
-ms.date: 06/20/2018
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-
-# Manage feature and quality updates with group policies
-
-{dELETE}
-
->Applies to: Windows 10
-
-Windows Update for Business allows users to control when devices should receive a feature or quality update from Windows Update. Depending on the size of your organization you may want to do a wave deployment of updates. The first step in this process is to determine which Branch Readiness Level you want your organization on. For more information on which level is right for your organization review [Overview of Windows as a service](waas-overview.md).
-
-The following policies let you configure when you want a device to see a feature and or quality update from Windows Update.
-
-## Policy overview
-
-|Policy name| Description |
-|-|-|
-|Select when Quality Updates are received|Configures when the device should receive quality update. In this policy you can also select a date to pause receiving Quality Updates until. |
-|Select when Preview Builds & feature Updates are received|Configures when the device should receive a feature update. You can also configure your branch readiness level. This policy also provides the ability to "pause" updates until a certain point. |
-|Do not allow update deferral policies to cause scans against Windows Update|When enabled will not allow the deferral policies to cause scans against Windows Update.|
-
-## Suggested configuration for a non-wave deployment
-
-If you don't need a wave deployment and have a small set of devices to manage, we recommend the following configuration:
-
-|Policy| Location|Suggested configuration |
-|-|-|-|
-|Select when Quality Updates are received | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received|State: Enabled
**Defer receiving it for this many days**: 0
**Pause Quality Updates**: Blank
*Note: use this functionality to prevent the device from receiving a quality update until the time passes|
-|Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled
**Select Windows Readiness Level**: SAC
**Defer receiving for this many days**: 0-365
**Pause Feature Updates**: Blank
*Note: use this functionality to prevent the device from receiving a feature update until the time passes|
-|Do not allow update deferral policies to cause scans against Windows Update|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not allow update deferral policies to cause scans against Windows Update|State: Disabled|
-
-## Suggested configuration for a wave deployment
-
-
-## Early validation and testing
-Depending on your organizational size and requirements you might be able to test feature updates earlier to identify if there are impacts to Line of Business applications. Our recommendation is to enroll a set of devices that are a good representation of your device ecosystem (for example, devices with accounting software or engineering software). Learn more about [different deployment rings](https://insider.windows.com/how-to-pc/#working-with-rings).
-
-|Policy|Location|Suggested configuration |
-|-|-|-|
-|Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled
**Select Windows Readiness Level**: WIP Fast or WIP slow
**Defer receiving for this many days**: 0
**Pause Feature Updates**: Blank *Note: use this functionality to prevent the device from receiving a feature update until the time passes.|
-|Select when Quality Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are received|State: Enabled
**Defer receiving it for this many days**: 0
**Pause Quality Updates**: Blank
*Note: use this functionality to prevent the device from receiving a quality update until the time passes|
-
-## Wave deployment for feature updates
-
-If you want to deploy feature updates in waves we suggest using the following configuration. For the deferral days we recommend staging them out in 1-month increments. Manage your risk by placing critical devices later in the wave (deferrals > 30 or 60 days) while placing your low risk devices earlier in the wave (deferrals < 30 days). Using deferrals days is a great method to manage your wave deployment. Using this in combination with our suggested early validation will help you prepare your environment for the latest updates from Windows.
-
-|Policy|Location|Suggested configuration |
-|-|-|-|
-|Select when Preview Builds & feature Updates are received |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received|State: Enabled
**Select Windows Readiness Level**: SAC
**Defer receiving for this many days**: 0, 30, 60, 90, 120
**Pause Feature Updates**: Blank
*Note: use this functionality to prevent the device from receiving a feature update until the time passes
diff --git a/windows/deployment/update/wufb-onboard.md b/windows/deployment/update/wufb-onboard.md
deleted file mode 100644
index c2432e9bcb..0000000000
--- a/windows/deployment/update/wufb-onboard.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Onboarding to Windows Update for Business (Windows 10)
-description: Get started using Windows Update for Business, a tool that enables IT pros and power users to manage content they want to receive from Windows Update.
-ms.prod: w10
-ms.mktglfcycl: manage
-audience: itpro
-itproauthor: jaimeo
-ms.audience: itpro
-author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.topic: article
----
-
-# Onboarding to Windows Update for Business in Windows 10
-{DELETE}
-
->Applies to: Windows 10
-
-Windows Update for Business is a tool that enables IT pros and power users to manage content they want to receive from Windows Update Service. Windows Update for Business can control the following:
-
-- Interaction between the client and Windows Update service
-- End user notification for pending updates
-- Compliance deadlines for feature or quality updates
-- Configure wave deployment for feature or quality updates bandwidth optimization
-
-We also provide additional functionality to manage your environment when risk or issues arise such as applications being blocked:
-
-- Uninstall latest feature or quality update
-- Pause for a duration of time
-
-Use the following information to set up your environment using Windows Update for Business policies:
-
-- [Supported SKUs](#supported-editions)
-- [Windows Update for Business basics](wufb-basics.md)
-- [Setting up automatic update](wufb-autoupdate.md)
-- [Managing feature and quality updates](wufb-manageupdate.md)
-- [Enforcing compliance deadlines](wufb-compliancedeadlines.md)
-- [Managing drivers, environments with both Windows Update for Business and WSUS, and Download Optmization](wufb-managedrivers.md)
-
-## Supported editions
-
-Windows Update for Business is supported on the following editions of Windows 10:
-
-- Windows 10 Education
-- Windows 10 Enterprise
-- Windows 10 Pro
-- Windows 10 S (for Windows 10, version 1709 and earlier)
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index 7f9f5e72ad..930939cf41 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -1,6 +1,6 @@
---
-title: How to install fonts missing after upgrading to Windows 10
-description: Some of the fonts are missing from the system after you upgrade to Windows 10.
+title: How to install fonts missing after upgrading to Windows client
+description: Some of the fonts are missing from the system after you upgrade to Windows client.
keywords: deploy, upgrade, FoD, optional feature
ms.prod: w10
ms.mktglfcycl: plan
@@ -9,18 +9,20 @@ ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.audience: itpro
-ms.date: 10/31/2017
ms.reviewer:
manager: laurawi
ms.topic: article
---
-# How to install fonts that are missing after upgrading to Windows 10
+# How to install fonts that are missing after upgrading to Windows client
-> Applies to: Windows 10
+**Applies to**
-When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows 10. If you install a fresh instance of Windows 10, or upgrade an older version of Windows to Windows 10, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
+- Windows 10
+- Windows 11
-If you have documents created using the missing fonts, these documents might display differently on Windows 10.
+When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10 or Windows 11, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows client. If you install a fresh instance of Windows client, or upgrade an older version of Windows to Windows client, these optional features are not enabled by default. As a result, these fonts appear to be missing from the system.
+
+If you have documents created using the missing fonts, these documents might display differently on Windows client.
For example, if you have an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
@@ -35,7 +37,7 @@ For example, if you have an English (or French, German, or Spanish) version of W
- Gungsuh
- GungsuhChe
-If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows 10, and it will remain this way in future releases.
+If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows client, and it will remain this way in future releases.
## Installing language-associated features via language settings:
From 2901b97e7326cb2ff02696e0b20929d83dd80749 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 13:19:17 -0700
Subject: [PATCH 29/38] fixing redirects
---
.openpublishing.redirection.json | 40 ++++++++++++++++++--------------
windows/deployment/TOC.yml | 1 -
2 files changed, 22 insertions(+), 19 deletions(-)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 49a449abe6..3a06907fec 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18971,49 +18971,53 @@
"redirect_document_id": false
},
{
- "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/wufb-autoupdate.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/wufb-basics.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/wufb-managedrivers.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/wufb-manageupdate.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/wwufb-onboard.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/feature-update-conclusion.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/waas-wufb-intune.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/feature-update-maintenance-window.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
"redirect_document_id": true
},
{
- "source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "source_path": "windows/deployment/update/feature-update-mission-critical.md",
+ "redirect_url": "/windows/deployment/waas-manage-updates-wufb.md",
"redirect_document_id": false
+ {
+ "source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
+ "redirect_url": "/windows/deployment/deploy-whats-new.md",
+ "redirect_document_id": true
}
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 78c5ebcab3..11ce81a381 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -17,7 +17,6 @@
href: update/get-started-updates-channels-tools.md
- name: Prepare servicing strategy for Windows client updates
href: update/waas-servicing-strategy-windows-10-updates.md
-
- name: Deployment proof of concept
items:
- name: Demonstrate Autopilot deployment on a VM
From 84e9a5344db2fb9b29615a3d8ec8d2f512f3eec2 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 13:23:37 -0700
Subject: [PATCH 30/38] fixing redirect syntax
---
.openpublishing.redirection.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 3a06907fec..c01d75ccd3 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -19014,12 +19014,12 @@
"source_path": "windows/deployment/update/feature-update-mission-critical.md",
"redirect_url": "/windows/deployment/waas-manage-updates-wufb.md",
"redirect_document_id": false
+ },
{
"source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
"redirect_url": "/windows/deployment/deploy-whats-new.md",
"redirect_document_id": true
- }
-
+ }
- ]
+ ]
}
From a412da1fe5d631e2964aded2d5b8e5cf1abd8aa1 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 13:38:30 -0700
Subject: [PATCH 31/38] still trying to fix redirect
---
.openpublishing.redirection.json | 38 ++++++++++++++++----------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index c01d75ccd3..9c343b5128 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18962,62 +18962,62 @@
},
{
"source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/update/waas-servicing-differences.md",
- "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md",
+ "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-autoupdate.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/update/wufb-basics.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-managedrivers.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-manageupdate.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wwufb-onboard.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/feature-update-conclusion.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/waas-wufb-intune.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/feature-update-maintenance-window.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb.md",
- "redirect_document_id": true
+ "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/feature-update-mission-critical.md",
- "redirect_url": "/windows/deployment/waas-manage-updates-wufb.md",
+ "redirect_url": "/windows/deployment/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
- "redirect_url": "/windows/deployment/deploy-whats-new.md",
+ "redirect_url": "/windows/deployment/deploy-whats-new",
"redirect_document_id": true
}
From 7fe463367fbd7cac503c6c938a33217bb777b2fd Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 13:52:47 -0700
Subject: [PATCH 32/38] cleaning up crosslinks
---
.openpublishing.redirection.json | 4 +-
windows/deployment/update/update-policies.md | 8 +--
...aas-deployment-rings-windows-10-updates.md | 64 -------------------
.../update/waas-manage-updates-wsus.md | 7 +-
...s-servicing-strategy-windows-10-updates.md | 42 ++++++++++++
.../upgrade/windows-10-edition-upgrades.md | 2 -
.../upgrade/windows-10-upgrade-paths.md | 2 -
7 files changed, 48 insertions(+), 81 deletions(-)
delete mode 100644 windows/deployment/update/waas-deployment-rings-windows-10-updates.md
create mode 100644 windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 9c343b5128..a4937f6bfa 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18963,7 +18963,7 @@
{
"source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
"redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
- "redirect_document_id": true
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/waas-servicing-differences.md",
@@ -18973,7 +18973,7 @@
{
"source_path": "windows/deployment/update/wufb-autoupdate.md",
"redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
- "redirect_document_id": true
+ "redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-basics.md",
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index f6bb3195f2..4bbcdcad7e 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -18,8 +18,8 @@ ms.collection: M365-modern-desktop
**Applies to**
-- Windows 10
-- Windows 11
+- Windows 10
+- Windows 11
Keeping devices up to date is the best way to keep them working smoothly and securely.
@@ -39,10 +39,6 @@ update is published plus any deferral. In addition, this policy includes a confi
to opt out of automatic restarts until the deadline is reached (although we recommend always allowing automatic
restarts for maximum update velocity).
-> [!IMPORTANT]
-> If you use the new **Specify deadlines for automatic updates and restarts** setting in Windows 10,
-> version 1903, you must disable the [older deadline policies](wufb-compliancedeadlines.md#prior-to-windows-10-version-1709) because they could conflict.
-
We recommend you set deadlines as follows:
- Quality update deadline, in days: 3
- Feature update deadline, in days: 7
diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
deleted file mode 100644
index fcb4115629..0000000000
--- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Build deployment rings for Windows client updates
-description: Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades.
-ms.prod: w10
-ms.mktglfcycl: manage
-author: jaimeo
-ms.localizationpriority: medium
-ms.author: jaimeo
-ms.reviewer:
-manager: laurawi
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-{DELETE ALTOGETHER??}
-
-# Build deployment rings for Windows client updates
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-> [!NOTE]
-> We're in the process of updating this topic with more definitive guidance. In the meantime, see [this post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) on the Windows 10 IT Pro blog for some great suggestions for a deployment ring structure.
-
-For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different.
-
-Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows client, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings.
-
-Defining deployment rings is generally a one-time event (or at least infrequent), but IT should revisit these groups to ensure that the sequencing is still correct. Also, there are times in which client computers could move between different deployment rings when necessary.
-
-Table 1 provides an example of the deployment rings you might use.
-
-**Table 1**
-
-| Deployment ring | Servicing channel | Deferral for feature updates | Deferral for quality updates | Example |
-| --- | --- | --- | --- | --- |
-| Preview | Windows Insider Program | None | None | A few machines to evaluate early builds prior to their arrival to the Semi-Annual channel |
-| Broad | Semi-Annual channel | 120 days | 7-14 days | Broadly deployed to most of the organization and monitored for feedbackPause updates if there are critical issues |
-| Critical | Semi-Annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for some time by most of the organization |
-
->[!NOTE]
->In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC does not receive feature updates.
-
-
-As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense.
-
-
-## Steps to manage updates for Windows client
-
-| | |
-| --- | --- |
-|  | [Learn about updates and servicing channels](waas-overview.md) |
-|  | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
-|  | Build deployment rings for Windows client updates (this article) |
-|  | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
-|  | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
-|  | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
-
-
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 3556cec273..8bfab4700e 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -16,14 +16,11 @@ ms.topic: article
**Applies to**
-- Windows 10
-- Windows 11
+- Windows 10
+- Windows 11
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
->[!IMPORTANT]
->Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy or the registry. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
-
WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Manager provides.
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
new file mode 100644
index 0000000000..fba2cf1830
--- /dev/null
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -0,0 +1,42 @@
+---
+title: Prepare servicing strategy for Windows client updates
+description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
+ms.prod: w10
+ms.mktglfcycl: manage
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer:
+manager: laurawi
+ms.topic: article
+ms.collection: m365initiative-coredeploy
+---
+
+# Prepare servicing strategy for Windows client updates
+
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
+
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+
+Here’s an example of what this process might look like:
+
+- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Avialability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
+- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSB edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
+- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
+- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
+- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
+- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).
+
+
+Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
+
+1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test devices step of the previous section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase.
+2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the “Recruit volunteers” step of the previous section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it.
+3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department.
+
+
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index c8a2c54c5a..1de5b11aa3 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -71,7 +71,6 @@ X = unsupported
> - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
>
-> - Due to [naming changes](../update/waas-overview.md#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
## Upgrade using mobile device management (MDM)
- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp).
@@ -239,7 +238,6 @@ You can move directly from Enterprise to any valid destination edition. In this
-> **Windows 10 LTSC/LTSB**: Due to [naming changes](../update/waas-overview.md#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
>
> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 8970d2a5cf..c50df27515 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -27,8 +27,6 @@ If you are also migrating to a different edition of Windows, see [Windows 10 edi
> **Windows 10 version upgrade**: You can directly upgrade any semi-annual channel version of Windows 10 to a newer, supported semi-annual channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
>
-> **Windows 10 LTSC/LTSB**: Due to [naming changes](../update/waas-overview.md#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
->
> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](/windows/release-health/release-information) to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch the option 'Keep personal files and apps' will be grayed out. The command line would be **setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx**, using your relevant Windows 10 SAC product key. For example, if using a KMS, the command line would be **setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43**.
>
> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
From 9a3e98f0c5f67d8747bc6ebd0ad118cf0d50a50b Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 13:59:37 -0700
Subject: [PATCH 33/38] Acrolinx bump
---
.../deployment/windows-10-missing-fonts.md | 26 +++++++++----------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index 930939cf41..661e509be6 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -37,22 +37,22 @@ For example, if you have an English (or French, German, or Spanish) version of W
- Gungsuh
- GungsuhChe
-If you want to use these fonts, you can enable the optional feature to add these back to your system. Be aware that this is a permanent change in behavior for Windows client, and it will remain this way in future releases.
+If you want to use these fonts, you can enable the optional feature to add them back to your system. This is a permanent change in behavior for Windows client, and it will remain this way in future releases.
## Installing language-associated features via language settings:
-If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. You do this the Settings app.
+If you want to use the fonts from the optional feature and you know that you will want to view Web pages, edit documents, or use apps in the language associated with that feature, add that language into your user profile. Use the Settings app.
For example, here are the steps to install the fonts associated with the Hebrew language:
-1. Click **Start > Settings**.
-2. In Settings, click **Time & language**, and then click **Region & language**.
-3. If Hebrew is not included in the list of languages, click the plus sign (**+**) to add a language.
-4. Find Hebrew, and then click it to add it to your language list.
+1. Select **Start > Settings**.
+2. In **Settings**, select **Time & language**, and then select **Region & language**.
+3. If Hebrew is not included in the list of languages, select the plus sign (**+**) to add a language.
+4. Find **Hebrew**, and then select it to add it to your language list.
-Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This should only take a few minutes.
+Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This process should only take a few minutes.
-> Note: The optional features are installed by Windows Update. This means you need to be online for the Windows Update service to work.
+> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
## Install optional fonts manually without changing language settings:
@@ -60,11 +60,11 @@ If you want to use fonts in an optional feature but don't need to search web pag
For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences:
-1. Click **Start > Settings**.
-2. In Settings, click **Apps**, click **Apps & features**, and then click **Manage optional features**.
+1. Select **Start > Settings**.
+2. In **Settings**, select **Apps**, select **Apps & features**, and then select **Manage optional features**.
-3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, click the plus sign (**+**) to add a feature.
-4. Select **Hebrew Supplemental Fonts** in the list, and then click **Install**.
+3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, select the plus sign (**+**) to add a feature.
+4. Select **Hebrew Supplemental Fonts** in the list, and then clselectick **Install**.
> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
@@ -97,7 +97,7 @@ Here is a comprehensive list of the font families in each of the optional featur
- Telugu Supplemental Fonts: Gautami, Vani
- Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC
-## Related Topics
+## Related articles
[Download the list of all available language FODs](https://download.microsoft.com/download/0/A/A/0AA4342D-3933-4216-A90D-3BA8392FB1D1/Windows%2010%201703%20FOD%20to%20LP%20Mapping%20Table.xlsx)
From 0d31b89c2d68d330d062a84ed6cdb0e2bc4f2003 Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 14:25:42 -0700
Subject: [PATCH 34/38] still fixing redirects
---
.openpublishing.redirection.json | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index a4937f6bfa..dd83d22d48 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -18972,42 +18972,42 @@
},
{
"source_path": "windows/deployment/update/wufb-autoupdate.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-basics.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-managedrivers.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wufb-manageupdate.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/wwufb-onboard.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/feature-update-conclusion.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/waas-wufb-intune.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/update/feature-update-maintenance-window.md",
- "redirect_url": "/windows/deployment/update/update/waas-manage-updates-wufb",
+ "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
From b2c9b83641086d07409e9d4ac7fb64568bdb0b1b Mon Sep 17 00:00:00 2001
From: mapalko
Date: Fri, 1 Oct 2021 14:27:10 -0700
Subject: [PATCH 35/38] Update note on 3P passwordless
---
.../identity-protection/hello-for-business/hello-faq.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index d2bee6b47c..735e563fb8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -219,4 +219,5 @@ sections:
- question: Does Windows Hello for Business work with Mac and Linux clients?
answer: |
- Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration).
\ No newline at end of file
+ Windows Hello for Business is a feature of the Windows platform. At this time, Microsoft is not developing clients for other platforms.
+
\ No newline at end of file
From 1d585ef8aec24226c7dc336d87878c2d6496782a Mon Sep 17 00:00:00 2001
From: jaimeo
Date: Fri, 1 Oct 2021 14:41:33 -0700
Subject: [PATCH 36/38] edits
---
.../deployment/update/waas-delivery-optimization-reference.md | 4 ++--
windows/deployment/update/waas-delivery-optimization.md | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md
index 47e7f5cd13..2aea9ec10f 100644
--- a/windows/deployment/update/waas-delivery-optimization-reference.md
+++ b/windows/deployment/update/waas-delivery-optimization-reference.md
@@ -121,7 +121,7 @@ Download mode dictates which download sources clients are allowed to use when do
> Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of Download Mode is no longer used.
>[!NOTE]
->Group mode is a best-effort optimization and should not be relied on for an authentication of identity of devices participating in the group.
+>When you use AAD tenant, AD Site, or AD Domain as source of group IDs, that the association of devices participating in the group should not be relied on for an authentication of identity of those devices.
### Group ID
@@ -203,7 +203,7 @@ Starting in Windows 10, version 1803, specifies the maximum foreground download
### Select a method to restrict peer selection
Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2).
-When you set option 0, Delivery Optimization will find peers behind the same NAT (same public IP) but still prioritize same subnet peers. When you set option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). When GroupID mode is set, it will default to using the same subnet. If you want to use the GroupID across subnets, use the NAT option = 0.
+If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID).
### Delay background download from http (in secs)
Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer.
diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 4909cdd452..4bd4c62a37 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -37,7 +37,7 @@ For information about setting up Delivery Optimization, including tips for the b
## New in Windows 10, version 20H2 and Windows 11
-- New peer selection options: Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). When you set Option 0, Delivery Optimization will find peers behind the same NAT (same public IP) but still prioritize same subnet peers. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). When GroupID mode is set, it will default to using the same subnet. If you want to use the GroupID across subnets, use the NAT option = 0.
+- New peer selection options: Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)."
- Local Peer Discovery: a new option for **Restrict Peer Selection By** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID).
- Starting with Windows 10, version 2006 (and in Windows 11), the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used.
From 15597ac50c5ffe3b855a73296db89e2868573ac7 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Fri, 1 Oct 2021 15:20:41 -0700
Subject: [PATCH 37/38] remove link
---
windows/whats-new/windows-11.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/windows/whats-new/windows-11.md b/windows/whats-new/windows-11.md
index 77e2fa58a9..d258bd7005 100644
--- a/windows/whats-new/windows-11.md
+++ b/windows/whats-new/windows-11.md
@@ -89,5 +89,4 @@ When Windows 11 reaches general availability, important servicing-related announ
## Also see
[What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)
-[Windows 11 Security — Our Hacker-in-Chief Runs Attacks and Shows Solutions](https://www.youtube.com/watch?v=2RTwGNyhSy8)
[Windows 11: The Optimization and Performance Improvements](https://www.youtube.com/watch?v=oIYHRRTCVy4)
From 5ea12b6d746047d1ba8e980f6d25865f657673b4 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Fri, 1 Oct 2021 15:23:56 -0700
Subject: [PATCH 38/38] Corrected note style; added blank lines for consistent
presentation
---
windows/deployment/windows-10-missing-fonts.md | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index 661e509be6..d7492c26c2 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -46,13 +46,17 @@ If you want to use the fonts from the optional feature and you know that you wil
For example, here are the steps to install the fonts associated with the Hebrew language:
1. Select **Start > Settings**.
+
2. In **Settings**, select **Time & language**, and then select **Region & language**.
+
3. If Hebrew is not included in the list of languages, select the plus sign (**+**) to add a language.
+
4. Find **Hebrew**, and then select it to add it to your language list.
Once you have added Hebrew to your language list, then the optional Hebrew font feature and other optional features for Hebrew language support are installed. This process should only take a few minutes.
-> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
+> [!NOTE]
+> The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
## Install optional fonts manually without changing language settings:
@@ -61,12 +65,15 @@ If you want to use fonts in an optional feature but don't need to search web pag
For example, here are the steps to install the fonts associated with the Hebrew language without adding the Hebrew language itself to your language preferences:
1. Select **Start > Settings**.
+
2. In **Settings**, select **Apps**, select **Apps & features**, and then select **Manage optional features**.
3. If you don't see **Hebrew Supplemental Fonts** in the list of installed features, select the plus sign (**+**) to add a feature.
+
4. Select **Hebrew Supplemental Fonts** in the list, and then clselectick **Install**.
-> Note: The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
+> [!NOTE]
+> The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
## Fonts included in optional font features