deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into comdeadline-change-6837290

Browse Source
This commit is contained in:
Meghan Stewart
2023-10-13 10:05:36 -07:00
parent 0fe2925eb9 0f9ec9051a
commit 42817f26b6
14 changed files with 162 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
education/windows/windows-11-se-overview.md
View File

@ -86,10 +86,13 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Absolute Software Endpoint Agent` | 7.20.0.1 | `Win32` | `Absolute Software Corporation` |
| `AirSecure` | 8.0.0 | `Win32` | `AIR` |
| `Alertus Desktop` | 5.4.48.0 | `Win32` | `Alertus technologies` |
| `AristotleK12 Borderless Classroom ` | 3.0.11. | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Analytics ` | 10.0.6 | `Win32` | `Sergeant Laboratories` |
| `AristotleK12 Network filter` | 3.1.10 | `Win32` | `Sergeant Laboratories` |
| `Brave Browser` | 106.0.5249.119 | `Win32` | `Brave` |
| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` |
| `CA Secure Browser` | 14.0.0 | `Win32` | `Cambium Development` |
| `Cisco Umbrella` | 3.0.343.0 | `Win32` | `Cisco` |
| `CA Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `Cisco Umbrella` | 3.0.466.0 | `Win32` | `Cisco` |
| `CKAuthenticator` | 3.6+ | `Win32` | `ContentKeeper` |
| `Class Policy` | 116.0.0 | `Win32` | `Class Policy` |
| `Classroom.cloud` | 1.40.0004 | `Win32` | `NetSupport` |
@ -97,7 +100,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `CoGat Secure Browser` | 11.0.0.19 | `Win32` | `Riverside Insights` |
| `ColorVeil` | 4.0.0.175 | `Win32` | `East-Tec` |
| `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` |
| `DigiExam` | 14.0.6 | `Win32` | `Digiexam` |
| `DigiExam` | 14.1.0 | `Win32` | `Digiexam` |
| `Digital Secure testing browser` | 15.0.0 | `Win32` | `Digiexam` |
| `Dragon Professional Individual` | 15.00.100 | `Win32` | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | `Win32` | `Cisco` |
@ -106,6 +110,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `EasyReader` | 10.0.4.498 | `Win32` | `Dolphin Computer Access` |
| `Easysense 2` | 1.32.0001 | `Win32` | `Data Harvest` |
| `Epson iProjection` | 3.31 | `Win32` | `Epson` |
| `ESET Endpoint Security` | 10.1.2046.0 | `Win32` | `ESET` |
| `ESET Remote Administrator Agent` | 10.0.1126.0 | `Win32` | `ESET` |
| `eTests` | 4.0.25 | `Win32` | `CASAS` |
| `Exam Writepad` | 23.2.4.2338 | `Win32` | `Sheldnet` |
| `FirstVoices Keyboard` | 15.0.270 | `Win32` | `SIL International` |
@ -117,22 +123,26 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `GuideConnect` | 1.24 | `Win32` | `Dolphin Computer Access` |
| `Illuminate Lockdown Browser` | 2.0.5 | `Win32` | `Illuminate Education` |
| `Immunet` | 7.5.8.21178 | `Win32` | `Immunet` |
| `Impero Backdrop Client` | 5.0.87 | `Win32` | `Impero Software` |
| `Impero Backdrop Client` | 5.0.151 | `Win32` | `Impero Software` |
| `IMT Lazarus` | 2.86.0 | `Win32` | `IMTLazarus` |
| `Inspiration 10` | 10.11 | `Win32` | `TechEdology Ltd` |
| `JAWS for Windows` | 2022.2112.24 | `Win32` | `Freedom Scientific` |
| `Kite Student Portal` | 9.0.0.0 | `Win32` | `Dynamic Learning Maps` |
| `Keyman` | 16.0.138 | `Win32` | `SIL International` |
| `Keyman` | 16.0.141 | `Win32` | `SIL International` |
| `Kortext` | 2.3.433.0 | `Store` | `Kortext` |
| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | `Win32` | `Kurzweil Educational Systems` |
| `LanSchool Classic` | 9.1.0.46 | `Win32` | `Stoneware, Inc.` |
| `LanSchool Air` | 2.0.13312 | `Win32` | `Stoneware, Inc.` |
| `Lexibar` | 3.07.02 | `Win32` | `Lexibar` |
| `LGfL HomeProtect` | 8.3.44.11 | `Win32` | `LGFL` |
| `Lightspeed Smart Agent` | 1.9.1 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Filter Agent` | 2.3.4 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Digital` | 3.12.3.11 | `Win32` | `Lightspeed Systems` |
| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
| `Mozilla Firefox` | 105.0.0 | `Win32` | `Mozilla` |
| `Mozilla Firefox` | 116.0.2 | `Win32` | `Mozilla` |
| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
| `Musescore` | 4.1.1.232071203 | `Win32` | `Musescore` |
| `NAPLAN` | 5.2.2 | `Win32` | `NAP` |
| `Netref Student` | 23.1.0 | `Win32` | `NetRef` |
| `NetSupport DNA` | 4.80.0000 | `Win32` | `NetSupport` |
@ -140,21 +150,23 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `NetSupport Notify` | 5.10.1.223 | `Win32` | `NetSupport` |
| `NetSupport School` | 14.00.0012 | `Win32` | `NetSupport` |
| `NextUp Talker` | 1.0.49 | `Win32` | `NextUp Technologies` |
| `NonVisual Desktop Access` | 2021.3.1 | `Win32` | `NV Access` |
| `Netsweeper Workstation Agent` | 4.50.54.54 | `Win32` | `Netsweeper` |
| `NonVisual Desktop Access` | 2023.1. | `Win32` | `NV Access` |
| `NWEA Secure Testing Browser` | 5.4.387.0 | `Win32` | `NWEA` |
| `PC Talker Neo` | 2209 | `Win32` | `Kochi System Development` |
| `PC Talker Neo Plus` | 2209 | `Win32` | `Kochi System Development` |
| `PaperCut` | 22.0.6 | `Win32` | `PaperCut Software International Pty Ltd` |
| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
| `Project Monarch Outlook` | 1.2022.2250001 | `Store` | `Microsoft` |
| `Project Monarch Outlook` | 1.2023.831.400 | `Store` | `Microsoft` |
| `Questar Secure Browser` | 5.0.1.456 | `Win32` | `Questar, Inc` |
| `ReadAndWriteForWindows` | 12.0.74 | `Win32` | `Texthelp Ltd.` |
| `Remote Desktop client (MSRDC)` | 1.2.4240.0 | `Win32` | `Microsoft` |
| `ReadAndWriteForWindows` | 12.0.78 | `Win32` | `Texthelp Ltd.` |
| `Remote Desktop client (MSRDC)` | 1.2.4487.0 | `Win32` | `Microsoft` |
| `Remote Help` | 4.0.1.13 | `Win32` | `Microsoft` |
| `Respondus Lockdown Browser` | 2.0.9.03 | `Win32` | `Respondus` |
| `Safe Exam Browser` | 3.5.0.544 | `Win32` | `Safe Exam Browser` |
|`SchoolYear` | 3.4.21 | `Win32` |`SchoolYear` |
|`SchoolYear` | 3.5.4 | `Win32` |`SchoolYear` |
|`School Manager` | 3.6.8.1109 | `Win32` |`School Manager` |
|`Scratch` | 3.0 | `Win32` |`MIT` |
| `Senso.Cloud` | 2021.11.15.0 | `Win32` | `Senso.Cloud` |
| `Skoolnext` | 2.19 | `Win32` | `Skool.net` |
| `Smoothwall Monitor` | 2.9.2 | `Win32` | `Smoothwall Ltd` |
@ -162,11 +174,14 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `SuperNova Magnifier & Speech` | 21.03 | `Win32` | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | `Win32` | `VitalSource Technologies Inc` |
|`WA Secure Browser` | 16.0.0 | `Win32` | `Cambium Development` |
| `Winbird` | 19 | `Win32` | `Winbird Co., Ltd.` |
| `WordQ` | 5.4.29 | `Win32` | `WordQ` |
| `Windows SEB` | 3.4.0 | `Win32` | `Illinois Stateboard of Education` |
| `Windows Notepad` | 12.0.78 | `Store` | `Microsoft Corporation` |
| `Zoom` | 5.12.8 (10232) | `Win32` | `Zoom` |
| `ZoomText Fusion` | 2023.2303.77.400 | `Win32` | `Freedom Scientific` |
| `ZoomText Magnifier/Reader` | 2023.2303.33.400 | `Win32` | `Freedom Scientific` |
| `ZoomText Fusion` | 2023.2307.7.400 | `Win32` | `Freedom Scientific` |
| `ZoomText Magnifier/Reader` | 2023.2307.29.400 | `Win32` | `Freedom Scientific` |
## Add your own applications

6
store-for-business/microsoft-store-for-business-overview.md
View File

@ -106,7 +106,7 @@ Also, if your organization plans to use a management tool, you'll need to config
## Get apps and content
Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free,and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time.
Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time.
**App types** - These app types are supported in the Store for Business and Education:
@ -244,7 +244,6 @@ Store for Business and Education is currently available in these markets.
- Liechtenstein
- Lithuania
- Luxembourg
- Macedonia
- Madagascar
- Malawi
- Malaysia
@ -268,6 +267,7 @@ Store for Business and Education is currently available in these markets.
- New Zealand
- Nicaragua
- Nigeria
- North Macedonia
- Norway
- Oman
- Pakistan
@ -310,7 +310,7 @@ Store for Business and Education is currently available in these markets.
- Tonga
- Trinidad and Tobago
- Tunisia
- Turkey
- Türkiye
- Turks and Caicos Islands
- Uganda
- United Arab Emirates

8
windows/client-management/mdm-overview.md
View File

@ -31,7 +31,7 @@ Microsoft provides MDM security baselines that function like the Microsoft group
The MDM security baseline includes policies that cover the following areas:
- Microsoft inbox security technologies (not deprecated) such as BitLocker, Windows Defender SmartScreen, Exploit Guard, Microsoft Defender Antivirus, and Firewall
- Microsoft inbox security technologies (not deprecated) such as **BitLocker, Windows Defender SmartScreen, Exploit Guard, Microsoft Defender Antivirus,** and **Firewall**
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
@ -66,6 +66,6 @@ No. Only one MDM is allowed.
| Entry | Description |
| --------------- | -------------------- |
| What is dmwappushsvc? | It's a Windows service that ships in Windows operating system as a part of the windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
| What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |
| What is dmwappushsvc? | It's a Windows service that ships in the Windows operating system as a part of the Windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
| What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and is involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and is required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |

2
windows/configuration/wcd/wcd-browser.md
View File

@ -85,7 +85,7 @@ Use *Default* to specify a name that matches one of the search providers you ent
Some countries/regions require specific, default search providers. The following table lists the applicable countries/regions and information for configuring the necessary search provider.
>[!NOTE]
>For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Turkey.
>For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Türkiye.

15
windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
View File

@ -11,7 +11,7 @@ ms.technology: itpro-deploy
ms.collection:
- highpri
- tier3
ms.date: 11/28/2022
ms.date: 10/13/2023
---
# Prepare for deployment with MDT
@ -135,7 +135,8 @@ To install WSUS on MDT01, enter the following at an elevated Windows PowerShell
```powershell
Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI
"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
cd "C:\Program Files\Update Services\Tools"
.\wsusutil.exe postinstall CONTENT_DIR=C:\WSUS
```
> [!NOTE]
@ -264,19 +265,19 @@ See the following example:
![Logs folder.](../images/mdt-05-fig08.png)
## Use CMTrace to read log files (optional)
## Use Support Center OneTrace or CMTrace to read log files (optional)
The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace ([CMTrace](/mem/configmgr/core/support/cmtrace)).
The log files in MDT Lite Touch are formatted to be read by [Support Center OneTrace](/mem/configmgr/core/support/support-center-onetrace) or [CMTrace](/mem/configmgr/core/support/cmtrace).
You can use Notepad (example below):
Notepad can be used to read the log files (example below):
![figure 8.](../images/mdt-05-fig09.png)
Alternatively, CMTrace formatting makes the logs much easier to read. See the same log file below, opened in CMTrace:
However, Support Center OneTrace or CMTrace makes the logs much easier to read. See the same log file below, opened in CMTrace:
![figure 9.](../images/mdt-05-fig10.png)
After installing the ConfigMgrTools.msi file, you can search for **cmtrace** and pin the tool to your taskbar for easy access.
Both Support Center OneTrace and CMTrace are available as part of Microsoft Configuration Manager.
## Next steps

54
windows/deployment/volume-activation/install-vamt.md
View File

@ -1,13 +1,13 @@
---
title: Install VAMT (Windows 10)
description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
title: Install VAMT
description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
ms.reviewer: nganguly
manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: frankroj
ms.localizationpriority: medium
ms.date: 11/07/2022
ms.date: 10/11/2023
ms.topic: article
ms.technology: itpro-fundamentals
---
@ -18,61 +18,63 @@ This article describes how to install the Volume Activation Management Tool (VAM
## Installing VAMT
You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
>[!IMPORTANT]
>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
>
> VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you don't have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
>[!NOTE]
>The VAMT Microsoft Management Console snap-in ships as an x86 package.
>
> The VAMT Microsoft Management Console snap-in ships as an x86 package.
### Requirements
- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied
- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied.
- Latest version of the [Windows 10 ADK](/windows-hardware/get-started/adk-install)
- Latest version of the [Windows ADK](/windows-hardware/get-started/adk-install).
- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended
- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) version. The latest is recommended.
- Alternatively, any supported **full** SQL instance
- Alternatively, any supported **full** SQL instance.
### Install SQL Server Express / alternatively use any full SQL instance
1. Download and open the [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) package.
1. Download and open the [SQL Server Express](https://aka.ms/sqlexpress) package.
2. Select **Basic**.
1. Select **Basic**.
3. Accept the license terms.
1. Accept the license terms.
4. Enter an install location or use the default path, and then select **Install**.
1. Enter an install location or use the default path, and then select **Install**.
5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
1. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
![In this example, the instance name is SQLEXPRESS01.](images/sql-instance.png)
![Screenshot that shows that in this example, the instance name is SQLEXPRESS01.](images/sql-instance.png)
### Install VAMT using the ADK
1. Download the latest version of [Windows 10 ADK](/windows-hardware/get-started/adk-install).
1. Download the latest version of [Windows ADK](/windows-hardware/get-started/adk-install).
If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
2. Enter an install location or use the default path, and then select **Next**.
1. Enter an install location or use the default path, and then select **Next**.
3. Select a privacy setting, and then select **Next**.
1. Select a privacy setting, and then select **Next**.
4. Accept the license terms.
1. Accept the license terms.
5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
1. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
6. On the completion page, select **Close**.
1. On the completion page, select **Close**.
### Configure VAMT to connect to SQL Server Express or full SQL Server
1. Open **Volume Active Management Tool 3.1** from the Start menu.
1. In the Start Menu under, **Windows Kits**, **Volume Active Management Tool 3.1**.
2. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
1. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
![Server name is .\SQLEXPRESS and database name is VAMT.](images/vamt-db.png)
![Screenshot that shows that the Server name is .\SQLEXPRESS and database name is VAMT.](images/vamt-db.png)
For remote SQL Server, use `servername.yourdomain.com`.
@ -82,4 +84,4 @@ To uninstall VAMT using the **Programs and Features** Control Panel:
1. Open **Control Panel** and select **Programs and Features**.
2. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
1. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.

14
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
View File

@ -1,7 +1,7 @@
---
title: Windows feature update summary dashboard
description: Provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
ms.date: 07/25/2023
ms.date: 10/11/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -17,19 +17,19 @@ ms.collection:
# Windows feature update summary dashboard
The summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
The Summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
The first part of the summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
The first part of the Summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
**To view a generated summary dashboard for your Windows feature update deployments:**
**To view a generated Summary dashboard for your Windows feature update deployments:**
1. Go to the[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select**Reports**from the left navigation menu.
1. Under the**Windows Autopatch**section, select**Windows feature updates (preview)**.
1. Under the**Windows Autopatch**section, select**Windows feature updates**.
## Report information
The following information is available in the summary dashboard:
The following information is available in the Summary dashboard:
| Column name | Description |
| ----- | ----- |
@ -48,5 +48,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process ensures that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |

8
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality update summary dashboard
description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch with Autopatch groups
ms.date: 07/25/2023
ms.date: 10/04/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@ -17,7 +17,7 @@ ms.collection:
# Windows quality update summary dashboard
The summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
The Summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
**To view the current update status for all your enrolled devices:**
@ -29,7 +29,7 @@ The summary dashboard provides a summary view of the current update status for a
## Report information
The following information is available in the summary dashboard:
The following information is available in the Summary dashboard:
| Column name | Description |
| ----- | ----- |
@ -47,5 +47,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process ensures that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |

2
windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
View File

@ -34,7 +34,7 @@ sections:
Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
- question: Will Windows Autopatch be available for state and local government customers?
answer: |
Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not suppported.
Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.
- question: What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?
answer: |
Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There's no additional action you have to take to continue using Windows Autopatch.

2
windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
View File

@ -70,7 +70,7 @@ To register the applications, follow these steps:
:::column span="3":::
3. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to confirm consent to both applications to access your organization.
>[!NOTE]
>After accepance, the redirect page will show a blank page. This is a known behavior.
>After acceptance, the redirect page will show a blank page. This is a known behavior.
:::column-end:::
:::column span="1":::
:::image type="content" alt-text="Screenshot showing the PIN reset service permissions final page." source="images/pinreset/pin-reset-service-prompt-2.png" lightbox="images/pinreset/pin-reset-service-prompt-2.png" border="true":::

18
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -44,12 +44,12 @@ The table shows the minimum requirements for each deployment. For key trust in a
The table shows the minimum requirements for each deployment.
| Key trust <br/> Group Policy managed | Certificate trust <br/> Group Policy managed|
| --- | --- |
|Any supported Windows client versions|Any supported Windows client versions|
| Windows Server 2016 Schema | Windows Server 2016 Schema|
| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
| Any supported Windows Server versions | Any supported Windows Server versions |
| Any supported Windows Server versions | Any supported Windows Server versions |
| Any supported Windows Server versions | Any supported Windows Server versions |
| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |
| Requirement | Key trust <br/> Group Policy managed | Certificate trust <br/> Group Policy managed|
| --- | --- | ---|
| **Windows Version** | Any supported Windows client versions|Any supported Windows client versions|
| **Schema Version**| Windows Server 2016 Schema | Windows Server 2016 Schema|
| **Domain and Forest Functional Level**| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
| **Domain Controller Version**| Any supported Windows Server versions | Any supported Windows Server versions |
| **Certificate Authority**| Any supported Windows Server versions | Any supported Windows Server versions |
| **AD FS Version**| Any supported Windows Server versions | Any supported Windows Server versions |
| **MFA Requirement**| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |

59
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
View File

@ -29,17 +29,66 @@ To complete these procedures, you must be a member of the Domain Administrators
3. The default path for the log is **%windir%\\system32\\logfiles\\firewall\\pfirewall.log**. If you want to change this path, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location.
>**Important:**  The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
> [!IMPORTANT]
> The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
4. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
5. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
5. No logging occurs until you set one of following two options:
6. No logging occurs until you set one of following two options:
- To create a log entry when Windows Defender Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**.
- To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**.
6. Click **OK** twice.
7. Click **OK** twice.
### Troubleshoot if the log file is not created or modified
Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition might occur include:
- missing permissions for the Windows Defender Firewall Service (MpsSvc) on the folder or on the log files
- you want to store the log files in a different folder and the permissions were removed, or haven't been set automatically
- if firewall logging is configured via policy settings, it can happen that
- the log folder in the default location `%windir%\System32\LogFiles\firewall` doesn't exist
- the log folder in a custom path doesn't exist
In both cases, you must create the folder manually or via script, and add the permissions for MpsSvc
If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existent folder is configured via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
```PowerShell
New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
```
Verify if MpsSvc has *FullControl* on the folder and the files.
From an elevated PowerShell session, use the following commands, ensuring to use the correct path:
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
```
The output should show `NT SERVICE\mpssvc` having *FullControl*:
```PowerShell
IdentityReference FileSystemRights AccessControlType IsInherited InheritanceFlags
----------------- ---------------- ----------------- ----------- ----------------
NT AUTHORITY\SYSTEM FullControl Allow False ObjectInherit
BUILTIN\Administrators FullControl Allow False ObjectInherit
NT SERVICE\mpssvc FullControl Allow False ObjectInherit
```
If not, add *FullControl* permissions for mpssvc to the folder, subfolders and files. Make sure to use the correct path.
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
$ACL = get-acl -Path $LogPath
$ACL.SetAccessRuleProtection($true, $false)
$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$ACL.AddAccessRule($RULE)
```
Restart the device to restart the Windows Defender Firewall Service.
### Troubleshoot Slow Log Ingestion
### Troubleshooting Slow Log Ingestion
If logs are slow to appear in Sentinel, you can turn down the log file size. Just beware that this downsizing will result in more resource usage due to the increased resource usage for log rotation.

10
windows/whats-new/deprecated-features-resources.md
View File

@ -1,7 +1,7 @@
---
title: Resources for deprecated features in the Windows client
description: Resources and details for deprecated features in the Windows client.
ms.date: 08/01/2023
ms.date: 10/09/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
@ -21,6 +21,10 @@ appliesto:
This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
## VBScript
VBScript will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before being retired in future Windows releases. Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript.
## TLS versions 1.0 and 1.1 disablement resources
Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 are disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1.
@ -69,11 +73,11 @@ Re-enabling TLS 1.0 or TLS 1.1 on machines should only be done as a last resort,
The [Microsoft Support Diagnostic Tool (MSDT)](/windows-server/administration/windows-commands/msdt) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been [redirected](#redirected-msdt-troubleshooters) to the Get Help platform, while the other half will be [retired](#retired-msdt-troubleshooters).
If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change will allow you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require additional assistance.
If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change allows you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require more assistance.
### Redirected MSDT troubleshooters
The following troubleshooters will automatically be redirected when you access them from **Start** > **Settings** > **System** > **Troubleshoot**:
The following troubleshooters are automatically redirected when you access them from **Start** > **Settings** > **System** > **Troubleshoot**:
- Background Intelligent Transfer Service (BITS)
- Bluetooth

3
windows/whats-new/deprecated-features.md
View File

@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
ms.date: 09/01/2023
ms.date: 10/09/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b
|Feature | Details and mitigation | Deprecation announced |
| ----------- | --------------------- | ---- |
| VBScript <!--7954828--> | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript). | October 2023 |
| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. | September 1, 2023 |
| AllJoyn | Microsoft's implementation of AllJoyn which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) has been deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | August 17, 2023 |
| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023|