deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs into educompliance

Browse Source
This commit is contained in:
Celeste de Guzman 2017-04-25 15:50:33 -07:00
commit 4148ad4608
11 changed files with 106 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.openpublishing.redirection.json
View File

@ -62,12 +62,12 @@
},
{
"source_path": "windows/manage/waas-quick-start.md",
"redirect_url": "/itpro/windows/update/waas-quick-start",
"redirect_url": "/windows/deployment/update/waas-quick-start",
"redirect_document_id": true
},
{
"source_path": "windows/manage/waas-overview.md",
"redirect_url": "/itpro/windows/update/waas-overview",
"redirect_url": "/windows/deployment/update/waas-overview",
"redirect_document_id": true
},
{
@ -122,7 +122,7 @@
},
{
"source_path": "windows/manage/waas-manage-updates-wufb.md",
"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb",
"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": true
},
{
@ -627,7 +627,7 @@
},
{
"source_path": "windows/manage/introduction-to-windows-10-servicing.md",
"redirect_url": "/itpro/windows/deployment/update/index",
"redirect_url": "/windows/deployment/update/index",
"redirect_document_id": true
},
{
@ -872,7 +872,7 @@
},
{
"source_path": "windows/plan/integration-with-management-solutions-.md",
"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb",
"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
@ -952,7 +952,7 @@
},
{
"source_path": "windows/plan/setup-and-deployment.md",
"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb",
"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
@ -1032,12 +1032,12 @@
},
{
"source_path": "windows/plan/windows-10-servicing-options.md",
"redirect_url": "/itpro/windows/update/waas-overview",
"redirect_url": "/windows/deployment/update/waas-overview",
"redirect_document_id": false
},
{
"source_path": "windows/plan/windows-update-for-business.md",
"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb",
"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
"redirect_document_id": false
},
{
@ -8157,7 +8157,7 @@
},
{
"source_path": "windows/keep-secure/deploy-managed-installer-for-device-guard.md",
"redirect_url": "/windows/device-security/deploy-managed-installer-for-device-guard",
"redirect_url": "/windows/device-security/device-guard/deploy-managed-installer-for-device-guard",
"redirect_document_id": true
},
{

1
windows/client-management/TOC.md
View File

@ -8,3 +8,4 @@
## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)
## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
## [Windows libraries](windows-libraries.md)
## [Change history for Client management](change-history-for-client-management.md)

23
windows/client-management/change-history-for-client-management.md Normal file
View File

@ -0,0 +1,23 @@
---
title: Change history for Client management (Windows 10)
description: This topic lists changes to documentation for configuring Windows 10.
keywords:
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: jdeckerMS
---
# Change history for Client management
This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
## RELEASE: Windows 10, version 1703
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topic has been added:
- [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md)

3
windows/client-management/index.md
View File

@ -8,7 +8,7 @@ author: jdeckerMS
localizationpriority: medium
---
# Client Management
# Client management
**Applies to**
- Windows 10
@ -28,3 +28,4 @@ Learn about the administrative tools, tasks and best practices for managing Wind
|[Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)| Instructions for resetting a Windows 10 Mobile device using either *factory* or *'wipe and persist'* reset options|
|[Deploy Windows 10 Mobile](windows-10-mobile-and-mdm.md)| Considerations and instructions for deploying Windows 10 Mobile|
|[Windows libraries](windows-libraries.md)| Considerations and instructions for managing Windows 10 libraries such as My Documents, My Pictures, and My Music.|
|[Change history for Client management](change-history-for-client-management.md) | This topic lists new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile. |

6
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -14,6 +14,12 @@ author: jdeckerMS
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## April 2017
| New or changed topic | Description |
| --- | --- |
| [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Added instructions for using WMI bridge to configure shared PC |
## RELEASE: Windows 10, version 1703

23
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -85,7 +85,28 @@ You can configure Windows to be in shared PC mode in a couple different ways:
![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
- WMI bridge: Environments that use Group Policy can use the WMI bridge to configure the [SharedPC CSP](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx).
- WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the [MDM_SharedPC class](https://msdn.microsoft.com/library/windows/desktop/mt779129.aspx). For example, open PowerShell as an administrator and enter the following:
```
$sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC"
$sharedPC.EnableSharedPCMode = $True
$sharedPC.SetEduPolicies = $True
$sharedPC.SetPowerPolicies = $True
$sharedPC.MaintenanceStartTime = 0
$sharedPC.SignInOnResume = $True
$sharedPC.SleepTimeout = 0
$sharedPC.EnableAccountManager = $True
$sharedPC.AccountModel = 2
$sharedPC.DeletionPolicy = 1
$sharedPC.DiskLevelDeletion = 25
$sharedPC.DiskLevelCaching = 50
$sharedPC.RestrictLocalStorage = $False
$sharedPC.KioskModeAUMID = ""
$sharedPC.KioskModeUserTileDisplayText = ""
$sharedPC.InactiveThreshold = 0
Set-CimInstance -CimInstance $sharedPC
Get-CimInstance -Namespace $namespaceName -ClassName $MDM_SharedPCClass
```
### Create a provisioning package for shared use

1
windows/threat-protection/change-history-for-threat-protection.md
View File

@ -14,6 +14,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
## March 2017
|New or changed topic |Description |
|---------------------|------------|
|[Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703.|
|[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
|[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. |
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. |

110
windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
View File

@ -1,6 +1,6 @@
---
title: Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune (Windows 10)
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune (Windows 10)
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
keywords: WIP, Enterprise Data Protection
ms.prod: w10
@ -11,103 +11,63 @@ author: eross-msft
localizationpriority: high
---
# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
# Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop)
After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
## Associate your WIP policy to your VPN policy by using Microsoft Azure Intune
Follow these steps to associate your WIP policy with your organization's existing VPN policy.
## Create your VPN policy using Microsoft Intune
Follow these steps to create the VPN policy you want to use with WIP.
**To associate your policies**
**To create your VPN policy**
1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration).
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
2. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**.
2. Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png)
![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
3. In the **Create Profile** blade, type a name for your profile, such as *Contoso_VPN_Win10*, into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**.
3. Type *Contoso_VPN_Win10* into the **Name** box, along with an optional description for your policy into the **Description** box.
![Microsoft Azure Intune, Create a new policy using the Create Profile blade](images/wip-azure-vpn-configure-policy.png)
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png)
4. In the **Custom OMA-URI Settings** blade, click **Add**.
4. In the **VPN Settings** area, type the following info:
5. In the **Add Row** blade, type:
- **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable.
- **Name.** Type a name for your setting, such as *EDPModeID*.
- **Description.** Type an optional description for your setting.
- **OMA-URI.** Type _./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId_ into the box.
- **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**.
- **Data type.** Select **String** from the dropdown box
- **Value.** Type your fully-qualified domain that should be used by the OMA-URI setting. For example, _corp.contoso.com_.
- **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable.
![Microsoft Azure Intune, Add your OMA-URI settings](images/wip-azure-vpn-custom-omauri.png)
- **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN).
6. Click **OK** to save your setting info in the **Add Row** blade, and then click **OK** in the **Custom OMA-URI Settings** blade to save the setting with your policy.
![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png)
7. Click **Create** to create the policy, including your OMA_URI info.
5. In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
It's your choice whether you check the box to **Remember the user credentials at each logon**.
![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
6. You can leave the rest of the default or blank settings, and then click **Save Policy**.
## Deploy your VPN policy using Microsoft Intune
## Deploy your VPN policy using Microsoft Azure Intune
After youve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
**To deploy your VPN policy**
**To deploy your Custom VPN policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
1. On the **App policy** blade, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
The added people move to the **Selected Groups** list on the right-hand pane.
A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** blade.
![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png)
2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
3. After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
The policy is deployed to the selected users' devices.
The policy is deployed to the selected users' devices.
## Link your WIP and VPN policies and deploy the custom configuration policy
The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EDPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies
**To link your VPN policy**
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
2. Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png)
4. In the **OMA-URI Settings** area, click **Add** to add your **EDPModeID** info.
5. In the **OMA-URI Settings** area, type the following info:
- **Setting name.** Type **EDPModeID** as the name.
- **Data type.** Pick the **String** data type.
- **OMA-URI.** Type `./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId`, replacing &lt;*VPNProfileName*&gt; with the name you gave to your VPN policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EDPModeId`.
- **Value.** Your fully-qualified domain that should be used by the OMA-URI setting.
![Microsoft Intune: Fill in the OMA-URI Settings for the EMPModeID setting](images/intune-vpn-omaurisettings.png)
6. Click **OK** to save your new OMA-URI setting, and then click **Save Policy.**
**To deploy your linked policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png)
3. After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png)
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

2
windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
View File

@ -506,7 +506,7 @@ Optionally, if you dont want everyone in your organization to be able to shar
## Related topics
- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms)

2
windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md
View File

@ -38,6 +38,6 @@ After youve created your Windows Information Protection (WIP) policy, you'll
## Related topics
- [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](create-wip-policy-using-intune.md)
- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)

5
windows/whats-new/whats-new-windows-10-version-1703.md
View File

@ -170,6 +170,11 @@ For Windows desktops, users are able to reset a forgotten PIN through **Settings
For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin).
### Windows Information Protection (WIP) and Azure Active Directory (Azure AD)
Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md).
You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md).
## Update
### Windows Update for Business