diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index eff3c3a789..4c7f8bc3ee 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -53,7 +53,7 @@ In Windows 10, version 1803, you can install the **Kiosk Browser** app from Micr 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps) 2. [Deploy **Kiosk Browser** to kiosk devices.](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) -3. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](provisioning-packages/provisioning-create-package.md). +3. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](provisioning-packages/provisioning-create-package.md). In Windows Configuration Designer, the settings are located in **Policies > KioskBrowser** when you select advanced provisioning for Windows desktop editions. >[!NOTE] >If you configure the kiosk using a provisioning package, you must apply the provisioning package after the device completes the out-of-box experience (OOBE). diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index 8cde17231e..7c7f1d1ff8 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.prod: w10 ms.sitesec: library ms.pagetype: deploy -ms.date: 09/19/2017 +ms.date: 09/12/2018 author: greg-lindsay --- @@ -25,6 +25,12 @@ This topic provides an overview of new solutions and online content related to d - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). +## Windows 10 servicing and support + +Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below. + +![Support lifecycle](images/support-cycle.png) + ## Windows 10 Enterprise upgrade Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md). diff --git a/windows/deployment/images/support-cycle.png b/windows/deployment/images/support-cycle.png new file mode 100644 index 0000000000..3f4b4e87c0 Binary files /dev/null and b/windows/deployment/images/support-cycle.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index d9a8498c73..4456ba11e8 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -10,15 +10,13 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 05/29/2018 +ms.date: 09/12/2018 --- # Configure machine proxy and Internet connectivity settings **Applies to:** - - - Windows Defender Advanced Threat Protection (Windows Defender ATP) @@ -46,18 +44,24 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe ## Configure the proxy server manually using a registry-based static proxy Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report diagnostic data and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet. -The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**. +The static proxy is configurable through Group Policy (GP). The group policy can be found under: +- Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service + - Set it to **Enabled** and select **Disable Authenticated Proxy usage**: + ![Image of Group Policy setting](images/atp-gpo-proxy1.png) +- **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**: + - Configure the proxy:
+ ![Image of Group Policy setting](images/atp-gpo-proxy2.png) -The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`. + The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`. -The registry value `TelemetryProxyServer` takes the following string format: + The registry value `TelemetryProxyServer` takes the following string format: -```text -: -``` -For example: 10.0.0.6:8080 + ```text + : + ``` + For example: 10.0.0.6:8080 -The registry value `DisableEnterpriseAuthProxy` should be set to 1. + The registry value `DisableEnterpriseAuthProxy` should be set to 1. ## Configure the proxy server manually using netsh command @@ -82,7 +86,7 @@ For example: netsh winhttp set proxy 10.0.0.6:8080 ## Enable access to Windows Defender ATP service URLs in the proxy server If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443: ->![NOTE] +>[!NOTE] > URLs that include v20 in them are only needed if you have Windows 10, version 1803 or later machines. For example, ```us-v20.events.data.microsoft.com``` is only needed if the machine is on Windows 10, version 1803 or later. Service location | Microsoft.com DNS record @@ -124,14 +128,14 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover 6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.

The tool checks the connectivity of Windows Defender ATP service URLs that Windows Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Windows Defender ATP services. For example: - ```text - Testing URL : https://xxx.microsoft.com/xxx - 1 - Default proxy: Succeeded (200) - 2 - Proxy auto discovery (WPAD): Succeeded (200) - 3 - Proxy disabled: Succeeded (200) - 4 - Named proxy: Doesn't exist - 5 - Command line proxy: Doesn't exist - ``` + ```text + Testing URL : https://xxx.microsoft.com/xxx + 1 - Default proxy: Succeeded (200) + 2 - Proxy auto discovery (WPAD): Succeeded (200) + 3 - Proxy disabled: Succeeded (200) + 4 - Named proxy: Doesn't exist + 5 - Command line proxy: Doesn't exist + ``` If at least one of the connectivity options returns a (200) status, then the Windows Defender ATP client can communicate with the tested URL properly using this connectivity method.

diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy1.png b/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy1.png new file mode 100644 index 0000000000..50cc3f6f67 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy1.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy2.png b/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy2.png new file mode 100644 index 0000000000..dee5f471b1 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-gpo-proxy2.png differ