mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-27 20:57:23 +00:00
Merge branch 'master' of https://cpubwin.visualstudio.com/it-client/_git/it-client
This commit is contained in:
Justin Hall
commit
3f3e591233
@ -8,12 +8,12 @@ author: jdeckerms
|
||||
ms.author: jdecker
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/20/2017
|
||||
ms.date: 01/26/2019
|
||||
---
|
||||
|
||||
# Enable encryption for HoloLens
|
||||
|
||||
You can enable [Bitlocker device encryption](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview) to protect files and information stored on the HoloLens. Device encryption helps protect your data by encrypting it using AES-CBC 128 encryption method, which is equivalent to [EncryptionMethodByDriveType method 3](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp#encryptionmethodbydrivetype) in the BitLocker configuration service provider (CSP). Only someone with the right encryption key (such as a password) can decrypt it or perform a data recovery.
|
||||
You can enable [BitLocker device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) to protect files and information stored on the HoloLens. Device encryption helps protect your data by encrypting it using AES-CBC 128 encryption method, which is equivalent to [EncryptionMethodByDriveType method 3](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp#encryptionmethodbydrivetype) in the BitLocker configuration service provider (CSP). Only someone with the right encryption key (such as a password) can decrypt it or perform a data recovery.
|
||||
|
||||
|
||||
|
||||
@ -100,6 +100,6 @@ Provisioning packages are files created by the Windows Configuration Designer to
|
||||
|
||||
Encryption is silent on HoloLens. To verify the device encryption status:
|
||||
|
||||
- On HoloLens, go to **Settings** > **System** > **About**. **Bitlocker** is **enabled** if the device is encrypted.
|
||||
- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: jdeckerms
|
||||
ms.date: 10/09/2018
|
||||
ms.date: 01/25/2019
|
||||
---
|
||||
|
||||
# Mobile device management
|
||||
|
||||
@ -22,32 +22,50 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
|
||||
## In this section
|
||||
|
||||
- [What's new in Windows 10, version 1511](#whatsnew)
|
||||
- [What's new in Windows 10, version 1607](#whatsnew1607)
|
||||
- [What's new in Windows 10, version 1703](#whatsnew10)
|
||||
- [What's new in Windows 10, version 1709](#whatsnew1709)
|
||||
- [What's new in Windows 10, version 1803](#whatsnew1803)
|
||||
- [What's new in Windows 10, version 1809](#whatsnew1809)
|
||||
- [Change history in MDM documentation](#change-history-in-mdm-documentation)
|
||||
- [Breaking changes and known issues](#breaking-changes-and-known-issues)
|
||||
- [Get command inside an atomic command is not supported](#getcommand)
|
||||
- [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#notification)
|
||||
- [Apps installed using WMI classes are not removed](#appsnotremoved)
|
||||
- [Passing CDATA in SyncML does not work](#cdata)
|
||||
- [SSL settings in IIS server for SCEP must be set to "Ignore"](#sslsettings)
|
||||
- [MDM enrollment fails on the mobile device when traffic is going through proxy](#enrollmentviaproxy)
|
||||
- [Server-initiated unenroll failure](#unenrollment)
|
||||
- [Certificates causing issues with Wi-Fi and VPN](#certissues)
|
||||
- [Version information for mobile devices](#versioninformation)
|
||||
- [Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#whitelist)
|
||||
- [Apps dependent on Microsoft Frameworks may get blocked](#frameworks)
|
||||
- [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#wificertissue)
|
||||
- [Remote PIN reset not supported in Azure Active Directory joined mobile devices](#remote)
|
||||
- [MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#renewwns)
|
||||
- [User provisioning failure in Azure Active Directory joined Windows 10 PC](#userprovisioning)
|
||||
- [Requirements to note for VPN certificates also used for Kerberos Authentication](#kerberos)
|
||||
- [Device management agent for the push-button reset is not working](#pushbuttonreset)
|
||||
- [FAQ](#faq)
|
||||
- [What's new in MDM enrollment and management](#whats-new-in-mdm-enrollment-and-management)
|
||||
- [In this section](#in-this-section)
|
||||
- [<a href="" id="whatsnew"></a>What's new in Windows 10, version 1511](#a-href%22%22-id%22whatsnew%22awhats-new-in-windows-10-version-1511)
|
||||
- [<a href="" id="whatsnew1607"></a>What's new in Windows 10, version 1607](#a-href%22%22-id%22whatsnew1607%22awhats-new-in-windows-10-version-1607)
|
||||
- [<a href="" id="whatsnew10"></a>What's new in Windows 10, version 1703](#a-href%22%22-id%22whatsnew10%22awhats-new-in-windows-10-version-1703)
|
||||
- [<a href="" id="whatsnew1709"></a>What's new in Windows 10, version 1709](#a-href%22%22-id%22whatsnew1709%22awhats-new-in-windows-10-version-1709)
|
||||
- [<a href="" id="whatsnew1803"></a>What's new in Windows 10, version 1803](#a-href%22%22-id%22whatsnew1803%22awhats-new-in-windows-10-version-1803)
|
||||
- [<a href="" id="whatsnew1809"></a>What's new in Windows 10, version 1809](#a-href%22%22-id%22whatsnew1809%22awhats-new-in-windows-10-version-1809)
|
||||
- [Breaking changes and known issues](#breaking-changes-and-known-issues)
|
||||
- [<a href="" id="getcommand"></a>Get command inside an atomic command is not supported](#a-href%22%22-id%22getcommand%22aget-command-inside-an-atomic-command-is-not-supported)
|
||||
- [<a href="" id="notification"></a>Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#a-href%22%22-id%22notification%22anotification-channel-uri-not-preserved-during-upgrade-from-windows-81-to-windows-10)
|
||||
- [<a href="" id="appsnotremoved"></a>Apps installed using WMI classes are not removed](#a-href%22%22-id%22appsnotremoved%22aapps-installed-using-wmi-classes-are-not-removed)
|
||||
- [<a href="" id="cdata"></a>Passing CDATA in SyncML does not work](#a-href%22%22-id%22cdata%22apassing-cdata-in-syncml-does-not-work)
|
||||
- [<a href="" id="sslsettings"></a>SSL settings in IIS server for SCEP must be set to "Ignore"](#a-href%22%22-id%22sslsettings%22assl-settings-in-iis-server-for-scep-must-be-set-to-%22ignore%22)
|
||||
- [<a href="" id="enrollmentviaproxy"></a>MDM enrollment fails on the mobile device when traffic is going through proxy](#a-href%22%22-id%22enrollmentviaproxy%22amdm-enrollment-fails-on-the-mobile-device-when-traffic-is-going-through-proxy)
|
||||
- [<a href="" id="unenrollment"></a>Server-initiated unenrollment failure](#a-href%22%22-id%22unenrollment%22aserver-initiated-unenrollment-failure)
|
||||
- [<a href="" id="certissues"></a>Certificates causing issues with Wi-Fi and VPN](#a-href%22%22-id%22certissues%22acertificates-causing-issues-with-wi-fi-and-vpn)
|
||||
- [<a href="" id="versioninformation"></a>Version information for mobile devices](#a-href%22%22-id%22versioninformation%22aversion-information-for-mobile-devices)
|
||||
- [<a href="" id="whitelist"></a>Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#a-href%22%22-id%22whitelist%22aupgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues)
|
||||
- [<a href="" id="frameworks"></a>Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#a-href%22%22-id%22frameworks%22aapps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218)
|
||||
- [<a href="" id="wificertissue"></a>Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#a-href%22%22-id%22wificertissue%22amultiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile)
|
||||
- [<a href="" id="remote"></a>Remote PIN reset not supported in Azure Active Directory joined mobile devices](#a-href%22%22-id%22remote%22aremote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices)
|
||||
- [<a href="" id="renewwns"></a>MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#a-href%22%22-id%22renewwns%22amdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri)
|
||||
- [<a href="" id="userprovisioning"></a>User provisioning failure in Azure Active Directory joined Windows 10 PC](#a-href%22%22-id%22userprovisioning%22auser-provisioning-failure-in-azure-active-directory-joined-windows-10-pc)
|
||||
- [<a href="" id="kerberos"></a>Requirements to note for VPN certificates also used for Kerberos Authentication](#a-href%22%22-id%22kerberos%22arequirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication)
|
||||
- [<a href="" id="pushbuttonreset"></a>Device management agent for the push-button reset is not working](#a-href%22%22-id%22pushbuttonreset%22adevice-management-agent-for-the-push-button-reset-is-not-working)
|
||||
- [Change history in MDM documentation](#change-history-in-mdm-documentation)
|
||||
- [January 2019](#january-2019)
|
||||
- [December 2018](#december-2018)
|
||||
- [September 2018](#september-2018)
|
||||
- [August 2018](#august-2018)
|
||||
- [July 2018](#july-2018)
|
||||
- [June 2018](#june-2018)
|
||||
- [May 2018](#may-2018)
|
||||
- [April 2018](#april-2018)
|
||||
- [March 2018](#march-2018)
|
||||
- [February 2018](#february-2018)
|
||||
- [January 2018](#january-2018)
|
||||
- [December 2017](#december-2017)
|
||||
- [November 2017](#november-2017)
|
||||
- [October 2017](#october-2017)
|
||||
- [September 2017](#september-2017)
|
||||
- [August 2017](#august-2017)
|
||||
- [FAQ](#faq)
|
||||
|
||||
## <a href="" id="whatsnew"></a>What's new in Windows 10, version 1511
|
||||
|
||||
@ -1766,6 +1784,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
|--- | ---|
|
||||
|[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
|
||||
|[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.|
|
||||
|[Mobile device management](index.md)|Updated information about MDM Security Baseline.|
|
||||
|
||||
### December 2018
|
||||
|
||||
|
||||
@ -6,7 +6,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: MariciaAlforque
|
||||
ms.date: 05/14/2018
|
||||
ms.date: 01/26/2019
|
||||
---
|
||||
|
||||
# Policy CSP - DataProtection
|
||||
@ -66,7 +66,7 @@ ms.date: 05/14/2018
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled.
|
||||
This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when [BitLocker Device Encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) is enabled.
|
||||
|
||||
Most restricted value is 0.
|
||||
|
||||
|
||||
@ -148,7 +148,7 @@ The following list shows the supported values:
|
||||
> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
|
||||
|
||||
|
||||
Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined.
|
||||
Specifies whether to allow automatic [device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
@ -479,7 +479,7 @@ The following list shows the supported values:
|
||||
|
||||
Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
|
||||
|
||||
Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined.
|
||||
Specifies whether to allow automatic [device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: mobile, devices, security
|
||||
ms.localizationpriority: medium
|
||||
author: AMeeus
|
||||
ms.date: 09/21/2017
|
||||
ms.date: 01/26/2019
|
||||
---
|
||||
|
||||
# Windows 10 Mobile deployment and management guide
|
||||
@ -460,7 +460,7 @@ Some device-wide settings for managing VPN connections can help you manage VPNs
|
||||
|
||||
*Applies to: Corporate and personal devices*
|
||||
|
||||
Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage. The device encryption in Windows 10 Mobile helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
|
||||
Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage. The [device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) in Windows 10 Mobile helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
|
||||
|
||||
Windows 10 Mobile also has the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on so you don’t need to set a policy explicitly to enable it.
|
||||
|
||||
|
||||
@ -7,7 +7,6 @@ ms.localizationpriority: medium
|
||||
ms.prod: w10
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
ms.date: 12/18/2018
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -24,6 +24,7 @@
|
||||
### [Administering Autopilot via Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
|
||||
## Getting started
|
||||
### [Demonstrate Autopilot deployment on a VM](demonstrate-deployment-on-vm.md)
|
||||
## [Customer consent](registration-auth.md)
|
||||
## [Troubleshooting](troubleshooting.md)
|
||||
## [FAQ](autopilot-faq.md)
|
||||
## [Support](autopilot-support.md)
|
||||
## [Support](autopilot-support.md)
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 12/12/2018
|
||||
---
|
||||
|
||||
# Adding devices to Windows Autopilot
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Configure Autopilot deployment
|
||||
@ -32,4 +31,4 @@ When deploying new devices using Windows Autopilot, a common set of steps are re
|
||||
|
||||
## Related topics
|
||||
|
||||
[Windows Autopilot scenarios](windows-autopilot-scenarios.md)
|
||||
[Windows Autopilot scenarios](windows-autopilot-scenarios.md)
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Demonstrate Autopilot deployment on a VM
|
||||
|
||||
@ -10,7 +10,6 @@ ms.pagetype: deploy
|
||||
ms.localizationpriority: medium
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 12/13/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot Enrollment Status page
|
||||
@ -63,6 +62,4 @@ For more information on configuring the Enrollment Status page, see the [Microso
|
||||
For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP docuementation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
|
||||
For more information about blocking for app installation:
|
||||
- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
|
||||
- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).
|
||||
|
||||
|
||||
- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).
|
||||
BIN
windows/deployment/windows-autopilot/images/csp1.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp1.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 8.8 KiB |
BIN
windows/deployment/windows-autopilot/images/csp2.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 58 KiB |
BIN
windows/deployment/windows-autopilot/images/csp3.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp3.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 234 KiB |
BIN
windows/deployment/windows-autopilot/images/csp4.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp4.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 74 KiB |
BIN
windows/deployment/windows-autopilot/images/csp5.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp5.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
BIN
windows/deployment/windows-autopilot/images/csp6.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp6.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 234 KiB |
BIN
windows/deployment/windows-autopilot/images/csp7.png
Normal file
BIN
windows/deployment/windows-autopilot/images/csp7.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 74 KiB |
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 12/13/2018
|
||||
---
|
||||
|
||||
# Configure Autopilot profiles
|
||||
@ -58,4 +57,4 @@ The following profile settings are available:
|
||||
|
||||
## Related topics
|
||||
|
||||
[Configure Autopilot deployment](configure-autopilot.md)
|
||||
[Configure Autopilot deployment](configure-autopilot.md)
|
||||
|
||||
75
windows/deployment/windows-autopilot/registration-auth.md
Normal file
75
windows/deployment/windows-autopilot/registration-auth.md
Normal file
@ -0,0 +1,75 @@
|
||||
---
|
||||
title: Windows Autopilot customer consent
|
||||
description: Support information for Windows Autopilot
|
||||
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, csp, OEM
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
---
|
||||
|
||||
# Windows Autopilot customer consent
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf.
|
||||
|
||||
## CSP authorization
|
||||
|
||||
CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions:
|
||||
|
||||
<table>
|
||||
<tr><td>Direct CSP<td>Gets direct authorization from the customer to register devices.
|
||||
<tr><td>Indirect CSP Provider<td>Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.
|
||||
<tr><td>Indirect CSP Reseller<td>Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs.
|
||||
</table>
|
||||
|
||||
### Steps
|
||||
|
||||
For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process:
|
||||
|
||||
1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so:
|
||||
- CSP logs into Microsoft Partner Center
|
||||
- Click **Dashboard** on the top menu
|
||||
- Click **Customer** on the side menu
|
||||
- Click the **Request a reseller relationship** link:
|
||||
|
||||
- Select the checkbox indicating whether or not you want delegated admin rights:
|
||||
|
||||
- Send the template above to the customer via email.
|
||||
2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
|
||||
|
||||
|
||||
|
||||
NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
|
||||
|
||||
|
||||
|
||||
3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously.
|
||||
4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example:
|
||||
|
||||
|
||||
|
||||
## OEM authorization
|
||||
|
||||
Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com.
|
||||
|
||||
1. OEM emails link to their customer.
|
||||
2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page:
|
||||
|
||||
|
||||
|
||||
NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
|
||||
|
||||
|
||||
3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done. Authorization happens instantaneously.
|
||||
|
||||
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff (https://devicepartner.microsoft.com/en-gb/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
|
||||
|
||||
## Summary
|
||||
|
||||
At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked.
|
||||
|
||||
19
windows/deployment/windows-autopilot/rip-and-replace.md
Normal file
19
windows/deployment/windows-autopilot/rip-and-replace.md
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
title: Rip and Replace
|
||||
description: Listing of Autopilot scenarios
|
||||
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
# Rip and replace
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
DO NOT PUBLISH. Just a placeholder for now, coming with 1809.
|
||||
@ -10,7 +10,6 @@ ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot Self-Deploying mode (Preview)
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Troubleshooting Windows Autopilot
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 11/07/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot user-driven mode for Azure Active Directory join
|
||||
@ -32,4 +31,4 @@ For each device that will be deployed using user-driven deployment, these additi
|
||||
- If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
|
||||
- If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
|
||||
|
||||
Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
|
||||
Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 11/12/2018
|
||||
---
|
||||
|
||||
|
||||
@ -37,4 +36,4 @@ To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
|
||||
|
||||
See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
|
||||
|
||||
Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
|
||||
Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.
|
||||
|
||||
@ -10,7 +10,6 @@ ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.date: 11/07/2018
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 11/07/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot user-driven mode
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot configuration requirements
|
||||
|
||||
@ -9,10 +9,8 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot licensing requirements
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot networking requirements
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 12/13/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot requirements
|
||||
@ -28,4 +27,4 @@ There are no additional hardware requirements to use Windows 10 Autopilot, beyon
|
||||
|
||||
## Related topics
|
||||
|
||||
[Configure Autopilot deployment](configure-autopilot.md)
|
||||
[Configure Autopilot deployment](configure-autopilot.md)
|
||||
|
||||
@ -10,7 +10,6 @@ ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Reset devices with local Windows Autopilot Reset
|
||||
|
||||
@ -10,7 +10,6 @@ ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Reset devices with remote Windows Autopilot Reset (Preview)
|
||||
|
||||
@ -10,7 +10,6 @@ ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/02/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot Reset
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 12/13/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot scenarios
|
||||
|
||||
@ -9,7 +9,6 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 01/03/2018
|
||||
---
|
||||
|
||||
# Overview of Windows Autopilot
|
||||
@ -71,4 +70,4 @@ See [Windows Autopilot scenarios](https://docs.microsoft.com/en-us/windows/deplo
|
||||
|
||||
## Related topics
|
||||
|
||||
[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)
|
||||
[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
ms.date: 09/17/2018
|
||||
ms.date: 01/26/2019
|
||||
---
|
||||
|
||||
# BitLocker Management for Enterprises
|
||||
@ -25,11 +25,11 @@ Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](h
|
||||
|
||||
## Managing devices joined to Azure Active Directory
|
||||
|
||||
Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
|
||||
Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as Microsoft Intune. [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
|
||||
|
||||
Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 Business or Enterprise editions and on Windows Phones.
|
||||
|
||||
For hardware that is compliant with Modern Standby and HSTI, when using either of these features, BitLocker Device Encryption is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), admins can use the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) to trigger encryption and store the recovery key in Azure AD.
|
||||
For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. For older devices that are not yet encrypted, beginning with Windows 10 version 1703 (the Windows 10 Creators Update), admins can use the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) to trigger encryption and store the recovery key in Azure AD.
|
||||
|
||||
|
||||
## Managing workplace-joined PCs and phones
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user