From ec4538a304cfadd4fc4f1b8f2ee1fccc429550ca Mon Sep 17 00:00:00 2001 From: Terry Warwick Date: Thu, 8 Aug 2024 11:57:13 -0700 Subject: [PATCH 001/164] Add Alljoyn to removed-features list for 24H2 --- windows/whats-new/removed-features.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index d7f6ed956b..636e6449fb 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -38,6 +38,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Support removed | | ----------- | --------------------- | ------ | +| Alljoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | | Update Compliance | Update Compliance, a cloud-based service for the Windows client, is retired. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | March 31, 2023 | | Store uploader tool | Support has been removed for the store uploader tool. This tool is included in the Windows SDK only. The endpoint for the tool has been removed from service and the files will be removed from the SDK in the next release. | November 2022 | | Internet Explorer 11 | The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10. You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite). The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11). | June 15, 2022 | From d32893a0dc0cbc2035133d615c423a5d3788252b Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 14 Aug 2024 14:39:23 -0700 Subject: [PATCH 002/164] 24h2-rem-wordpad-8494641 --- windows/whats-new/deprecated-features-resources.md | 4 ++-- windows/whats-new/deprecated-features.md | 2 +- windows/whats-new/removed-features.md | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 00fab61fd6..d946e7f8dd 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -1,7 +1,7 @@ --- title: Resources for deprecated features in the Windows client description: Resources and details for deprecated features in the Windows client. -ms.date: 08/12/2024 +ms.date: 10/01/2024 ms.service: windows-client ms.subservice: itpro-fundamentals ms.localizationpriority: medium @@ -38,7 +38,7 @@ Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility iss ## WordPad -WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: +WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: - wordpad.exe - wordpadfilter.dll diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index a23ff9f3aa..f6827d23c8 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -67,7 +67,7 @@ The features in this article are no longer being actively developed, and might b | Remote Mailslots | Remote Mailslots are deprecated. The Remote Mailslot protocol is a dated, simple, unreliable, insecure IPC method first introduced in MS DOS. This protocol was first disabled by default in [Windows 11 Insider Preview Build ](https://blogs.windows.com/windows-insider/2023/03/08/announcing-windows-11-insider-preview-build-25314/). For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots) and [[MS-MAIL]: Remote Mailslot Protocol](/openspecs/windows_protocols/ms-mail/8ea19aa4-6e5a-4aed-b628-0b5cd75a1ab9).| November 2023 | | Timeline for Microsoft Entra accounts | Cross-device syncing of Microsoft Entra user activity history will stop starting in January 2024. Microsoft will stop storing this data in the cloud, aligning with [the previous change for Microsoft accounts (MSA)](https://blogs.windows.com/windows-insider/2021/04/14/announcing-windows-10-insider-preview-build-21359) in 2021. The timeline user experience was retired in Windows 11, although it remains in Windows 10. The timeline user experience and all your local activity history still remains on Windows 10 devices. Users can access web history using their browser and access recent files through OneDrive and Office. | October 2023 | | VBScript | VBScript is deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript). | October 2023 | -| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt.

**[Update - March 2024]**: WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | September 1, 2023 | +| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt.

**[Update - March 2024]**: WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | September 1, 2023 | | AllJoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | August 17, 2023 | | TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023| | Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index 636e6449fb..48bdf9081a 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -38,6 +38,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Support removed | | ----------- | --------------------- | ------ | +| WordPad | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | | Update Compliance | Update Compliance, a cloud-based service for the Windows client, is retired. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | March 31, 2023 | | Store uploader tool | Support has been removed for the store uploader tool. This tool is included in the Windows SDK only. The endpoint for the tool has been removed from service and the files will be removed from the SDK in the next release. | November 2022 | From 204922295cfe0c1bce9997c5545a5d90e8f1b694 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 14 Aug 2024 14:44:02 -0700 Subject: [PATCH 003/164] 24h2-rem-wordpad-8494641 --- windows/whats-new/deprecated-features-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index d946e7f8dd..7c53798b03 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -1,7 +1,7 @@ --- title: Resources for deprecated features in the Windows client description: Resources and details for deprecated features in the Windows client. -ms.date: 10/01/2024 +ms.date: 08/14/2024 ms.service: windows-client ms.subservice: itpro-fundamentals ms.localizationpriority: medium From c2bf06fc2abd6f1b1434f2c177cbe378cb874831 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 14 Aug 2024 14:45:21 -0700 Subject: [PATCH 004/164] 24h2-rem-wordpad-8494641 --- windows/whats-new/removed-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index 48bdf9081a..d29071c0ac 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -38,7 +38,7 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Support removed | | ----------- | --------------------- | ------ | -| WordPad | WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 | | Alljoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 | | Update Compliance | Update Compliance, a cloud-based service for the Windows client, is retired. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | March 31, 2023 | | Store uploader tool | Support has been removed for the store uploader tool. This tool is included in the Windows SDK only. The endpoint for the tool has been removed from service and the files will be removed from the SDK in the next release. | November 2022 | From 18f48b1b70979a0ad1fd9a1d145ec5ae0d0e52dd Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 16 Aug 2024 12:23:21 -0700 Subject: [PATCH 005/164] 24h2-wn-8631988-stub --- .../whats-new-windows-11-version-24h2.md | 131 ++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 windows/whats-new/whats-new-windows-11-version-24h2.md diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md new file mode 100644 index 0000000000..9eb6ebfb4c --- /dev/null +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -0,0 +1,131 @@ +--- +title: What's new in Windows 11, version 24H2 for IT pros +description: Learn more about what's new in Windows 11 version 24H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more. +manager: aaroncz +ms.service: windows-client +ms.author: mstewart +author: mestew +ms.localizationpriority: medium +ms.topic: reference +ms.collection: + - highpri + - tier2 +ms.subservice: itpro-fundamentals +ms.date: 07/09/2024 +appliesto: + - ✅ Windows 11, version 24H2 +--- + +# What's new in Windows 11, version 24H2 + +Windows 11, version 24H2 is a feature update for Windows 11. It includes all features and fixes in previous cumulative updates to Windows 11, version 23H2. This article lists the new and updated features IT Pros should know. + +Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/faq/windows#windows-11): + +- **Windows 11 Pro**: Serviced for 24 months from the release date. +- **Windows 11 Enterprise**: Serviced for 36 months from the release date. + +Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have installed a recent monthly security update. Many of the new features have already been enabled on Windows 11, version 23H2 clients. + +Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update](PLACEHOLDER https://blogs.windows.com/windowsexperience/?p=178531). Review the [Windows 11, version 24H2 Windows IT Pro blog post](PLACEHOLDER https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). + + +To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/). + + +## Checkpoint cumulative updates + +Microsoft is introducing a new servicing model for Windows called checkpoint cumulative updates. Devices running Windows 11, version 24H2 or later, will use checkpoint cumulative updates. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update. + +With checkpoint cumulative updates, the update file level differentials are based on a previous cumulative update instead of the RTM release. Cumulative updates that serve as a checkpoint will be released periodically. Using a checkpoint rather than RTM means the subsequent update packages are smaller, which makes downloads and installations faster. Using a checkpoint also means that in order for a device to install the latest cumulative update, the installation of a prerequisite cumulative update might be required. + +For more information about checkpoint cumulative updates, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). + + +## Features added to Windows 11 since version 23H2 + +New features and enhancements were introduced to Windows 11, version 23H2 periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11) Some of the features were released within the past year's continuous innovation updates and carry forward into the 24H2 annual feature update include: + + +### Feature1 + + +### Feature2 + +Windows passwordless experience is a security policy that promotes a user experience without passwords on Microsoft Entra joined devices. +When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). + +### Web sign-in for Windows + +You can enable a web-based sign-in experience on Microsoft Entra joined devices, unlocking new sign-in options and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). + +### Declared configuration protocol + +**Declared configuration protocol** is a new protocol for device configuration management that's based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration). + +### Education themes + +You can deploy education themes to your devices. The education themes are designed for students using devices in a school. For more information, see [Configure education themes for Windows 11](/education/windows/edu-themes). + +### Temporary enterprise feature control + +Controls were added to temporarily turn off certain features that were introduced during monthly cumulative updates for managed Windows 11, version 23H2 devices. For more information, see [Temporary enterprise feature control](temporary-enterprise-feature-control.md). + +### Multi-app kiosk + + +You can configure a multi-app kiosk, which displays a customized start menu of allowed apps. For more information, see [Set up a multi-app kiosk on Windows 11 devices](/windows/configuration/lock-down-windows-11-to-specific-apps). + +### Copilot in Windows + +Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. For more information, see [Manage Copilot in Windows](/windows/client-management/manage-windows-copilot). + +### Windows Hello for Business authentication improvement + +Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) has been enabled at the factory. Previously this functionality was blocked. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). + +### LAPS native integration + +Use Windows Local Administrator Password Solution (LAPS) to regularly rotate and manage local administrator account passwords. For more information, see [Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) + +### Federated sign-in + +You can sign into Windows using a federated identity, which simplifies the experience for students. For example, students and educators can use QR code badges to sign-in. This feature is designed specifically for Education editions of Windows. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). + +### Customize Windows 11 taskbar buttons + +[Policies to customize Windows 11 taskbar buttons](/windows/configuration/supported-csp-taskbar-windows#csp-policies-to-customize-windows-11-taskbar-buttons) were added to provide you with more control over the taskbar search experience across your organization. + +### Braille displays + +The compatibility of braille displays was expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). + +### Dev Drive + +Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/). + +### Additional features + + +- **Feature1**: Notable feature or change description +- **Feature2**: Notable feature or change description + +## Features removed in Windows 11, version 24H2 + +The following [deprecated features](deprecated-features.md) have been removed in Windows 11, version 24H2: + +- **WordPad**: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. +- **Alljoyn**: Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. + From 93359c0a2c45bdc4b45f15a6f38850445c717cf6 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 16 Aug 2024 12:29:52 -0700 Subject: [PATCH 006/164] 24h2-wn-8631988-stub --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 9eb6ebfb4c..2921a351a2 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -27,7 +27,7 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have installed a recent monthly security update. Many of the new features have already been enabled on Windows 11, version 23H2 clients. -Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update](PLACEHOLDER https://blogs.windows.com/windowsexperience/?p=178531). Review the [Windows 11, version 24H2 Windows IT Pro blog post](PLACEHOLDER https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). +Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [PLACEHOLDER- How to get the Windows 11, version 24H2 update](https://blogs.windows.com/windowsexperience/?p=178531). Review the [PLACEHOLDER- Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/). From 6ac515c2e68748eb877740ae7fb47df0b6bde065 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 16 Aug 2024 12:32:25 -0700 Subject: [PATCH 007/164] 24h2-wn-8631988-stub --- windows/whats-new/whats-new-windows-11-version-24h2.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 2921a351a2..f3e7bcc3cd 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -49,9 +49,7 @@ When a managed Windows 11, version 23H2 device installs [version 24H2](https://s Microsoft is introducing a new servicing model for Windows called checkpoint cumulative updates. Devices running Windows 11, version 24H2 or later, will use checkpoint cumulative updates. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update. -With checkpoint cumulative updates, the update file level differentials are based on a previous cumulative update instead of the RTM release. Cumulative updates that serve as a checkpoint will be released periodically. Using a checkpoint rather than RTM means the subsequent update packages are smaller, which makes downloads and installations faster. Using a checkpoint also means that in order for a device to install the latest cumulative update, the installation of a prerequisite cumulative update might be required. - -For more information about checkpoint cumulative updates, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). +With checkpoint cumulative updates, the update file level differentials are based on a previous cumulative update instead of the RTM release. Cumulative updates that serve as a checkpoint will be released periodically. Using a checkpoint rather than RTM means the subsequent update packages are smaller, which makes downloads and installations faster. Using a checkpoint also means that in order for a device to install the latest cumulative update, the installation of a prerequisite cumulative update might be required. For more information about checkpoint cumulative updates, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). ## Features added to Windows 11 since version 23H2 From 162f6a7ff2d3f4ad878243e18936d48d4a9196ea Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 16 Aug 2024 15:52:42 -0700 Subject: [PATCH 008/164] 24h2-wn-8631988-stub --- .../whats-new-windows-11-version-24h2.md | 71 ++++++------------- 1 file changed, 23 insertions(+), 48 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index f3e7bcc3cd..1ab3a985f5 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -54,71 +54,46 @@ With checkpoint cumulative updates, the update file level differentials are base ## Features added to Windows 11 since version 23H2 -New features and enhancements were introduced to Windows 11, version 23H2 periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11) Some of the features were released within the past year's continuous innovation updates and carry forward into the 24H2 annual feature update include: +New features and enhancements were introduced to Windows 11, version 23H2 periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11) + +Some of the features were released within the past year's continuous innovation updates and carry forward into the 24H2 annual feature update include: ### Feature1 -### Feature2 - -Windows passwordless experience is a security policy that promotes a user experience without passwords on Microsoft Entra joined devices. -When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). -### Web sign-in for Windows - -You can enable a web-based sign-in experience on Microsoft Entra joined devices, unlocking new sign-in options and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). +### Enable optional updates + +In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy. For more information about optional content, see [Enable optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates). -### Declared configuration protocol - -**Declared configuration protocol** is a new protocol for device configuration management that's based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration). +### Remote Desktop Connection improvements -### Education themes - -You can deploy education themes to your devices. The education themes are designed for students using devices in a school. For more information, see [Configure education themes for Windows 11](/education/windows/edu-themes). +Remote Desktop Connection has the following improvements: +- The Remote Desktop Connection settup window (mstsc.exe) follows the text scalling settings under **Settings** > **Accessability** > **Text size**. +- Remote Desktop Connection supports zoom options of 350, 400, 450 and 500% +- Connection bar design has been improved -### Temporary enterprise feature control - -Controls were added to temporarily turn off certain features that were introduced during monthly cumulative updates for managed Windows 11, version 23H2 devices. For more information, see [Temporary enterprise feature control](temporary-enterprise-feature-control.md). +### Wi-Fi 7 support + +Support has been added for Wi-Fi 7 when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/discover-wi-fi/wi-fi-7). -### Multi-app kiosk - +## Bluetooth ® Low Energy Audio support -You can configure a multi-app kiosk, which displays a customized start menu of allowed apps. For more information, see [Set up a multi-app kiosk on Windows 11 devices](/windows/configuration/lock-down-windows-11-to-specific-apps). +Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. -### Copilot in Windows - -Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. For more information, see [Manage Copilot in Windows](/windows/client-management/manage-windows-copilot). +## Sudo for Windows -### Windows Hello for Business authentication improvement - -Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) has been enabled at the factory. Previously this functionality was blocked. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). - -### LAPS native integration - -Use Windows Local Administrator Password Solution (LAPS) to regularly rotate and manage local administrator account passwords. For more information, see [Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) - -### Federated sign-in - -You can sign into Windows using a federated identity, which simplifies the experience for students. For example, students and educators can use QR code badges to sign-in. This feature is designed specifically for Education editions of Windows. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). - -### Customize Windows 11 taskbar buttons - -[Policies to customize Windows 11 taskbar buttons](/windows/configuration/supported-csp-taskbar-windows#csp-policies-to-customize-windows-11-taskbar-buttons) were added to provide you with more control over the taskbar search experience across your organization. - -### Braille displays - -The compatibility of braille displays was expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). - -### Dev Drive - -Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/). +Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). ### Additional features -- **Feature1**: Notable feature or change description -- **Feature2**: Notable feature or change description +- **File Explorer**: The following changes were made to File Explorer context menu: + - Support for creating 7-zip and TAR archives + - **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard + - Labels have been added to the context menu icons for actions like copy, paste, delete and rename +- **OOBE improvement**: when you need to connect to a network and there's no Wi-Fi drivers, you'll be given an *Install drivers* option to install drivers you've already downloaded ## Features removed in Windows 11, version 24H2 From e5a412d0ec410897a0b18a15eb349f90a85be41d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 20 Aug 2024 11:32:35 -0700 Subject: [PATCH 009/164] edits --- .../whats-new-windows-11-version-24h2.md | 34 +++++++++++-------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 1ab3a985f5..57692f2afe 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -25,7 +25,7 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ - **Windows 11 Pro**: Serviced for 24 months from the release date. - **Windows 11 Enterprise**: Serviced for 36 months from the release date. -Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have installed a recent monthly security update. Many of the new features have already been enabled on Windows 11, version 23H2 clients. +Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have a recent monthly security update installed. Many of the new features are already enabled on Windows 11, version 23H2 clients. Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [PLACEHOLDER- How to get the Windows 11, version 24H2 update](https://blogs.windows.com/windowsexperience/?p=178531). Review the [PLACEHOLDER- Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). @@ -47,7 +47,7 @@ When a managed Windows 11, version 23H2 device installs [version 24H2](https://s --> ## Checkpoint cumulative updates -Microsoft is introducing a new servicing model for Windows called checkpoint cumulative updates. Devices running Windows 11, version 24H2 or later, will use checkpoint cumulative updates. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update. +Microsoft is introducing checkpoint cumulative updates, a new servicing model that enables devices running Windows 11, version 24H2 or later to save time, bandwidth and hard drive space when getting features and security enhancements via the latest cumulative update. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update. With checkpoint cumulative updates, the update file level differentials are based on a previous cumulative update instead of the RTM release. Cumulative updates that serve as a checkpoint will be released periodically. Using a checkpoint rather than RTM means the subsequent update packages are smaller, which makes downloads and installations faster. Using a checkpoint also means that in order for a device to install the latest cumulative update, the installation of a prerequisite cumulative update might be required. For more information about checkpoint cumulative updates, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). @@ -61,6 +61,16 @@ Some of the features were released within the past year's continuous innovation ### Feature1 +### + +### Wi-Fi 7 support + +Support for Wi-Fi 7 was added when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/discover-wi-fi/wi-fi-7). + +## Sudo for Windows + +Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). + ### Enable optional updates @@ -70,21 +80,15 @@ In addition to the monthly cumulative update, optional updates are available to ### Remote Desktop Connection improvements Remote Desktop Connection has the following improvements: -- The Remote Desktop Connection settup window (mstsc.exe) follows the text scalling settings under **Settings** > **Accessability** > **Text size**. -- Remote Desktop Connection supports zoom options of 350, 400, 450 and 500% -- Connection bar design has been improved +- The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. +- Remote Desktop Connection supports zoom options of 350, 400, 450, and 500% +- Improvements to the connection bar design -### Wi-Fi 7 support - -Support has been added for Wi-Fi 7 when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/discover-wi-fi/wi-fi-7). ## Bluetooth ® Low Energy Audio support Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. -## Sudo for Windows - -Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). ### Additional features @@ -92,13 +96,13 @@ Sudo for Windows is a new way for users to run elevated commands (as an administ - **File Explorer**: The following changes were made to File Explorer context menu: - Support for creating 7-zip and TAR archives - **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard - - Labels have been added to the context menu icons for actions like copy, paste, delete and rename -- **OOBE improvement**: when you need to connect to a network and there's no Wi-Fi drivers, you'll be given an *Install drivers* option to install drivers you've already downloaded + - Labels were added to the context menu icons for actions like copy, paste, delete, and rename +- **OOBE improvement**: when you need to connect to a network and there's no Wi-Fi drivers, you're given an *Install drivers* option to install drivers that are already downloaded +- **Registry Editor**: The Registry Editor supports limiting a search to the currently selected key and its descendants ## Features removed in Windows 11, version 24H2 -The following [deprecated features](deprecated-features.md) have been removed in Windows 11, version 24H2: +The following [deprecated features](deprecated-features.md) are removed in Windows 11, version 24H2: - **WordPad**: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. - **Alljoyn**: Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. - From 0eaeddc0b3ed1234a5cc733e7c1dcc767e62db11 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 22 Aug 2024 16:02:32 -0700 Subject: [PATCH 010/164] add feat --- .../whats-new-windows-11-version-24h2.md | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 57692f2afe..9461528b9e 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -61,7 +61,29 @@ Some of the features were released within the past year's continuous innovation ### Feature1 -### + +### LAPS improvements + +[LAPS](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. IT admins can configure Windows LAPS to: +- Automatically create the managed local account +- Configure name of account +- Enable or disable the account +- Randomize the name of the account + +### Personal Data Encryption (PDE) for folders + +PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be enabled from a policy on Intune. IT admins can select the subset or all of the folders above and applying that policy to a group of users in their organization. +PDE for Folders settings is available on Intune under **Endpoint Security** > **Disk encryption**. @@ -71,8 +93,6 @@ Support for Wi-Fi 7 was added when using capable access point and PCs. Wi-Fi 7, Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). - - ### Enable optional updates In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy. For more information about optional content, see [Enable optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates). From 67fed9f127aa88626a81184679e702486fddfeea Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 23 Aug 2024 11:37:35 -0700 Subject: [PATCH 011/164] add feats --- windows/whats-new/whats-new-windows-11-version-24h2.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 9461528b9e..76e25ba3bc 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -72,8 +72,8 @@ Some of the features were released within the past year's continuous innovation ### Personal Data Encryption (PDE) for folders -PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be enabled from a policy on Intune. IT admins can select the subset or all of the folders above and applying that policy to a group of users in their organization. -PDE for Folders settings is available on Intune under **Endpoint Security** > **Disk encryption**. For more information about PDE, see [PDE overview](/windows/security/operating-system-security/data-protection/personal-data-encryption) From bf1dfc7feac2234871d439c254b38db24c4f933e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 23 Aug 2024 11:39:37 -0700 Subject: [PATCH 012/164] 24h2-test --- windows/whats-new/removed-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md index d29071c0ac..7d8297fb4a 100644 --- a/windows/whats-new/removed-features.md +++ b/windows/whats-new/removed-features.md @@ -8,7 +8,7 @@ ms.author: mstewart manager: aaroncz ms.topic: reference ms.subservice: itpro-fundamentals -ms.date: 03/11/2024 +ms.date: 08/23/2024 ms.collection: - highpri - tier1 From 1f5fef32bc877efcd87329739ba04356ced3e263 Mon Sep 17 00:00:00 2001 From: cgerke Date: Wed, 4 Sep 2024 18:41:01 +0800 Subject: [PATCH 013/164] Update policy-csp-localpoliciessecurityoptions.md Some policy settings can cause issues in some Windows Autopilot scenarios. This is a known issue and should be communicated to users of Intune. --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index bb70540374..f3ef385a11 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1440,6 +1440,8 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time Interactive logon: Message text for users attempting to log on This security setting specifies a text message that's displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. +> [!IMPORTANT] +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/en-us/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) @@ -1489,6 +1491,8 @@ Interactive logon: Message text for users attempting to log on This security set Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. +> [!IMPORTANT] +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/en-us/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) From c7e56727e3533d4f9e7154a5dd038c8cfcf34837 Mon Sep 17 00:00:00 2001 From: cgerke Date: Wed, 4 Sep 2024 19:01:27 +0800 Subject: [PATCH 014/164] Update policy-csp-localpoliciessecurityoptions.md Corrected language based URL --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index f3ef385a11..09b0f1d5dd 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1441,7 +1441,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time Interactive logon: Message text for users attempting to log on This security setting specifies a text message that's displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. > [!IMPORTANT] -> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/en-us/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) @@ -1492,7 +1492,7 @@ Interactive logon: Message text for users attempting to log on This security set Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. > [!IMPORTANT] -> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/en-us/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) From 97c5a7281a42a6d51e758336288f7792331c64ed Mon Sep 17 00:00:00 2001 From: cgerke Date: Thu, 5 Sep 2024 12:53:20 +0800 Subject: [PATCH 015/164] Update policy-csp-localpoliciessecurityoptions.md Relative path urls --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 09b0f1d5dd..57f660e917 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1441,7 +1441,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time Interactive logon: Message text for users attempting to log on This security setting specifies a text message that's displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. > [!IMPORTANT] -> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) @@ -1492,7 +1492,7 @@ Interactive logon: Message text for users attempting to log on This security set Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. > [!IMPORTANT] -> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](https://learn.microsoft.com/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) From ce0c05a26b07744b9cf614f35d4f096718d6adf2 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Sep 2024 12:35:33 -0700 Subject: [PATCH 016/164] add LAPS info --- .../whats-new/whats-new-windows-11-version-24h2.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 76e25ba3bc..1585bd7bf8 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -62,7 +62,7 @@ Some of the features were released within the past year's continuous innovation ### Feature1 -### LAPS improvements +### Local Administrator Password Solution (LAPS) improvements [LAPS](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. IT admins can configure Windows LAPS to: - Automatically create the managed local account @@ -70,6 +70,16 @@ Some of the features were released within the past year's continuous innovation - Enable or disable the account - Randomize the name of the account +LAPS has the following policy improvements: + +- Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy + - Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase +- Added an improved readablity setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number zero and the letter O aren't used in the password since the characters can be confused. + +Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the Windows LAPS schema. This attribute contains a random GUID that's written by Windows LAPS every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` will be queried and compared to the locally persisted copy. If the GUIDs are different, the password will be immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). + + + ### Personal Data Encryption (PDE) for folders PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be [enabled from a policy in Intune](/mem/intune/protect/endpoint-security-disk-encryption-policy). IT admins can select the subset or all of the folders above and applying that policy to a group of users in their organization. From 412718bd33261c4567db07d9b566302ebe8b9bf5 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Sep 2024 12:37:18 -0700 Subject: [PATCH 017/164] add LAPS info --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 1585bd7bf8..f01ed7a747 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -76,7 +76,7 @@ LAPS has the following policy improvements: - Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase - Added an improved readablity setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number zero and the letter O aren't used in the password since the characters can be confused. -Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the Windows LAPS schema. This attribute contains a random GUID that's written by Windows LAPS every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` will be queried and compared to the locally persisted copy. If the GUIDs are different, the password will be immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). +Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that's written by Windows LAPS every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` will be queried and compared to the locally persisted copy. If the GUIDs are different, the password will be immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). From f280b14823f5370aa0de029261d2ccf98f5d7b00 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:23:19 -0700 Subject: [PATCH 018/164] add rust --- windows/whats-new/whats-new-windows-11-version-24h2.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index f01ed7a747..a0db60b667 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -70,15 +70,18 @@ Some of the features were released within the past year's continuous innovation - Enable or disable the account - Randomize the name of the account -LAPS has the following policy improvements: +LAPS has the following policy improvements: - Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy - Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase - Added an improved readablity setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number zero and the letter O aren't used in the password since the characters can be confused. +- Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. -Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that's written by Windows LAPS every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` will be queried and compared to the locally persisted copy. If the GUIDs are different, the password will be immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). +Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that's written by Windows LAPS every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). +### Rust in the Windows kernel +There's a new implementation of [GDI region](/windows/win32/gdi/regions) in win32kbase_rs.sys. Rust offers advantages in reliability and security over traditional programs written in C/C++. ### Personal Data Encryption (PDE) for folders From 309899f9df856697dae3caffd801481444277b27 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:50:43 -0700 Subject: [PATCH 019/164] add rust --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index a0db60b667..0f9c7d392a 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -81,7 +81,7 @@ Image rollback detection was introduced for LAPS. LAPS can detect when a device ### Rust in the Windows kernel -There's a new implementation of [GDI region](/windows/win32/gdi/regions) in win32kbase_rs.sys. Rust offers advantages in reliability and security over traditional programs written in C/C++. +There's a new implementation of [GDI region](/windows/win32/gdi/regions) in win32kbase_rs.sys. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. ### Personal Data Encryption (PDE) for folders From 1606b020bcd7053dc743078c71dd21be5a93c1f4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:53:28 -0700 Subject: [PATCH 020/164] tweaks --- windows/whats-new/whats-new-windows-11-version-24h2.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 0f9c7d392a..1680bf14be 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -74,14 +74,14 @@ LAPS has the following policy improvements: - Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy - Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase -- Added an improved readablity setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number zero and the letter O aren't used in the password since the characters can be confused. +- Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the zero and the letter O aren't used in the password since the characters can be confused. - Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. -Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that's written by Windows LAPS every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). +Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). ### Rust in the Windows kernel -There's a new implementation of [GDI region](/windows/win32/gdi/regions) in win32kbase_rs.sys. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. +There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. ### Personal Data Encryption (PDE) for folders From a9920ab1df4a92381d9de73424b4f60b17b4fbce Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 14:52:18 -0700 Subject: [PATCH 021/164] Updates for 1 Oct 2024 release --- ...-windows-diagnostic-events-and-fields-1809.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 92ce858c06..7713b5fd49 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 04/24/2024 +ms.date: 10/01/2024 ms.topic: reference ms.collection: privacy-windows --- @@ -903,7 +903,7 @@ The following fields are available: - **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? - **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? - **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden? +- **DriverBlockOverridden** Is there a driver block on the device that has been overridden? - **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? - **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? - **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? @@ -949,7 +949,6 @@ The following fields are available: - **DriverShouldNotMigrate** Should the driver package be migrated during upgrade? - **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? - ### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date. @@ -1763,7 +1762,6 @@ The following fields are available: The SystemProcessorPopCntStartSync event indicates that a new set of SystemProcessorPopCntAdd events will be sent. This event is used to understand if the system supports the PopCnt CPU requirement for newer versions of Windows. - This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -2186,7 +2184,7 @@ The following fields are available: - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment. -- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. +- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier @@ -4759,6 +4757,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. + ### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly. @@ -9069,7 +9068,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours -This event indicates that update activity was blocked because it is within the active hours window. The data collected with this event is used to help keep Windows secure and up to date. +This event indicates that update activity was blocked because it's within the active hours window. The data collected with this event is used to help keep Windows secure and up to date. The following fields are available: @@ -10231,7 +10230,4 @@ The following fields are available: - **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc). - **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license. - **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application. -- **UserId** The XUID (Xbox User ID) of the current user. - - - +- **UserId** The XUID (Xbox User ID) of the current user. \ No newline at end of file From 577ba065e9471b2081eba2f2312c205921fa5b76 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 16:22:21 -0700 Subject: [PATCH 022/164] Updates for 1 October 2024 release --- ...-diagnostic-data-events-and-fields-2004.md | 40 ++++++++++++++----- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 4fb9beb260..f3885b2805 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 04/24/2024 +ms.date: 10/01/2024 ms.collection: privacy-windows ms.topic: reference --- @@ -873,7 +873,7 @@ The following fields are available: - **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? - **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? - **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden? +- **DriverBlockOverridden** Is there a driver block on the device that has been overridden? - **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? - **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? - **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? @@ -2478,6 +2478,7 @@ The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. - **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement). + ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled Fires when auto-enablement is successful and HVCI is being enabled on the device. @@ -4334,6 +4335,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory binary generating the events. + ### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd This event sends basic metadata about ACPI PHAT Health Record structure on the machine. The data collected with this event is used to help keep Windows up to date. @@ -4608,6 +4610,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. + ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows. @@ -4858,7 +4861,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd -This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly. +This event provides data on Unified Update Platform (UUP) products and what version they're at. The data collected with this event is used to keep Windows performing properly. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -5618,6 +5621,7 @@ The following fields are available: - **criticalLogSize** Log size - **CUtility::GetTargetNameA(target)** Product identifier. - **productId** Product identifier +- **SurfaceTelemetry_EventType** Required vs. Optional event - **uniqueId** Correlation ID that can be used with Watson to get more details about the failure. @@ -5639,6 +5643,7 @@ This event sends information about the Operating System image name to Microsoft. The following fields are available: +- **SurfaceTelemetry_EventType** Required vs. Optional event - **szOsImageName** This is the image name that is running on the device. @@ -5691,6 +5696,7 @@ The following fields are available: - **UpdateType** Indicates if it's DB or DBX update - **WillResealSucceed** Indicates if TPM reseal operation is expected to succeed + ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted Event that indicates secure boot update has started. @@ -5746,9 +5752,7 @@ The following fields are available: - **touchKeyboardDesktop** Touch keyboard desktop - **touchKeyboardTablet** Touch keyboard tablet - **triggerType** Trigger type -- **usePowershell** Use PowerShell - - +- **usePowershell** Use PowerShell. ## Privacy consent logging events @@ -6558,8 +6562,9 @@ The following fields are available: - **CUtility::GetTargetNameA(Target)** Sub component name. - **HealthLog** Health indicator log. - **healthLogSize** 4KB. +- **PartA_PrivacyProduct** Product tag - **productId** Identifier for product model. - +- **SurfaceTelemetry_EventType** Required vs. Optional event ### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2 @@ -6568,9 +6573,25 @@ This event sends reason for SAM, PCH and SoC reset. The data collected with this The following fields are available: - **ControllerResetCause** The cause for the controller reset. +- **EcResetCause** EC reset cause. +- **FaultReset1Cause** Fault 1 reset cause. +- **FaultReset2Cause** Fault 2 reset cause. - **HostResetCause** Host reset cause. +- **OffResetCause** Off reset cause. +- **OnResetCause** On reset cause. +- **PartA_PrivacyProduct** Product tag - **PchResetCause** PCH reset cause. +- **PoffResetCause** Power Off reset cause. +- **PonResetCause** Power On reset cause. +- **S3ResetCause** S3 reset cause. - **SamResetCause** SAM reset cause. +- **SamResetCauseExtBacklightState** SAM Reset Display Backlight state. +- **SamResetCauseExtLastPowerButtonTime** SAM Reset Last Power Button time. +- **SamResetCauseExtLastSshCommunicationTime** SAM Reset Last SSH Communication time. +- **SamResetCauseExtPostureStateReason** SAM Reset Last Posture State reason. +- **SamResetCauseExtRestartReason** SAM Reset Extended Restart reason. +- **SurfaceTelemetry_EventType** Required vs. Optional event. +- **WarmResetCause** Warm reset cause. ## Update Assistant events @@ -10018,7 +10039,4 @@ The following fields are available: - **videoResolution** Video resolution to use. - **virtualMachineName** VM name. - **waitForClientConnection** True if we should wait for client connection. -- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. - - - +- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. \ No newline at end of file From dd53c7a003f0e79234c02065b6ac19eb72d1a058 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 17:21:29 -0700 Subject: [PATCH 023/164] Updates for 1 October 2024 release --- ...windows-11-diagnostic-events-and-fields.md | 33 +++++++++++-------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 15649caaf5..ed9cbc8a28 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 04/24/2024 +ms.date: 10/01/2024 ms.collection: privacy-windows ms.topic: reference --- @@ -167,7 +167,6 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser binary generating the events. - ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date. @@ -438,7 +437,7 @@ The following fields are available: - **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? - **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? - **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden? +- **DriverBlockOverridden** Is there a driver block on the device that has been overridden? - **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? - **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? - **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? @@ -1475,7 +1474,7 @@ The following fields are available: - **AzureOSIDPresent** Represents the field used to identify an Azure machine. - **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. - **CDJType** Represents the type of cloud domain joined for the machine. -- **CommercialId** Represents the GUID for the commercial entity that the device is a member of.  Will be used to reflect insights back to customers. +- **CommercialId** Represents the GUID for the commercial entity that the device is a member of. Will be used to reflect insights back to customers. - **ContainerType** The type of container, such as process or virtual machine hosted. - **EnrollmentType** Defines the type of MDM enrollment on the device. - **HashedDomain** The hashed representation of the user domain used for login. @@ -1490,7 +1489,6 @@ The following fields are available: - **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier - ### Census.Firmware This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date. @@ -1956,6 +1954,7 @@ The following fields are available: Fires when HVCI is already enabled so no need to continue auto-enablement. + ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed Fires when driver scanning fails to get results. @@ -2197,6 +2196,7 @@ The following fields are available: - **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. - **xid** A list of base10-encoded XBOX User IDs. + ## Common data fields ### Ms.Device.DeviceInventoryChange @@ -2212,6 +2212,7 @@ The following fields are available: - **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. + ## Component-based servicing events ### CbsServicingProvider.CbsCapabilityEnumeration @@ -2985,6 +2986,7 @@ The following fields are available: - **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. - **wilActivity** Windows Mixed Reality Portal app wilActivity ID. + ### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly. @@ -3570,7 +3572,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd -This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly. +This event provides data on Unified Update Platform (UUP) products and what version they're at. The data collected with this event is used to keep Windows performing properly. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3996,7 +3998,6 @@ The following fields are available: - **extendedData** GTL extended data section for each app to add its own extensions. - **timeToActionMs** Time in MS for this Page Action. - ### Microsoft.Surface.Mcu.Prod.CriticalLog Error information from Surface device firmware. @@ -4312,7 +4313,7 @@ The following fields are available: - **DownloadState** Current state of the active download for this content (queued, suspended, or progressing) - **EventType** Possible values are "Child", "Bundle", or "Driver" - **FlightId** The unique identifier for each flight -- **IsNetworkMetered** Indicates whether Windows considered the current network to be metered" +- **IsNetworkMetered** Indicates whether Windows considered the current network to be "metered" - **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any - **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any - **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) @@ -6355,7 +6356,7 @@ The following fields are available: - **flightMetadata** Contains the FlightId and the build being flighted. - **objectId** Unique value for each Update Agent mode. - **relatedCV** Correlation vector value generated from the latest USO scan. -- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCancelled. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. - **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). - **sessionId** Unique value for each Update Agent mode attempt. @@ -6589,6 +6590,15 @@ The following fields are available: - **WasPresented** True if the user interaction campaign is displayed to the user. +### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit + +This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed. + + ## Windows Update mitigation events ### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete @@ -6840,7 +6850,4 @@ The following fields are available: - **Disposition** The parameter for the hard reserve adjustment function. - **Flags** The flags passed to the hard reserve adjustment function. - **PendingHardReserveAdjustment** The final change to the hard reserve size. -- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. - - - +- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. \ No newline at end of file From ff482e5d02c0f6f82e1a22db23d4e6a4cabfafdf Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 18:44:33 -0700 Subject: [PATCH 024/164] Updates for 1 October 2024 release --- ...iagnostic-events-fields-windows-11-22H2.md | 203 ++++++------------ 1 file changed, 66 insertions(+), 137 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md index 97d13f6d72..d8f1a92acb 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md @@ -8,7 +8,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 02/29/2024 +ms.date: 10/01/2024 ms.topic: reference ms.collection: privacy-windows --- @@ -128,6 +128,7 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser binary generating the events. + ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date. @@ -780,6 +781,7 @@ The following fields are available: - **AppraiserVersion** Appraiser version. + ### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date. @@ -1309,7 +1311,6 @@ The following fields are available: - **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. - **xid** A list of base10-encoded XBOX User IDs. - ## Common data fields ### Ms.Device.DeviceInventoryChange @@ -1725,7 +1726,7 @@ The following fields are available: ### Microsoft.Windows.HangReporting.AppHangEvent -This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events. +This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and won't produce AppHang events. The following fields are available: @@ -1751,31 +1752,6 @@ The following fields are available: ## Holographic events -### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered - -This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. - -The following fields are available: - -- **SessionID** Unique value for each attempt. -- **TargetAsId** The sequence number for the process. -- **windowInstanceId** Unique value for each window instance. - - -### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave - -This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. - -The following fields are available: - -- **EventHistory** Unique number of event history. -- **ExternalComponentState** State of external component. -- **LastEvent** Unique number of last event. -- **SessionID** Unique value for each attempt. -- **TargetAsId** The sequence number for the process. -- **windowInstanceId** Unique value for each window instance. - - ### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly. @@ -2247,6 +2223,22 @@ The following fields are available: - **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. +### Microsoft.Edge.Crashpad.HangEvent + +This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang. + +The following fields are available: + +- **app_name** The name of the hanging process. +- **app_session_guid** Encodes the boot session, process, and process start time. +- **app_version** The version of the hanging process. +- **client_id_hash** Hash of the browser client id to help identify the installation. +- **etag** Identifier to help identify running browser experiments. +- **hang_source** Identifies how the hang was detected. +- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc. +- **stack_hash** A hash of the hanging stack. Currently not used or set to zero. + + ## OneSettings events ### Microsoft.Windows.OneSettingsClient.Status @@ -2273,105 +2265,29 @@ The following fields are available: ## Other events -### Microsoft.Edge.Crashpad.HangEvent +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered -This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang. +This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **app_name** The name of the hanging process. -- **app_session_guid** Encodes the boot session, process, and process start time. -- **app_version** The version of the hanging process. -- **client_id_hash** Hash of the browser client id to help identify the installation. -- **etag** Identifier to help identify running browser experiments. -- **hang_source** Identifies how the hang was detected. -- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc. -- **stack_hash** A hash of the hanging stack. Currently not used or set to zero. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. -### Microsoft.Gaming.Critical.Error +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave -Common error event used by the Gaming Telemetry Library to provide centralized monitoring for critical errors logged by callers using the library. +This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **callStack** List of active subroutines running during error occurrence. -- **componentName** Friendly name meant to represent what feature area this error should be attributed to. Used for aggregations and pivots of data. -- **customAttributes** List of custom attributes. -- **errorCode** Error code. -- **extendedData** JSON blob representing additional, provider-level properties common to the component. -- **featureName** Friendly name meant to represent which feature this should be attributed to. -- **identifier** Error identifier. -- **message** Error message. -- **properties** List of properties attributed to the error. - -### Microsoft.Gaming.Critical.ProviderRegistered - -Indicates that a telemetry provider has been registered with the Gaming Telemetry Library. - -The following fields are available: - -- **providerNamespace** The telemetry Namespace for the registered provider. - -### Microsoft.Gaming.OOBE.HDDBackup - -This event describes whether an External HDD back up has been found. - -The following fields are available: - -- **backupVersion** version number of backup. -- **extendedData** JSON blob representing additional, provider-level properties common to the component. -- **hasConsoleSettings** Indicates whether the console settings stored. -- **hasUserSettings** Indicates whether the user settings stored. -- **hasWirelessProfile** Indicates whether the wireless profile stored. -- **hddBackupFound** Indicates whether hdd backup is found. -- **osVersion** Operating system version. - -### Microsoft.Gaming.OOBE.OobeComplete - -This event is triggered when OOBE activation is complete. - -The following fields are available: - -- **allowAutoUpdate** Allows auto update. -- **allowAutoUpdateApps** Allows auto update for apps. -- **appliedTransferToken** Applied transfer token. -- **connectionType** Connection type. -- **curSessionId** Current session id. -- **extendedData** JSON blob representing additional, provider-level properties common to the component. -- **instantOn** Instant on. -- **moobeAcceptedState** Moobe accepted state. -- **phaseOneElapsedTimeMs** Total elapsed time in milliseconds for phase 1. -- **phaseOneVersion** Version of phase 1. -- **phaseTwoElapsedTimeMs** Total elapsed time in milliseconds for phase 2. -- **phaseTwoVersion** Version of phase 2. -- **systemUpdateRequired** Indicates whether a system update required. -- **totalElapsedTimeMs** Total elapsed time in milliseconds of all phases. -- **usedCloudBackup** Indicates whether cloud backup is used. -- **usedHDDBackup** Indicates whether HDD backup is used. -- **usedOffConsole** Indicates whether off console is used. - - -### Microsoft.Gaming.OOBE.SessionStarted - -This event is sent at the start of OOBE session. - -The following fields are available: - -- **customAttributes** customAttributes. -- **extendedData** extendedData. - -### Microsoft.Surface.Mcu.Prod.CriticalLog - -Error information from Surface device firmware. - -The following fields are available: - -- **CrashLog** MCU crash log -- **criticalLogSize** Log size -- **CUtility::GetTargetNameA(target)** Product identifier. -- **productId** Product identifier -- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure. +- **EventHistory** Unique number of event history. +- **ExternalComponentState** State of external component. +- **LastEvent** Unique number of last event. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. ### Microsoft.Windows.Defender.Engine.Maps.Heartbeat @@ -2409,6 +2325,7 @@ The following fields are available: - **Action** Action string indicating place of failure - **hr** Return HRESULT code + ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted Event that indicates secure boot update has started. @@ -2419,22 +2336,6 @@ The following fields are available: - **SecureBootUpdateCaller** Enum value indicating if this is a servicing or an upgrade. -### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState - -This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date. - -The following fields are available: - -- **CV** The correlation vector. -- **GlobalEventCounter** The global event counter for all telemetry on the device. -- **UpdateAssistantStateDownloading** True at the start Downloading. -- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication. -- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates. -- **UpdateAssistantStateInstalling** True at the start of Installing. -- **UpdateAssistantStatePostInstall** True at the start of PostInstall. -- **UpdateAssistantVersion** Current package version of UpdateAssistant. - - ### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled This event fires when HVCI is already enabled so no need to continue auto-enablement. @@ -2670,6 +2571,19 @@ The following fields are available: - **Ver** Schema version. +### Microsoft.Surface.Mcu.Prod.CriticalLog + +Error information from Surface device firmware. + +The following fields are available: + +- **CrashLog** MCU crash log +- **criticalLogSize** Log size +- **CUtility::GetTargetNameA(target)** Product identifier. +- **productId** Product identifier +- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure. + + ### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2 This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly. @@ -2710,6 +2624,24 @@ The following fields are available: - **UpdateAttempted** Indicates if installation of the current update has been attempted before. +## Update Assistant events + +### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState + +This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **CV** The correlation vector. +- **GlobalEventCounter** The global event counter for all telemetry on the device. +- **UpdateAssistantStateDownloading** True at the start Downloading. +- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication. +- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates. +- **UpdateAssistantStateInstalling** True at the start of Installing. +- **UpdateAssistantStatePostInstall** True at the start of PostInstall. +- **UpdateAssistantVersion** Current package version of UpdateAssistant. + + ## Update events ### Update360Telemetry.FellBackToDownloadingAllPackageFiles @@ -3574,7 +3506,7 @@ The following fields are available: - **flightMetadata** Contains the FlightId and the build being flighted. - **objectId** Unique value for each Update Agent mode. - **relatedCV** Correlation vector value generated from the latest USO scan. -- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCancelled. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. - **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). - **sessionId** Unique value for each Update Agent mode attempt. @@ -3758,6 +3690,3 @@ The following fields are available: - **SessionId** The UpdateAgent “SessionId” value. - **UpdateId** Unique identifier for the Update. - **WuId** Unique identifier for the Windows Update client. - - - From 056ceb6c02f31ff1bd7782f2ff0de5aa1d3caa1f Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 18:46:19 -0700 Subject: [PATCH 025/164] Remove wiki references --- ...el-windows-diagnostic-events-and-fields-1809.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 7713b5fd49..88bf304a8f 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -5374,7 +5374,7 @@ This Ping event sends a detailed inventory of software and hardware information The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. - **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. @@ -5382,11 +5382,11 @@ The following fields are available: - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Please see the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. - **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. @@ -5397,8 +5397,8 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. @@ -5408,9 +5408,9 @@ The following fields are available: - **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **eventType** A string indicating the type of the event. - **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'. From a159052e4657dc6baf2a206a7e45a11ebe68d76a Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 18:47:34 -0700 Subject: [PATCH 026/164] Remove wiki references --- ...ndows-diagnostic-data-events-and-fields-2004.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index f3885b2805..ef1d42b74e 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -5151,7 +5151,7 @@ This Ping event sends a detailed inventory of software and hardware information The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. - **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. @@ -5159,13 +5159,13 @@ The following fields are available: - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Please see the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. - **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appLastLaunchTime** The time when browser was last launched. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply. - **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z. @@ -5183,8 +5183,8 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. @@ -5198,9 +5198,9 @@ The following fields are available: - **appUpdateCheckTargetChannel** Check for status showing the target release channel. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **eventType** A string indicating the type of the event. - **expDeviceId** A non-unique resettable device ID to identify a device in experimentation. - **expEtag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. - **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. From 1bbf1f60b3975910724a510dd41c9b8f73df579c Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 18:49:06 -0700 Subject: [PATCH 027/164] Remove references to wiki --- ...ired-windows-11-diagnostic-events-and-fields.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index ed9cbc8a28..85634e1a76 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -3755,7 +3755,7 @@ This Ping event sends a detailed inventory of software and hardware information The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. See the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. - **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. @@ -3763,13 +3763,13 @@ The following fields are available: - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. See the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. - **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appLastLaunchTime** The time when browser was last launched. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. See the wiki for additional information. Default: '0.0.0.0'. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply. - **appPingEventDownloadMetricsCdnCCC** ISO 2 character country or region code that matches to the country or region updated binaries are delivered from. E.g.: US. @@ -3783,8 +3783,8 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. See the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. See the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. @@ -3796,9 +3796,9 @@ The following fields are available: - **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. See the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. See the wiki for additional information. +- **eventType** A string indicating the type of the event. - **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. - **hwDiskType** Device’s hardware disk type. - **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'. From 8c97228e152c55789692220812a1737e993fd46f Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 18:55:29 -0700 Subject: [PATCH 028/164] Create new Win11 24H2 file --- ...iagnostic-events-fields-windows-11-24H2.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md new file mode 100644 index 0000000000..e3fe313f99 --- /dev/null +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -0,0 +1,35 @@ +--- +description: Learn more about the diagnostic data gathered for Windows 11, version 24H2. +title: Required diagnostic events and fields for Windows 11, version 24H2 +keywords: privacy, telemetry +ms.service: windows-client +ms.subservice: itpro-privacy +ms.localizationpriority: high +author: DHB-MSFT +ms.author: danbrown +manager: laurawi +ms.date: 10/01/24 +ms.topic: reference +ms.collection: privacy-windows +--- + +# Required diagnostic events and fields for Windows 11, version 24H2 + +**Applies to** + +- Windows 11, version 24H2 + +Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. + +Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. + +Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. + +You can learn more about Windows functional and diagnostic data through these articles: + +- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) +- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) +- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) +- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) +- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) \ No newline at end of file From 8e5a9c3920d15f68d610e8cca39a7ea9d38f4ef2 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Sat, 7 Sep 2024 19:03:19 -0700 Subject: [PATCH 029/164] Fix ms.data field, add to TOC --- .../required-diagnostic-events-fields-windows-11-24H2.md | 2 +- windows/privacy/toc.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index e3fe313f99..df9b42ccbd 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -8,7 +8,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 10/01/24 +ms.date: 10/01/2024 ms.topic: reference ms.collection: privacy-windows --- diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml index 9c47130eca..e177a03cd3 100644 --- a/windows/privacy/toc.yml +++ b/windows/privacy/toc.yml @@ -13,6 +13,8 @@ href: diagnostic-data-viewer-powershell.md - name: Required Windows diagnostic data events and fields items: + - name: Windows 11, version 24H2 + href: required-diagnostic-events-fields-windows-11-24H2.md - name: Windows 11, versions 23H2 and 22H2 href: required-diagnostic-events-fields-windows-11-22H2.md - name: Windows 11, version 21H2 From f98168236181bcc4b19684d50cdbf2994487a85f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 9 Sep 2024 09:07:53 -0700 Subject: [PATCH 030/164] lsa draft --- windows/whats-new/whats-new-windows-11-version-24h2.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 1680bf14be..2012837a48 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -54,7 +54,7 @@ With checkpoint cumulative updates, the update file level differentials are base ## Features added to Windows 11 since version 23H2 -New features and enhancements were introduced to Windows 11, version 23H2 periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11) +New features and enhancements were introduced to Windows 11, version 23H2 periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11). Some of the features were released within the past year's continuous innovation updates and carry forward into the 24H2 annual feature update include: @@ -62,6 +62,14 @@ Some of the features were released within the past year's continuous innovation ### Feature1 +### Local Security Authority (LSA) protection enablement on upgrade + +[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with on upgrade, an audit occurs for incompatibilities with LSA protection for a period of time. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the Device Security > Core Isolation page. LSA protection records whether programs are blocked from loading into LSA in the event log. If you would like to check if something has been blocked, information on the logs recorded is available here:/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load + +### Remote Mailslot protocol disabled by default + +[Remote Mailslot protocol](/openspecs/windows_protocols/ms-mail/47ac910f-1dec-4791-8486-9b3e8fd542da) was [deprecated](deprecated-features.md#deprecated-features) in November 2023 and is now disabled by default starting in Windows 11, version 24H2. For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots). + ### Local Administrator Password Solution (LAPS) improvements [LAPS](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. IT admins can configure Windows LAPS to: From b3aebafb7941a177789ff9c6e5b9130043d7965c Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 15:51:10 -0600 Subject: [PATCH 031/164] WDAC --> App Control for Business --- ...blishing.redirection.windows-security.json | 4595 ++++++++++------- .../appcontrol-appid-tagging-guide.md} | 0 ...perational-guide-appid-tagging-policies.md | 0 .../deploy-appid-tagging-policies.md | 6 +- .../design-create-appid-tagging-policies.md | 12 +- .../TOC.yml | 84 +- .../appcontrol-and-applocker-overview.md} | 2 +- .../appcontrol.md} | 10 +- ...ged-apps-to-existing-applocker-rule-set.md | 0 .../applocker/administer-applocker.md | 0 .../applocker-architecture-and-components.md | 0 .../applocker/applocker-functions.md | 0 .../applocker/applocker-overview.md | 0 .../applocker-policies-deployment-guide.md | 0 .../applocker-policies-design-guide.md | 2 +- .../applocker-policy-use-scenarios.md | 0 .../applocker-processes-and-interactions.md | 2 +- .../applocker-technical-reference.md | 0 ...gure-an-applocker-policy-for-audit-only.md | 0 ...e-an-applocker-policy-for-enforce-rules.md | 0 ...figure-exceptions-for-an-applocker-rule.md | 0 ...onfigure-the-appLocker-reference-device.md | 0 ...figure-the-application-identity-service.md | 0 .../create-a-rule-for-packaged-apps.md | 0 ...-a-rule-that-uses-a-file-hash-condition.md | 0 ...reate-a-rule-that-uses-a-path-condition.md | 0 ...-a-rule-that-uses-a-publisher-condition.md | 0 .../create-applocker-default-rules.md | 0 ...cations-deployed-to-each-business-group.md | 4 +- .../create-your-applocker-policies.md | 2 +- .../applocker/create-your-applocker-rules.md | 0 .../applocker/delete-an-applocker-rule.md | 0 ...cies-by-using-the-enforce-rules-setting.md | 4 +- ...oy-the-applocker-policy-into-production.md | 0 ...p-policy-structure-and-rule-enforcement.md | 2 +- ...igitally-signed-on-a-reference-computer.md | 0 ...-users-try-to-run-a-blocked-application.md | 0 .../applocker/dll-rules-in-applocker.md | 0 ...tructure-and-applocker-rule-enforcement.md | 2 +- .../document-your-application-list.md | 0 .../document-your-applocker-rules.md | 0 .../applocker/edit-an-applocker-policy.md | 0 .../applocker/edit-applocker-rules.md | 0 .../enable-the-dll-rule-collection.md | 0 .../applocker/enforce-applocker-rules.md | 0 .../executable-rules-in-applocker.md | 0 .../export-an-applocker-policy-from-a-gpo.md | 0 ...port-an-applocker-policy-to-an-xml-file.md | 0 .../applocker/how-applocker-works-techref.md | 0 .../images/applocker-plan-inheritance.gif | Bin .../applocker-plandeploy-quickreference.gif | Bin .../applocker/images/blockedappmsg.gif | Bin ...-applocker-policy-from-another-computer.md | 0 .../import-an-applocker-policy-into-a-gpo.md | 0 .../applocker/maintain-applocker-policies.md | 0 .../manage-packaged-apps-with-applocker.md | 0 ...r-policies-by-using-set-applockerpolicy.md | 0 .../merge-applocker-policies-manually.md | 0 ...onitor-application-usage-with-applocker.md | 0 .../optimize-applocker-performance.md | 0 ...ckaged-app-installer-rules-in-applocker.md | 0 .../plan-for-applocker-policy-management.md | 4 +- .../applocker/refresh-an-applocker-policy.md | 0 ...ements-for-deploying-applocker-policies.md | 0 .../requirements-to-use-applocker.md | 0 .../applocker/rule-collection-extensions.md | 0 ...the-automatically-generate-rules-wizard.md | 0 .../applocker/script-rules-in-applocker.md | 0 .../security-considerations-for-applocker.md | 0 .../select-types-of-rules-to-create.md | 0 ...er-policy-by-using-test-applockerpolicy.md | 0 .../test-and-update-an-applocker-policy.md | 0 .../applocker/tools-to-use-with-applocker.md | 0 ...stand-applocker-policy-design-decisions.md | 0 ...ent-setting-inheritance-in-group-policy.md | 0 ...the-applocker-policy-deployment-process.md | 0 ...plocker-allow-and-deny-actions-on-rules.md | 0 .../understanding-applocker-default-rules.md | 0 .../understanding-applocker-rule-behavior.md | 0 ...nderstanding-applocker-rule-collections.md | 0 ...standing-applocker-rule-condition-types.md | 0 ...understanding-applocker-rule-exceptions.md | 0 ...e-file-hash-rule-condition-in-applocker.md | 0 ...ng-the-path-rule-condition-in-applocker.md | 0 ...e-publisher-rule-condition-in-applocker.md | 0 ...-create-and-maintain-applocker-policies.md | 0 ...he-applocker-windows-powershell-cmdlets.md | 0 .../using-event-viewer-with-applocker.md | 0 .../applocker/what-is-applocker.md | 0 .../windows-installer-rules-in-applocker.md | 0 .../working-with-applocker-policies.md | 0 .../applocker/working-with-applocker-rules.md | 0 .../appcontrol-deployment-guide.md} | 12 +- .../deployment/audit-appcontrol-policies.md} | 8 +- ...reate-code-signing-cert-for-appcontrol.md} | 2 +- ...appcontrol-policies-using-group-policy.md} | 4 +- ...eploy-appcontrol-policies-using-intune.md} | 6 +- .../deploy-appcontrol-policies-with-memcm.md} | 22 +- ...deploy-appcontrol-policies-with-script.md} | 0 ...oy-catalog-files-to-support-appcontrol.md} | 4 +- .../disable-appcontrol-policies.md} | 2 +- .../enforce-appcontrol-policies.md} | 6 +- .../deployment/merge-appcontrol-policies.md} | 6 +- ...gning-for-better-control-and-protection.md | 4 +- ...o-protect-appcontrol-against-tampering.md} | 6 +- ...ject-registration-in-appcontrol-policy.md} | 0 .../design/appcontrol-and-dotnet.md} | 0 .../design/appcontrol-design-guide.md} | 10 +- .../appcontrol-wizard-create-base-policy.md} | 18 +- ...trol-wizard-create-supplemental-policy.md} | 20 +- .../appcontrol-wizard-editing-policy.md} | 8 +- .../appcontrol-wizard-merging-policies.md} | 4 +- .../appcontrol-wizard-parsing-event-logs.md} | 12 +- .../design/appcontrol-wizard.md} | 8 +- ...pplications-that-can-bypass-appcontrol.md} | 2 +- .../design/common-appcontrol-use-cases.md} | 2 +- ...-apps-deployed-with-a-managed-installer.md | 4 +- .../design/create-appcontrol-deny-policy.md} | 4 +- ...ntrol-policy-for-fully-managed-devices.md} | 12 +- ...rol-policy-for-lightly-managed-devices.md} | 12 +- ...ontrol-policy-using-reference-computer.md} | 4 +- .../deploy-multiple-appcontrol-policies.md} | 0 .../example-appcontrol-base-policies.md} | 2 +- .../manage-packaged-apps-with-appcontrol.md} | 4 +- ...icrosoft-recommended-driver-block-rules.md | 0 .../design/plan-appcontrol-management.md} | 4 +- .../design/script-enforcement.md | 0 .../design/select-types-of-rules-to-create.md | 2 +- ...and-appcontrol-policy-design-decisions.md} | 8 +- ...derstanding-appcontrol-policy-settings.md} | 0 ...-specific-plug-ins-add-ins-and-modules.md} | 0 ...ontrol-with-intelligent-security-graph.md} | 2 +- .../feature-availability.md | 2 +- .../images/appcontrol-edit-gp.png} | Bin .../appcontrol-intune-custom-oma-uri.png} | Bin ...zard-confirm-base-policy-modification.png} | Bin ...rol-wizard-custom-file-attribute-rule.png} | Bin ...control-wizard-custom-manual-pfn-rule.png} | Bin .../appcontrol-wizard-custom-pfn-rule.png} | Bin ...pcontrol-wizard-custom-publisher-rule.png} | Bin .../appcontrol-wizard-edit-policy-rules.png} | Bin ...pcontrol-wizard-edit-remove-file-rule.png} | Bin ...ntrol-wizard-event-log-files-expanded.png} | Bin .../appcontrol-wizard-event-log-files.png} | Bin ...zard-event-log-mde-ah-export-expanded.png} | Bin ...ontrol-wizard-event-log-mde-ah-export.png} | Bin ...ard-event-log-mde-ah-parsing-expanded.png} | Bin ...ntrol-wizard-event-log-mde-ah-parsing.png} | Bin ...trol-wizard-event-log-system-expanded.png} | Bin .../appcontrol-wizard-event-log-system.png} | Bin ...l-wizard-event-rule-creation-expanded.png} | Bin ...appcontrol-wizard-event-rule-creation.png} | Bin .../images/appcontrol-wizard-merge.png} | Bin ...rd-rule-options-UI-advanced-collapsed.png} | Bin .../appcontrol-wizard-rule-options-UI.png} | Bin ...ontrol-wizard-supplemental-expandable.png} | Bin ...pcontrol-wizard-supplemental-not-base.png} | Bin ...d-supplemental-policy-rule-options-UI.png} | Bin .../appcontrol-wizard-template-selection.png} | Bin .../images/appid-appcontrol-wizard-1.png} | Bin .../images/appid-appcontrol-wizard-2.png} | Bin .../images/appid-pid-task-mgr.png | Bin .../images/appid-pid-windbg-token.png | Bin .../images/appid-pid-windbg.png | Bin .../images/bit-toggling-keyboard-icon.png | Bin .../images/calculator-menu-icon.png | Bin .../images/calculator-with-hex-in-binary.png | Bin .../images/dg-fig12-verifysigning.png | Bin .../images/dg-fig13-createnewgpo.png | Bin .../images/dg-fig14-createnewfile.png | Bin .../images/dg-fig15-setnewfileprops.png | Bin .../images/dg-fig16-specifyinfo.png | Bin .../images/dg-fig17-specifyinfo.png | Bin .../images/dg-fig18-specifyux.png | Bin .../images/dg-fig19-customsettings.png | Bin .../images/dg-fig20-setsoftwareinv.png | Bin .../images/dg-fig21-pathproperties.png | Bin .../images/dg-fig23-exceptionstocode.png | Bin .../images/dg-fig24-creategpo.png | Bin .../images/dg-fig26-enablecode.png | Bin .../images/dg-fig27-managecerttemp.png | Bin .../images/dg-fig29-enableconstraints.png | Bin .../images/dg-fig30-selectnewcert.png | Bin .../images/dg-fig31-getmoreinfo.png | Bin .../images/event-3077.png | Bin .../images/event-3089.png | Bin .../images/event-3099-options.png | Bin .../images/hex-icon.png | Bin .../images/known-issue-appid-dll-rule-xml.png | Bin .../images/known-issue-appid-dll-rule.png | Bin .../memcm/memcm-confirm-appcontrol-rule.jpg} | Bin .../memcm-create-appcontrol-policy-2.jpg} | Bin .../memcm/memcm-create-appcontrol-policy.jpg} | Bin .../memcm/memcm-create-appcontrol-rule-2.jpg} | Bin .../memcm/memcm-create-appcontrol-rule-3.jpg} | Bin .../memcm/memcm-create-appcontrol-rule.jpg} | Bin .../memcm/memcm-deploy-appcontrol-2.jpg} | Bin .../memcm/memcm-deploy-appcontrol-3.jpg} | Bin .../memcm/memcm-deploy-appcontrol-4.jpg} | Bin .../images/memcm/memcm-deploy-appcontrol.jpg} | Bin .../images/policyflow.png | Bin .../index.yml | 50 +- ...pcontrol-debugging-and-troubleshooting.md} | 2 +- .../appcontrol-operational-guide.md} | 0 .../operations/citool-commands.md | 0 ...configure-appcontrol-managed-installer.md} | 0 .../operations/event-id-explanations.md | 2 +- .../operations/event-tag-explanations.md | 0 .../operations/inbox-appcontrol-policies.md} | 0 .../operations/known-issues.md | 2 +- ...events-centrally-using-advanced-hunting.md | 0 ...nd-windows-defender-application-control.md | 2 +- .../application-control/toc.yml | 7 +- .../windows-firewall/rules.md | 2 +- ...iew-of-threat-mitigations-in-windows-10.md | 2 +- 215 files changed, 2855 insertions(+), 2171 deletions(-) rename windows/security/application-security/application-control/{windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md => app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/AppIdTagging/deploy-appid-tagging-policies.md (87%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/AppIdTagging/design-create-appid-tagging-policies.md (92%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/TOC.yml (85%) rename windows/security/application-security/application-control/{windows-defender-application-control/wdac-and-applocker-overview.md => app-control-for-business/appcontrol-and-applocker-overview.md} (98%) rename windows/security/application-security/application-control/{windows-defender-application-control/wdac.md => app-control-for-business/appcontrol.md} (84%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/administer-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-architecture-and-components.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-functions.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-overview.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-policies-deployment-guide.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-policies-design-guide.md (91%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-policy-use-scenarios.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-processes-and-interactions.md (98%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/applocker-technical-reference.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/configure-an-applocker-policy-for-audit-only.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/configure-an-applocker-policy-for-enforce-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/configure-exceptions-for-an-applocker-rule.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/configure-the-appLocker-reference-device.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/configure-the-application-identity-service.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-a-rule-for-packaged-apps.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-a-rule-that-uses-a-file-hash-condition.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-a-rule-that-uses-a-path-condition.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-a-rule-that-uses-a-publisher-condition.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-applocker-default-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-list-of-applications-deployed-to-each-business-group.md (97%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-your-applocker-policies.md (97%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/create-your-applocker-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/delete-an-applocker-rule.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md (92%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/deploy-the-applocker-policy-into-production.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/determine-group-policy-structure-and-rule-enforcement.md (88%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/dll-rules-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md (96%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/document-your-application-list.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/document-your-applocker-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/edit-an-applocker-policy.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/edit-applocker-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/enable-the-dll-rule-collection.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/enforce-applocker-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/executable-rules-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/export-an-applocker-policy-from-a-gpo.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/export-an-applocker-policy-to-an-xml-file.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/how-applocker-works-techref.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/images/applocker-plan-inheritance.gif (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/images/applocker-plandeploy-quickreference.gif (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/images/blockedappmsg.gif (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/import-an-applocker-policy-from-another-computer.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/import-an-applocker-policy-into-a-gpo.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/maintain-applocker-policies.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/manage-packaged-apps-with-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/merge-applocker-policies-manually.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/monitor-application-usage-with-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/optimize-applocker-performance.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/plan-for-applocker-policy-management.md (99%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/refresh-an-applocker-policy.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/requirements-for-deploying-applocker-policies.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/requirements-to-use-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/rule-collection-extensions.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/run-the-automatically-generate-rules-wizard.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/script-rules-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/security-considerations-for-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/select-types-of-rules-to-create.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/test-and-update-an-applocker-policy.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/tools-to-use-with-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understand-applocker-policy-design-decisions.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understand-the-applocker-policy-deployment-process.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-applocker-default-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-applocker-rule-behavior.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-applocker-rule-collections.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-applocker-rule-condition-types.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-applocker-rule-exceptions.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-the-file-hash-rule-condition-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-the-path-rule-condition-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/understanding-the-publisher-rule-condition-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/use-the-applocker-windows-powershell-cmdlets.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/using-event-viewer-with-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/what-is-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/windows-installer-rules-in-applocker.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/working-with-applocker-policies.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/applocker/working-with-applocker-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/wdac-deployment-guide.md => app-control-for-business/deployment/appcontrol-deployment-guide.md} (87%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/audit-wdac-policies.md => app-control-for-business/deployment/audit-appcontrol-policies.md} (91%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md => app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md} (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md => app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md} (98%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md => app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md} (96%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md => app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md} (88%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md => app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md => app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md} (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/disable-wdac-policies.md => app-control-for-business/deployment/disable-appcontrol-policies.md} (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/enforce-wdac-policies.md => app-control-for-business/deployment/enforce-appcontrol-policies.md} (89%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/merge-wdac-policies.md => app-control-for-business/deployment/merge-appcontrol-policies.md} (93%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/deployment/use-code-signing-for-better-control-and-protection.md (97%) rename windows/security/application-security/application-control/{windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md => app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md} (95%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md => app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-and-dotnet.md => app-control-for-business/design/appcontrol-and-dotnet.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-design-guide.md => app-control-for-business/design/appcontrol-design-guide.md} (71%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-wizard-create-base-policy.md => app-control-for-business/design/appcontrol-wizard-create-base-policy.md} (93%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md => app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md} (85%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-wizard-editing-policy.md => app-control-for-business/design/appcontrol-wizard-editing-policy.md} (92%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-wizard-merging-policies.md => app-control-for-business/design/appcontrol-wizard-merging-policies.md} (92%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md => app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md} (89%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/wdac-wizard.md => app-control-for-business/design/appcontrol-wizard.md} (73%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/applications-that-can-bypass-wdac.md => app-control-for-business/design/applications-that-can-bypass-appcontrol.md} (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/common-wdac-use-cases.md => app-control-for-business/design/common-appcontrol-use-cases.md} (98%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/design/configure-authorized-apps-deployed-with-a-managed-installer.md (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/create-wdac-deny-policy.md => app-control-for-business/design/create-appcontrol-deny-policy.md} (97%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md => app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md} (88%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md => app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md} (92%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md => app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md} (96%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/deploy-multiple-wdac-policies.md => app-control-for-business/design/deploy-multiple-appcontrol-policies.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/example-wdac-base-policies.md => app-control-for-business/design/example-appcontrol-base-policies.md} (95%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/manage-packaged-apps-with-wdac.md => app-control-for-business/design/manage-packaged-apps-with-appcontrol.md} (97%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/design/microsoft-recommended-driver-block-rules.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/plan-wdac-management.md => app-control-for-business/design/plan-appcontrol-management.md} (93%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/design/script-enforcement.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/design/select-types-of-rules-to-create.md (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/understand-wdac-policy-design-decisions.md => app-control-for-business/design/understand-appcontrol-policy-design-decisions.md} (88%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/understanding-wdac-policy-settings.md => app-control-for-business/design/understanding-appcontrol-policy-settings.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md => app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md => app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md} (98%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/feature-availability.md (85%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-edit-gp.png => app-control-for-business/images/appcontrol-edit-gp.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-intune-custom-oma-uri.png => app-control-for-business/images/appcontrol-intune-custom-oma-uri.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png => app-control-for-business/images/appcontrol-wizard-confirm-base-policy-modification.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png => app-control-for-business/images/appcontrol-wizard-custom-file-attribute-rule.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png => app-control-for-business/images/appcontrol-wizard-custom-manual-pfn-rule.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png => app-control-for-business/images/appcontrol-wizard-custom-pfn-rule.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png => app-control-for-business/images/appcontrol-wizard-custom-publisher-rule.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png => app-control-for-business/images/appcontrol-wizard-edit-policy-rules.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png => app-control-for-business/images/appcontrol-wizard-edit-remove-file-rule.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png => app-control-for-business/images/appcontrol-wizard-event-log-files-expanded.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-files.png => app-control-for-business/images/appcontrol-wizard-event-log-files.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png => app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export-expanded.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png => app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png => app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png => app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png => app-control-for-business/images/appcontrol-wizard-event-log-system-expanded.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-log-system.png => app-control-for-business/images/appcontrol-wizard-event-log-system.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png => app-control-for-business/images/appcontrol-wizard-event-rule-creation-expanded.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-event-rule-creation.png => app-control-for-business/images/appcontrol-wizard-event-rule-creation.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-merge.png => app-control-for-business/images/appcontrol-wizard-merge.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png => app-control-for-business/images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-rule-options-UI.png => app-control-for-business/images/appcontrol-wizard-rule-options-UI.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png => app-control-for-business/images/appcontrol-wizard-supplemental-expandable.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png => app-control-for-business/images/appcontrol-wizard-supplemental-not-base.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png => app-control-for-business/images/appcontrol-wizard-supplemental-policy-rule-options-UI.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/wdac-wizard-template-selection.png => app-control-for-business/images/appcontrol-wizard-template-selection.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/appid-wdac-wizard-1.png => app-control-for-business/images/appid-appcontrol-wizard-1.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/appid-wdac-wizard-2.png => app-control-for-business/images/appid-appcontrol-wizard-2.png} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/appid-pid-task-mgr.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/appid-pid-windbg-token.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/appid-pid-windbg.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/bit-toggling-keyboard-icon.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/calculator-menu-icon.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/calculator-with-hex-in-binary.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig12-verifysigning.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig13-createnewgpo.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig14-createnewfile.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig15-setnewfileprops.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig16-specifyinfo.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig17-specifyinfo.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig18-specifyux.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig19-customsettings.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig20-setsoftwareinv.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig21-pathproperties.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig23-exceptionstocode.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig24-creategpo.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig26-enablecode.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig27-managecerttemp.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig29-enableconstraints.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig30-selectnewcert.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/dg-fig31-getmoreinfo.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/event-3077.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/event-3089.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/event-3099-options.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/hex-icon.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/known-issue-appid-dll-rule-xml.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/known-issue-appid-dll-rule.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg => app-control-for-business/images/memcm/memcm-confirm-appcontrol-rule.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg => app-control-for-business/images/memcm/memcm-create-appcontrol-policy-2.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg => app-control-for-business/images/memcm/memcm-create-appcontrol-policy.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg => app-control-for-business/images/memcm/memcm-create-appcontrol-rule-2.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg => app-control-for-business/images/memcm/memcm-create-appcontrol-rule-3.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg => app-control-for-business/images/memcm/memcm-create-appcontrol-rule.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg => app-control-for-business/images/memcm/memcm-deploy-appcontrol-2.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg => app-control-for-business/images/memcm/memcm-deploy-appcontrol-3.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg => app-control-for-business/images/memcm/memcm-deploy-appcontrol-4.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg => app-control-for-business/images/memcm/memcm-deploy-appcontrol.jpg} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/images/policyflow.png (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/index.yml (69%) rename windows/security/application-security/application-control/{windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md => app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md} (99%) rename windows/security/application-security/application-control/{windows-defender-application-control/operations/wdac-operational-guide.md => app-control-for-business/operations/appcontrol-operational-guide.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/operations/citool-commands.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/operations/configure-wdac-managed-installer.md => app-control-for-business/operations/configure-appcontrol-managed-installer.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/operations/event-id-explanations.md (99%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/operations/event-tag-explanations.md (100%) rename windows/security/application-security/application-control/{windows-defender-application-control/operations/inbox-wdac-policies.md => app-control-for-business/operations/inbox-appcontrol-policies.md} (100%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/operations/known-issues.md (99%) rename windows/security/application-security/application-control/{windows-defender-application-control => app-control-for-business}/operations/querying-application-control-events-centrally-using-advanced-hunting.md (100%) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index fc3a796e95..bcbf7f307d 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -15,21 +15,6 @@ "redirect_url": "/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md", - "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md", - "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md", - "redirect_url": "/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection", - "redirect_document_id": false - }, { "source_path": "windows/security//threat-protection/mbsa-removal-and-guidance.md", "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance", @@ -55,11 +40,6 @@ "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md", - "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview", - "redirect_document_id": false - }, { "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md", "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview", @@ -100,16 +80,741 @@ "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules#enforcement-modes", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol", + "redirect_document_id": false + }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/feature-availability", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/index.yml", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/index", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/wdac.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/appcontrol", + "redirect_document_id": false + }, + { + "source_path": "windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md", + "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview", + "redirect_document_id": false + }, { "source_path": "windows/security/apps.md", "redirect_url": "/windows/security/application-security", "redirect_document_id": false }, + { + "source_path": "windows/security/cloud-security/index.md", + "redirect_url": "/windows/security/cloud-services", + "redirect_document_id": false + }, { "source_path": "windows/security/cloud.md", "redirect_url": "/windows/security", @@ -260,36 +965,221 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/configure-s-mime", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-considerations.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-known-issues.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-manage.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/configure", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md", "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-requirements.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/index", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/credential-guard/credential-guard-scripts.md", "redirect_url": "/windows/security", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard.md", + "redirect_url": "/windows/security/identity-protection/credential-guard", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md", "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/cloud.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/requirements.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md", + "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-and-password-changes.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-event-300.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-faq.yml", + "redirect_url": "/windows/security/identity-protection/hello-for-business/faq", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/pin-reset", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-authentication", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md", "redirect_url": "/azure/active-directory/devices/device-registration-how-it-works", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-provisioning", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso", @@ -310,11 +1200,31 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", @@ -335,6 +1245,16 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust", @@ -360,6 +1280,21 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", @@ -390,16 +1325,76 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/policy-settings", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-overview.md", "redirect_url": "/windows/security/identity-protection/hello-for-business", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-planning-guide.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/prepare-users", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-videos.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md", "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/passwordless-strategy.md", + "redirect_url": "/windows/security/identity-protection/passwordless-strategy/", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md", "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key", @@ -850,11 +1845,41 @@ "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure", @@ -865,16 +1890,86 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/how-to-disable-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/how-to-disable-wip", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/windows-information-protection/limitations-with-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/using-owa-with-wip.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/windows-information-protection/wip-learning.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-learning", + "redirect_document_id": false + }, { "source_path": "windows/security/introduction/index.md", "redirect_url": "/windows/security/introduction", @@ -895,21 +1990,61 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/countermeasures", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#bitlocker-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker#device-encryption", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-questions.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#$bitlocker-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/install-server", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/network-unlock", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-network-unlock-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", @@ -920,6 +2055,11 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-security-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", @@ -935,16 +2075,636 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/operations-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-process#bitlocker-recovery-password-viewer", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/plan", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/csv-san", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system-security/data-protection/index.md", "redirect_url": "/windows/security/operating-system-security/#data-protection", "redirect_document_id": false }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde.yml", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/includes/pde-description.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall-with-advanced-security-administration-with-windows-powershell.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717262(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717263(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770289(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717260(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721530(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770729(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725978(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771822(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731463(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717237(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947845(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947794(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947848(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947836(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947800(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947783(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947791(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947799(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947827(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947819(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717261(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717238(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717284(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717277(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717279(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717293(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717253(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717249(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717270(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-logging", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717275(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717278(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717245(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717246(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717247(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717274(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717243(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717283(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717288(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753540(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753825(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732933(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725818(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717281(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717259(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770426(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753367(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717292(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732202(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771233(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731164(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771366(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770899(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc726039(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771791(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731454(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770565(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754085(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731123(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770836(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731908(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732023(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717256(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731447(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731788(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831418(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717264(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721532(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717265(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717290(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717269(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717266(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717254(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730835(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771044(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771733(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732752(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725693(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771664(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732615(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754986(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771716(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947826(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730841(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc772556(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770865(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753064(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725659(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717267(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831807(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732486(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732413(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721528(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717251(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731951(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717273(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717241(v=ws.11)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732024(v=ws.10)", + "redirect_document_id": false + }, + { + "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", + "redirect_document_id": false + }, { "source_path": "windows/security/operating-system.md", "redirect_url": "/windows/security/operating-system-security", @@ -955,6 +2715,11 @@ "redirect_url": "/windows/security/security-foundations/index", "redirect_document_id": false }, + { + "source_path": "windows/security/security-foundations/msft-security-dev-lifecycle.md", + "redirect_url": "/compliance/assurance/assurance-microsoft-security-development-lifecycle", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", @@ -1385,6 +3150,11 @@ "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md", + "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/change-history-for-threat-protection.md", "redirect_url": "/windows/security/threat-protection", @@ -4100,6 +5870,11 @@ "redirect_url": "/windows/security/security-foundations/msft-security-dev-lifecycle", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md", + "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md", "redirect_url": "/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices", @@ -4110,16 +5885,751 @@ "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-this-computer-from-the-network", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-duration.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-duration", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-policy.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-threshold", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/account-policies.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-administrator-account-status", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-guest-account-status", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-administrator-account", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-guest-account", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/add-workstations-to-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/administer-security-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-locally", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/audit-policy.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/back-up-files-and-directories", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/bypass-traverse-checking", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/change-the-system-time.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-system-time", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/change-the-time-zone.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-time-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/create-a-pagefile.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-pagefile", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/create-a-token-object.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-token-object", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/create-global-objects.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-global-objects", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-permanent-shared-objects", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/create-symbolic-links.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-symbolic-links", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/debug-programs.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/debug-programs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-locally", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/enforce-password-history.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-password-history", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/generate-security-audits.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/generate-security-audits", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-a-process-working-set", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-scheduling-priority", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/kerberos-policy.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/kerberos-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/load-and-unload-device-drivers", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/lock-pages-in-memory", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-batch-job", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/manage-auditing-and-security-log", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/maximum-password-age.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-password-age", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md", "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-age.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-age", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-length.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-length", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/modify-an-object-label.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-an-object-label", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-firmware-environment-values", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-list-manager-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/password-policy.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/profile-single-process.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-single-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/profile-system-performance.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-system-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/remove-computer-from-docking-station", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/replace-a-process-level-token", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/restore-files-and-directories", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/security-options.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-options", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/shut-down-the-system.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shut-down-the-system", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md", "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", @@ -4140,6 +6650,111 @@ "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/synchronize-directory-service-data", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-optional-subsystems", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/user-rights-assignment.md", + "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-rights-assignment", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md", + "redirect_url": "/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md", "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/", @@ -4580,11 +7195,6 @@ "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference", @@ -4685,11 +7295,6 @@ "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", @@ -4860,11 +7465,6 @@ "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#enforcement-modes", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", @@ -4935,11 +7535,6 @@ "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", @@ -4955,11 +7550,6 @@ "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker", @@ -6975,6 +9565,11 @@ "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices", @@ -7379,1916 +9974,6 @@ "source_path": "windows/security/zero-trust-windows-device-health.md", "redirect_url": "/windows/security/security-foundations/zero-trust-windows-device-health", "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard.md", - "redirect_url": "/windows/security/identity-protection/credential-guard", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-considerations.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-known-issues.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-manage.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-requirements.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/index", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/includes/pde-description.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde.yml", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#$bitlocker-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#bitlocker-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/countermeasures", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-process#bitlocker-recovery-password-viewer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/network-unlock", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/plan", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/operations-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/csv-san", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/install-server", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker#device-encryption", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721530(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725978(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770729(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731463(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771822(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753825(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725818(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732933(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753367(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770426(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732202(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771233(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731164(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770565(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754085(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731123(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770836(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731908(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731788(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731447(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721532(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730835(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771044(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771733(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732752(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725693(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771664(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732615(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754986(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771716(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947826(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730841(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732486(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721528(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732413(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770289(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947845(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947794(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947848(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947836(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947800(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947783(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947791(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947799(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947827(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947819(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717261(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717238(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717284(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717277(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732023(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717256(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc772556(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770865(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753064(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725659(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731951(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717241(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732024(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717262(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717263(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717260(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717237(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717279(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717293(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717253(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717249(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717270(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717275(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717278(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717245(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717246(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717247(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717274(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717243(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717283(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717288(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717281(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717259(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717292(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717264(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717265(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717290(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717269(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717266(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717254(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717267(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717251(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717273(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731454(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770899(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771366(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc726039(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771791(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753540(v=ws.10)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall-with-advanced-security-administration-with-windows-powershell.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831807(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831418(v=ws.11)", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-logging", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in", - "redirect_document_id": false - }, - { - "source_path": "windows/security/security-foundations/msft-security-dev-lifecycle.md", - "redirect_url": "/compliance/assurance/assurance-microsoft-security-development-lifecycle", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/pin-reset", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md", - "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/requirements.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-and-password-changes.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-authentication", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-provisioning", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-planning-guide.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/prepare-users", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/passwordless-strategy.md", - "redirect_url": "/windows/security/identity-protection/passwordless-strategy/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/cloud.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-videos.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-faq.yml", - "redirect_url": "/windows/security/identity-protection/hello-for-business/faq", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-this-computer-from-the-network", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-duration.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-duration", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-policy.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-threshold", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/account-policies.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-administrator-account-status", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-guest-account-status", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-administrator-account", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-guest-account", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/add-workstations-to-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/administer-security-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-locally", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/audit-policy.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/back-up-files-and-directories", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/bypass-traverse-checking", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/change-the-system-time.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-system-time", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/change-the-time-zone.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-time-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/create-a-pagefile.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-pagefile", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/create-a-token-object.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-token-object", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/create-global-objects.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-global-objects", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-permanent-shared-objects", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/create-symbolic-links.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-symbolic-links", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/debug-programs.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/debug-programs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-service", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-locally", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/enforce-password-history.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-password-history", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/generate-security-audits.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/generate-security-audits", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-a-process-working-set", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-scheduling-priority", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/kerberos-policy.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/kerberos-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/load-and-unload-device-drivers", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/lock-pages-in-memory", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-batch-job", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-service", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/manage-auditing-and-security-log", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/maximum-password-age.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-password-age", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-age.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-age", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-length.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-length", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/modify-an-object-label.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-an-object-label", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-firmware-environment-values", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-list-manager-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/password-policy.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/profile-single-process.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-single-process", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/profile-system-performance.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-system-performance", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/remove-computer-from-docking-station", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/replace-a-process-level-token", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/restore-files-and-directories", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/security-options.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-options", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings-reference", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/shut-down-the-system.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shut-down-the-system", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/synchronize-directory-service-data", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-optional-subsystems", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/user-rights-assignment.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-rights-assignment", - "redirect_document_id": false - }, - { - "source_path": "windows/security/cloud-security/index.md", - "redirect_url": "/windows/security/cloud-services", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/how-to-disable-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/how-to-disable-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/limitations-with-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/using-owa-with-wip.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/windows-information-protection/wip-learning.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-learning", - "redirect_document_id": false - }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md", - "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps", - "redirect_document_id": false } ] } diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md similarity index 87% rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md index 7f0824cace..df92759921 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md @@ -20,15 +20,15 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg ## Deploy AppId tagging policies with MDM -Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). ## Deploy AppId tagging policies with Configuration Manager -Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-wdac-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. +Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-appcontrol-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. ### Deploy AppId tagging Policies via Scripting -Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy WDAC AppId tagging policies via scripting, see [Deploy WDAC policies using script](../deployment/deploy-wdac-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later. +Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy WDAC AppId tagging policies via scripting, see [Deploy WDAC policies using script](../deployment/deploy-appcontrol-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later. ### Deploying policies via the ApplicationControl CSP diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index 4b7e1e6b2f..ea51fb388c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -13,13 +13,13 @@ ms.topic: conceptual ## Create the policy using the WDAC Wizard -You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). +You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). 1. Create a new base policy using the templates: - Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. + Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/appcontrol-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. - ![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png) + ![Configuring the policy base and template.](../images/appid-appcontrol-wizard-1.png) > [!NOTE] > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. @@ -27,7 +27,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power 2. Set the following rule-options using the Wizard toggles: - ![Configuring the policy rule-options.](../images/appid-wdac-wizard-2.png) + ![Configuring the policy rule-options.](../images/appid-appcontrol-wizard-2.png) 3. Create custom rules: @@ -39,7 +39,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power - Package app name rules: Create a rule based off the package family name of an appx/msix. - Hash rules: Create a rule based off the PE Authenticode hash of a file. - For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules). + For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/appcontrol-wizard-create-base-policy.md#creating-custom-file-rules). 4. Convert to AppId Tagging Policy: @@ -52,7 +52,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power ## Create the policy using PowerShell -Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance: +Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). In an elevate PowerShell instance: 1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/app-control-for-business/TOC.yml similarity index 85% rename from windows/security/application-security/application-control/windows-defender-application-control/TOC.yml rename to windows/security/application-security/application-control/app-control-for-business/TOC.yml index 91cc8b46d0..c24abf5f4e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/app-control-for-business/TOC.yml @@ -1,110 +1,110 @@ - name: Application Control for Windows href: index.yml - name: About application control for Windows - href: wdac.md + href: appcontrol.md expanded: true items: - name: WDAC and AppLocker Overview - href: wdac-and-applocker-overview.md + href: appcontrol-and-applocker-overview.md - name: WDAC and AppLocker Feature Availability href: feature-availability.md - name: Virtualization-based protection of code integrity href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: WDAC design guide - href: design/wdac-design-guide.md + href: design/appcontrol-design-guide.md items: - name: Plan for WDAC policy lifecycle management - href: design/plan-wdac-management.md + href: design/plan-appcontrol-management.md - name: Design your WDAC policy items: - name: Understand WDAC policy design decisions - href: design/understand-wdac-policy-design-decisions.md + href: design/understand-appcontrol-policy-design-decisions.md - name: Understand WDAC policy rules and file rules href: design/select-types-of-rules-to-create.md items: - name: Allow apps installed by a managed installer href: design/configure-authorized-apps-deployed-with-a-managed-installer.md - name: Allow reputable apps with Intelligent Security Graph (ISG) - href: design/use-wdac-with-intelligent-security-graph.md + href: design/use-appcontrol-with-intelligent-security-graph.md - name: Allow COM object registration - href: design/allow-com-object-registration-in-wdac-policy.md + href: design/allow-com-object-registration-in-appcontrol-policy.md - name: Use WDAC with .NET hardening - href: design/wdac-and-dotnet.md + href: design/appcontrol-and-dotnet.md - name: Script enforcement with Windows Defender Application Control href: design/script-enforcement.md - name: Manage packaged apps with WDAC - href: design/manage-packaged-apps-with-wdac.md + href: design/manage-packaged-apps-with-appcontrol.md - name: Use WDAC to control specific plug-ins, add-ins, and modules - href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md + href: design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md - name: Understand WDAC policy settings - href: design/understanding-wdac-policy-settings.md + href: design/understanding-appcontrol-policy-settings.md - name: Use multiple WDAC policies - href: design/deploy-multiple-wdac-policies.md + href: design/deploy-multiple-appcontrol-policies.md - name: Create your WDAC policy items: - name: Example WDAC base policies - href: design/example-wdac-base-policies.md + href: design/example-appcontrol-base-policies.md - name: Policy creation for common WDAC usage scenarios - href: design/common-wdac-use-cases.md + href: design/common-appcontrol-use-cases.md items: - name: Create a WDAC policy for lightly managed devices - href: design/create-wdac-policy-for-lightly-managed-devices.md + href: design/create-appcontrol-policy-for-lightly-managed-devices.md - name: Create a WDAC policy for fully managed devices - href: design/create-wdac-policy-for-fully-managed-devices.md + href: design/create-appcontrol-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices - href: design/create-wdac-policy-using-reference-computer.md + href: design/create-appcontrol-policy-using-reference-computer.md - name: Create a WDAC deny list policy - href: design/create-wdac-deny-policy.md + href: design/create-appcontrol-deny-policy.md - name: Applications that can bypass WDAC and how to block them - href: design/applications-that-can-bypass-wdac.md + href: design/applications-that-can-bypass-appcontrol.md - name: Microsoft recommended driver block rules href: design/microsoft-recommended-driver-block-rules.md - name: Use the WDAC Wizard tool - href: design/wdac-wizard.md + href: design/appcontrol-wizard.md items: - name: Create a base WDAC policy with the Wizard - href: design/wdac-wizard-create-base-policy.md + href: design/appcontrol-wizard-create-base-policy.md - name: Create a supplemental WDAC policy with the Wizard - href: design/wdac-wizard-create-supplemental-policy.md + href: design/appcontrol-wizard-create-supplemental-policy.md - name: Editing a WDAC policy with the Wizard - href: design/wdac-wizard-editing-policy.md + href: design/appcontrol-wizard-editing-policy.md - name: Creating WDAC Policy Rules from WDAC Events - href: design/wdac-wizard-parsing-event-logs.md + href: design/appcontrol-wizard-parsing-event-logs.md - name: Merging multiple WDAC policies with the Wizard - href: design/wdac-wizard-merging-policies.md + href: design/appcontrol-wizard-merging-policies.md - name: WDAC deployment guide - href: deployment/wdac-deployment-guide.md + href: deployment/appcontrol-deployment-guide.md items: - name: Deploy WDAC policies with MDM - href: deployment/deploy-wdac-policies-using-intune.md + href: deployment/deploy-appcontrol-policies-using-intune.md - name: Deploy WDAC policies with Configuration Manager - href: deployment/deploy-wdac-policies-with-memcm.md + href: deployment/deploy-appcontrol-policies-with-memcm.md - name: Deploy WDAC policies with script - href: deployment/deploy-wdac-policies-with-script.md + href: deployment/deploy-appcontrol-policies-with-script.md - name: Deploy WDAC policies with group policy - href: deployment/deploy-wdac-policies-using-group-policy.md + href: deployment/deploy-appcontrol-policies-using-group-policy.md - name: Audit WDAC policies - href: deployment/audit-wdac-policies.md + href: deployment/audit-appcontrol-policies.md - name: Merge WDAC policies - href: deployment/merge-wdac-policies.md + href: deployment/merge-appcontrol-policies.md - name: Enforce WDAC policies - href: deployment/enforce-wdac-policies.md + href: deployment/enforce-appcontrol-policies.md - name: Use code signing for added control and protection with WDAC href: deployment/use-code-signing-for-better-control-and-protection.md items: - name: Deploy catalog files to support WDAC - href: deployment/deploy-catalog-files-to-support-wdac.md + href: deployment/deploy-catalog-files-to-support-appcontrol.md - name: Use signed policies to protect Windows Defender Application Control against tampering - href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md + href: deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md - name: "Optional: Create a code signing cert for WDAC" - href: deployment/create-code-signing-cert-for-wdac.md + href: deployment/create-code-signing-cert-for-appcontrol.md - name: Disable WDAC policies - href: deployment/disable-wdac-policies.md + href: deployment/disable-appcontrol-policies.md - name: WDAC operational guide - href: operations/wdac-operational-guide.md + href: operations/appcontrol-operational-guide.md items: - name: WDAC debugging and troubleshooting - href: operations/wdac-debugging-and-troubleshooting.md + href: operations/appcontrol-debugging-and-troubleshooting.md - name: Understanding Application Control event IDs href: operations/event-id-explanations.md - name: Understanding Application Control event tags @@ -114,13 +114,13 @@ - name: Known Issues href: operations/known-issues.md - name: Managed installer and ISG technical reference and troubleshooting guide - href: operations/configure-wdac-managed-installer.md + href: operations/configure-appcontrol-managed-installer.md - name: CITool.exe technical reference href: operations/citool-commands.md - name: Inbox WDAC policies - href: operations/inbox-wdac-policies.md + href: operations/inbox-appcontrol-policies.md - name: WDAC AppId Tagging guide - href: AppIdTagging/wdac-appid-tagging-guide.md + href: AppIdTagging/appcontrol-appid-tagging-guide.md items: - name: Creating AppId Tagging Policies href: AppIdTagging/design-create-appid-tagging-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md similarity index 98% rename from windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md rename to windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md index 81042f2926..1e2654111c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md @@ -21,7 +21,7 @@ WDAC policies apply to the managed computer as a whole and affects all users of - Attributes of the codesigning certificate(s) used to sign an app and its binaries - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file -- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-wdac-with-intelligent-security-graph.md) +- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-appcontrol-with-intelligent-security-graph.md) - The identity of the process that initiated the installation of the app and its binaries ([managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md)) - The [path from which the app or file is launched](design/select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903) - The process that launched the app or binary diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md similarity index 84% rename from windows/security/application-security/application-control/windows-defender-application-control/wdac.md rename to windows/security/application-security/application-control/app-control-for-business/appcontrol.md index 2d0145d3bc..88c99842d1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md +++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md @@ -31,7 +31,7 @@ Windows 10 and Windows 11 include two technologies that can be used for applicat ## WDAC and Smart App Control -Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). +Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-appcontrol-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect. @@ -46,7 +46,7 @@ Smart App Control is only available on clean installation of Windows 11 version ### Smart App Control Enforced Blocks -Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control: +Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-appcontrol.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control: - Infdefaultinstall.exe - Microsoft.Build.dll @@ -57,7 +57,7 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](design ## Related articles -- [WDAC design guide](design/wdac-design-guide.md) -- [WDAC deployment guide](deployment/wdac-deployment-guide.md) -- [WDAC operational guide](operations/wdac-operational-guide.md) +- [WDAC design guide](design/appcontrol-design-guide.md) +- [WDAC deployment guide](deployment/appcontrol-deployment-guide.md) +- [WDAC operational guide](operations/appcontrol-operational-guide.md) - [AppLocker overview](applocker/applocker-overview.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md similarity index 91% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md index 0299b53b2a..a948419849 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md @@ -19,7 +19,7 @@ To understand if AppLocker is the correct application control solution for your | Article | Description | | --- | --- | | [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) | This article describes AppLocker design questions, possible answers, and other considerations when you plan a deployment of application control policies by using AppLocker. | -| [Determine your application control objectives](determine-your-application-control-objectives.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. | +| [Determine your application control objectives](../appcontrol-and-applocker-overview.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. | | [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) | This article describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. | | [Select the types of rules to create](select-types-of-rules-to-create.md) | This article lists resources you can use when selecting your application control policy rules by using AppLocker. | | [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) | This overview article describes the process to follow when you're planning to deploy AppLocker rules. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md similarity index 98% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md index 36cd302f29..81e26f0be3 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md @@ -77,7 +77,7 @@ There are three different types of conditions that can be applied to rules: An AppLocker policy is a set of rule collections and their corresponding configured enforcement mode settings applied to one or more computers. -- [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md) +- [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes) Rule enforcement is applied only to collections of rules, not individual rules. AppLocker divides the rules into four collections: executable files, Windows Installer files, scripts, and DLL files. The options for rule enforcement are **Not configured**, **Enforce rules**, or **Audit only**. Together, all AppLocker rule collections compose the application control policy, or AppLocker policy. By default, if enforcement isn't configured and rules are present in a rule collection, those rules are enforced. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md index de0b5c522f..f1965e03ea 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -30,7 +30,7 @@ Using the Automatically Generate Rules wizard quickly creates rules for the appl Using the **Audit only** enforcement method permits you to view the logs because it collects information about every process on the computers receiving the Group Policy Object (GPO). Therefore, you can evaluate the possible effects of enforcement on computers in a business group. AppLocker includes Windows PowerShell cmdlets that you can use to analyze the events from the event log and cmdlets to create rules. However, when you use Group Policy to deploy to several computers, a means to collect events in a central location is important for manageability. Because AppLocker logs information about files that users or other processes start on a computer, you could miss creating some rules initially. Therefore, you should continue your evaluation until you can verify that all required applications that are allowed to run are accessed successfully. > [!TIP] -> If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker. +> If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker. You can create an inventory of Packaged apps on a device by using two methods: the **Get-AppxPackage** Windows PowerShell cmdlet or the AppLocker console. @@ -44,7 +44,7 @@ The following articles describe how to perform each method: Identify the business group and each organizational unit (OU) within that group for application control policies. In addition, you should identify whether or not AppLocker is the most appropriate solution for these policies. For info about these steps, see the following articles: - [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) -- [Determine your application control objectives](determine-your-application-control-objectives.md) +- [Determine your application control objectives](../appcontrol-and-applocker-overview.md) ## Next steps diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md index 1b14478169..27273e567d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md @@ -18,7 +18,7 @@ You can develop an application control policy plan to guide you in making succes 1. [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md) 2. [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) -3. [Determine your application control objectives](determine-your-application-control-objectives.md) +3. [Determine your application control objectives](../appcontrol-and-applocker-overview.md) 4. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) 5. [Select the types of rules to create](select-types-of-rules-to-create.md) 6. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index e974fdf194..8e4845601c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -14,7 +14,7 @@ This article for IT professionals describes the steps to deploy AppLocker polici These procedures assume that your AppLocker policies are deployed with the enforcement mode set to **Audit only**, and you have been collecting data through the AppLocker event logs and other channels to determine what effect these policies have on your environment and the policy's adherence to your application control design. -For info about the AppLocker policy enforcement setting, see [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md). +For info about the AppLocker policy enforcement setting, see [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes). For info about how to plan an AppLocker policy deployment, see [AppLocker Design Guide](applocker-policies-design-guide.md). @@ -24,7 +24,7 @@ Updating an AppLocker policy that is currently enforced in your production envir ## Step 2: Alter the enforcement setting -Rule enforcement is applied to all rules within a rule collection, not to individual rules. AppLocker divides the rules into collections: executable files, Windows Installer files, packaged apps, scripts, and DLL files. For information about the enforcement mode setting, see [Understand AppLocker Enforcement Settings](understand-applocker-enforcement-settings.md). For the procedure to alter the enforcement mode setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md). +Rule enforcement is applied to all rules within a rule collection, not to individual rules. AppLocker divides the rules into collections: executable files, Windows Installer files, packaged apps, scripts, and DLL files. For information about the enforcement mode setting, see [Understand AppLocker Enforcement Settings](working-with-applocker-rules.md#enforcement-modes). For the procedure to alter the enforcement mode setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md). ## Step 3: Update the policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md similarity index 88% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md index fb13e22d88..54e63c866d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -14,7 +14,7 @@ This overview article describes the process to follow when you're planning to de | Article | Description | | --- | --- | -| [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md) | This article describes the AppLocker enforcement settings for rule collections. | +| [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes) | This article describes the AppLocker enforcement settings for rule collections. | | [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md) | This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.| | [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md) | This planning article describes what you need to investigate, determine, and document for your policy plan when you use AppLocker. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 294689bc28..b89000e34f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -14,7 +14,7 @@ This planning article describes what you should include in your plan when you us To complete this AppLocker planning document, you should first complete the following steps: -1. [Determine your application control objectives](determine-your-application-control-objectives.md) +1. [Determine your application control objectives](../appcontrol-and-applocker-overview.md) 2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) 3. [Select the types of rules to create](select-types-of-rules-to-create.md) 4. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif b/windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plan-inheritance.gif similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif rename to windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plan-inheritance.gif diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif b/windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plandeploy-quickreference.gif similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif rename to windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plandeploy-quickreference.gif diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif b/windows/security/application-security/application-control/app-control-for-business/applocker/images/blockedappmsg.gif similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif rename to windows/security/application-security/application-control/app-control-for-business/applocker/images/blockedappmsg.gif diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md index d82b85d412..71910f46d2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md @@ -58,7 +58,7 @@ AppLocker event log is located in the following path: **Applications and Service 2. **MSI and Script**. Contains events for all files affected by the Windows Installer and script rule collections (.msi, .msp, .ps1, .bat, .cmd, .vbs, and .js). 3. **Packaged app-Deployment** or **Packaged app-Execution**, contains events for all Universal Windows apps affected by the packaged app and packed app installer rule collection (.appx). -Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. +Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. ### Policy maintenance @@ -101,7 +101,7 @@ Before editing the rule collection, first determine what rule is preventing the To complete this AppLocker planning document, you should first complete the following steps: -1. [Determine your application control objectives](determine-your-application-control-objectives.md) +1. [Determine your application control objectives](../appcontrol-and-applocker-overview.md) 2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) 3. [Select the types of rules to create](select-types-of-rules-to-create.md) 4. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md rename to windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md similarity index 87% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index 46d07c19a7..688747f887 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -11,7 +11,7 @@ ms.topic: overview > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding. +You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/appcontrol-design-guide.md), do so now before proceeding. ## Convert your WDAC policy XML to binary @@ -44,13 +44,13 @@ All Windows Defender Application Control policy changes should be deployed in au ## Choose how to deploy WDAC policies > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: -- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune -- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md) -- [Deploy via script](deploy-wdac-policies-with-script.md) -- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md) +- [Deploy using a Mobile Device Management (MDM) solution](deploy-appcontrol-policies-using-intune.md), such as Microsoft Intune +- [Deploy using Microsoft Configuration Manager](deploy-appcontrol-policies-with-memcm.md) +- [Deploy via script](deploy-appcontrol-policies-with-script.md) +- [Deploy via group policy](deploy-appcontrol-policies-using-group-policy.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md similarity index 91% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md index fa463a999a..8e08b9a353 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md @@ -18,7 +18,7 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav ## Overview of the process to create WDAC policy to allow apps using audit events > [!Note] -> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md). +> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](appcontrol-deployment-guide.md). To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy. @@ -29,7 +29,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these **Figure 1. Exceptions to the deployed WDAC policy** ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png) -3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" @@ -47,7 +47,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these > [!NOTE] > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). -5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)). +5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/appcontrol-wizard-editing-policy.md)). 6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level. @@ -56,6 +56,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy. - For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md). + For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-appcontrol-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-appcontrol-policies.md). 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md index 7c3eabc52d..aa98aebabb 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md @@ -11,7 +11,7 @@ ms.date: 12/01/2022 >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md). +As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](appcontrol-deployment-guide.md). If you have an internal CA, complete these steps to create a code signing certificate. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md similarity index 98% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md index 78a686dada..8b6c9f2da9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md @@ -32,7 +32,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**. > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md). + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-appcontrol-management.md). ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png) @@ -42,7 +42,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then select **Edit**. - ![Edit the Group Policy for Windows Defender Application Control.](../images/wdac-edit-gp.png) + ![Edit the Group Policy for Windows Defender Application Control.](../images/appcontrol-edit-gp.png) 6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the WDAC policy deployment path. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md index c7086b6b5e..df6ad5fdc8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md @@ -14,7 +14,7 @@ ms.topic: how-to You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-appcontrol-policies-with-script.md) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -38,7 +38,7 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo ## Deploy WDAC policies with custom OMA-URI > [!NOTE] -> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy. +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-appcontrol-policies.md) which allow more granular policy. You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). @@ -58,7 +58,7 @@ The steps to use Intune's custom OMA-URI functionality are: - **Data type**: Base64 (file) - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune converts the uploaded .bin file to Base64 on your behalf. - :::image type="content" alt-text="Configure custom WDAC." source="../images/wdac-intune-custom-oma-uri.png" lightbox="../images/wdac-intune-custom-oma-uri.png"::: + :::image type="content" alt-text="Configure custom WDAC." source="../images/appcontrol-intune-custom-oma-uri.png" lightbox="../images/appcontrol-intune-custom-oma-uri.png"::: > [!NOTE] > For the _Policy GUID_ value, do not include the curly brackets. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md similarity index 88% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md index d4135733c2..1d1038cbee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md @@ -29,49 +29,49 @@ Configuration Manager doesn't remove policies once deployed. To stop enforcement 1. Select **Asset and Compliance** > **Endpoint Protection** > **Windows Defender Application Control** > **Create Application Control Policy** - ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy.jpg) + ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg) 2. Enter the name of the policy > **Next** 3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes** 4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only) 5. Select **Next** - ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy-2.jpg) + ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy-2.jpg) 6. Select **Add** to begin creating rules for trusted software - ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-wdac-rule.jpg) + ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg) 7. Select **File** or **Folder** to create a path rule > **Browse** - ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-wdac-rule-2.jpg) + ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-appcontrol-rule-2.jpg) 8. Select the executable or folder for your path rule > **OK** - ![Select the executable file or folder.](../images/memcm/memcm-create-wdac-rule-3.jpg) + ![Select the executable file or folder.](../images/memcm/memcm-create-appcontrol-rule-3.jpg) 9. Select **OK** to add the rule to the table of trusted files or folder 10. Select **Next** to navigate to the summary page > **Close** - ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-wdac-rule.jpg) + ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-appcontrol-rule.jpg) ### Deploy the WDAC policy in Configuration Manager 1. Right-click the newly created policy > **Deploy Application Control Policy** - ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-wdac.jpg) + ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-appcontrol.jpg) 2. Select **Browse** - ![Select Browse.](../images/memcm/memcm-deploy-wdac-2.jpg) + ![Select Browse.](../images/memcm/memcm-deploy-appcontrol-2.jpg) 3. Select the Device Collection you created earlier > **OK** - ![Select the device collection.](../images/memcm/memcm-deploy-wdac-3.jpg) + ![Select the device collection.](../images/memcm/memcm-deploy-appcontrol-3.jpg) 4. Change the schedule > **OK** - ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-wdac-4.jpg) + ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-appcontrol-4.jpg) For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). @@ -79,4 +79,4 @@ Download the entire [WDAC in Configuration Manager lab paper](https://download.m ## Deploy custom WDAC policies using Packages/Programs or Task Sequences -Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. +Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-appcontrol-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md index 2265945d4e..056e35ce3f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md @@ -34,7 +34,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip" ``` - Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md). + Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-appcontrol-policies-with-script.md). 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C: @@ -301,7 +301,7 @@ At the time of the next software inventory cycle, when the targeted clients rece ## Allow apps signed by your catalog signing certificate in your WDAC policy -Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md). +Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/appcontrol-design-guide.md). On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md index 2685a6db1d..839bf11d55 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md @@ -65,7 +65,7 @@ The steps to use Intune's custom OMA-URI functionality to remove a WDAC policy a - **Certificate file**: upload your binary format policy file. You don't need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf. > [!div class="mx-imgBorder"] - > ![Configure custom WDAC.](../images/wdac-intune-custom-oma-uri.png) + > ![Configure custom WDAC.](../images/appcontrol-intune-custom-oma-uri.png) > [!NOTE] > For the _Policy GUID_ value, do not include the curly brackets. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md similarity index 89% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md index 07bc66c51a..fe758fad88 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md @@ -19,11 +19,11 @@ You should now have one or more Windows Defender Application Control policies br ## Convert WDAC **base** policy from audit to enforced -As described in [common Windows Defender Application Control deployment scenarios](../design/common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](../design/common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. -Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-wdac-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. +Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-appcontrol-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. 1. Initialize the variables that will be used and create the enforced policy by copying the audit version. @@ -96,4 +96,4 @@ Since the enforced policy was given a unique PolicyID in the previous procedure, ## Deploy your enforced policy and supplemental policies -Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md). +Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](appcontrol-deployment-guide.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md index d1b96ca2d6..79adf8c772 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md @@ -19,7 +19,7 @@ This article shows how to merge multiple policy XML files together and how to me ## Merge multiple WDAC policy XML files together -There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-wdac-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. +There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-appcontrol-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. 1. Initialize the variables that will be used: @@ -43,7 +43,7 @@ There are many scenarios where you may want to merge two or more policy files to Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps: -1. Install the [WDAC Wizard](../design/wdac-wizard.md) packaged MSIX app. +1. Install the [WDAC Wizard](../design/appcontrol-wizard.md) packaged MSIX app. 2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe. 3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard: @@ -80,4 +80,4 @@ Now that you have your new, merged policy, you can convert and deploy the policy 2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). -3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md) +3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](appcontrol-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md index 7e9e07b044..22c1e87ca0 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md @@ -26,7 +26,7 @@ You can use catalog files to easily add a signature to an existing application w > [!NOTE] > Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge. -To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-wdac.md). +To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-appcontrol.md). ## Signed WDAC policies @@ -40,4 +40,4 @@ Some ways to obtain code signing certificates for your own use, include: - Use Microsoft's [Trusted Signing service](/azure/trusted-signing/). - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list). -- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). \ No newline at end of file +- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-appcontrol.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md similarity index 95% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md rename to windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md index a7f4170ab2..d99250c1bf 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md @@ -38,7 +38,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!NOTE] - > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-wdac-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. + > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-appcontrol-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. 2. Navigate to your desktop as the working directory: @@ -58,7 +58,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!IMPORTANT] - > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-wdac-policies.md#remove-wdac-policies-causing-boot-stop-failures). + > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-appcontrol-policies.md#remove-wdac-policies-causing-boot-stop-failures). 4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: @@ -88,7 +88,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files: -1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). +1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-appcontrol.md). 2. Sign the WDAC policy by using SignTool.exe: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md rename to windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md similarity index 71% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md index 84a5e4839a..75f49b7218 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md @@ -28,10 +28,10 @@ Once these business factors are in place, you're ready to begin planning your Wi | Topic | Description | | - | - | -| [Plan for WDAC policy management](plan-wdac-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | -| [Understand WDAC policy design decisions](understand-wdac-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | +| [Plan for WDAC policy management](plan-appcontrol-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | +| [Understand WDAC policy design decisions](understand-appcontrol-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | -| [Policy creation for common WDAC usage scenarios](common-wdac-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | -| [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. | +| [Policy creation for common WDAC usage scenarios](common-appcontrol-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | +| [Policy creation using the WDAC Wizard tool](appcontrol-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. | -After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](../deployment/wdac-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. +After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](../deployment/appcontrol-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md index 38dd2726e4..293fef697f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md @@ -11,7 +11,7 @@ ms.date: 06/07/2023 > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. +When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](appcontrol-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. ## Template Base Policies @@ -21,13 +21,13 @@ Each of the template policies has a unique set of policy allowlist rules that af |---------------------------------|-------------------------------------------------------------------| | **Default Windows Mode** | Default Windows mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
| | **Allow Microsoft Mode** | Allow mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • *All Microsoft-signed software*
| -| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • All Microsoft-signed software
  • *Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-wdac-with-intelligent-security-graph.md)*
| +| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • All Microsoft-signed software
  • *Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-appcontrol-with-intelligent-security-graph.md)*
| *Italicized content denotes the changes in the current policy with respect to the policy prior.* -More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md). +More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-appcontrol-base-policies.md). -![Selecting a base template for the policy.](../images/wdac-wizard-template-selection.png) +![Selecting a base template for the policy.](../images/appcontrol-wizard-template-selection.png) Once the base template is selected, give the policy a name and choose where to save the application control policy on disk. @@ -53,7 +53,7 @@ The following table has a description of each policy rule, beginning with the le | **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | > [!div class="mx-imgBorder"] -> ![Rule options UI for Windows Allowed mode policy.](../images/wdac-wizard-rule-options-UI-advanced-collapsed.png) +> ![Rule options UI for Windows Allowed mode policy.](../images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png) ### Advanced Policy Rules Description @@ -68,7 +68,7 @@ Selecting the **+ Advanced Options** label shows another column of policy rules, | **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option causes WDAC to periodically revalidate the reputation for files authorized by the ISG.| | **Require EV Signers** | This option isn't currently supported. | -![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-rule-options-UI.png) +![Rule options UI for Windows Allowed mode.](../images/appcontrol-wizard-rule-options-UI.png) > [!NOTE] > We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked-instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default. @@ -88,7 +88,7 @@ The Publisher file rule type uses properties in the code signing certificate cha | **File version** | SignedVersion | This rule is a combination of PCACertificate, publisher, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. | | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. | -![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png) +![Custom filepublisher file rule creation.](../images/appcontrol-wizard-custom-publisher-rule.png) ### Filepath Rules @@ -106,7 +106,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Internal name** | Specifies the internal name of the binary. | > [!div class="mx-imgBorder"] -> ![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png) +> ![Custom file attributes rule.](../images/appcontrol-wizard-custom-file-attribute-rule.png) ### File Hash Rules @@ -118,4 +118,4 @@ The policy signing rules list table on the left of the page documents the allow ## Up next -- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md) +- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](appcontrol-wizard-editing-policy.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md similarity index 85% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md index 2d1d9a8c91..83b7294bde 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md @@ -11,23 +11,23 @@ ms.date: 06/07/2023 > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run. +Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](appcontrol-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run. -Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. +Prerequisite information about application control can be accessed through the [WDAC design guide](appcontrol-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. ## Expanding a Base Policy Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The WDAC Wizard verifies if the base policy allows supplementals and shows the following confirmation. -![Base policy allows supplemental policies.](../images/wdac-wizard-supplemental-expandable.png) +![Base policy allows supplemental policies.](../images/appcontrol-wizard-supplemental-expandable.png) If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed. -![Wizard confirms modification of base policy.](../images/wdac-wizard-confirm-base-policy-modification.png) +![Wizard confirms modification of base policy.](../images/appcontrol-wizard-confirm-base-policy-modification.png) -Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-wdac-policies.md). +Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-appcontrol-policies.md). -![Wizard detects a bad base policy.](../images/wdac-wizard-supplemental-not-base.png) +![Wizard detects a bad base policy.](../images/appcontrol-wizard-supplemental-not-base.png) ## Configuring Policy Rules @@ -45,7 +45,7 @@ Supplemental policies can only configure three policy rules. The following table | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. | | **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. | -![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-supplemental-policy-rule-options-UI.png) +![Rule options UI for Windows Allowed mode.](../images/appcontrol-wizard-supplemental-policy-rule-options-UI.png) ## Creating custom file rules @@ -62,7 +62,7 @@ The Publisher file rule type uses properties in the code signing certificate cha | **File version** | SignedVersion | This rule is a combination of the PCACertificate and Publisher rule, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. | | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. | -![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png) +![Custom filepublisher file rule creation.](../images/appcontrol-wizard-custom-publisher-rule.png) ### Filepath Rules @@ -79,7 +79,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Product name** | Specifies the name of the product with which the binary ships. | | **Internal name** | Specifies the internal name of the binary. | -![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png) +![Custom file attributes rule.](../images/appcontrol-wizard-custom-file-attribute-rule.png) ### File Hash Rules @@ -91,4 +91,4 @@ The table on the left of the page documents the allow and deny rules in the temp ## Up next -- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md) +- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](appcontrol-wizard-editing-policy.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 95692365fc..214abcaf2e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -22,7 +22,7 @@ The Windows Defender Application Control Wizard makes editing and viewing WDAC p The `Policy Rules` page will load with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button will reveal the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state. For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules). -![Configuring the policy rules.](../images/wdac-wizard-edit-policy-rules.png) +![Configuring the policy rules.](../images/appcontrol-wizard-edit-policy-rules.png) A description of the policy rule is shown at the bottom of the page when the cursor is placed over the rule title. For a complete list of the policy rules and their capabilities, see the [Windows Defender Application Control policy rules table](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules). @@ -30,13 +30,13 @@ A description of the policy rule is shown at the bottom of the page when the cur The Windows Defender Application Control Wizard allows users to add rules to their existing policy seamlessly. Previously, this rule-adding task would have involved creating a new policy with the new rules and merging it with the existing policy. -Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](wdac-wizard-create-base-policy.md#creating-custom-file-rules). +Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](appcontrol-wizard-create-base-policy.md#creating-custom-file-rules). ## Removing File Rules The WDAC Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule will highlight the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard will prompt for user confirmation before removing the file rule. Once removed, the rule will no longer appear in the policy or the table. -![Removing file rule from policy during edit.](../images/wdac-wizard-edit-remove-file-rule.png) +![Removing file rule from policy during edit.](../images/appcontrol-wizard-edit-remove-file-rule.png) **Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. @@ -56,4 +56,4 @@ Once the policy is created, the new policy will be written to the same path as t ## Up next -- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](wdac-wizard-merging-policies.md) +- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](appcontrol-wizard-merging-policies.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md index 2db7264ca4..ed2a734141 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md @@ -13,8 +13,8 @@ Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC Select the policies you wish to merge into one policy using the `+ Add Policy` button under the table. Once added, policies will be enumerated within the table. To remove a policy from the table, if accidentally added, highlight the policy row and select the `- Remove Policy` button. Confirmation will be required before the policy is withdrawn from the table. > [!NOTE] -> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-wdac-policies.md). +> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-appcontrol-policies.md). Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy. -![Merging WDAC policies into a final WDAC policy.](../images/wdac-wizard-merge.png) +![Merging WDAC policies into a final WDAC policy.](../images/appcontrol-wizard-merge.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md similarity index 89% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md index 5fb5ff24d3..bbdda00d86 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md @@ -28,7 +28,7 @@ To create rules from the WDAC event logs on the system: The Wizard parses the relevant audit and block events from the CodeIntegrity (WDAC) Operational and AppLocker MSI and Script logs. You see a notification when the Wizard successfully finishes reading the events. > [!div class="mx-imgBorder"] - > [![Parse WDAC and AppLocker event log system events](../images/wdac-wizard-event-log-system.png)](../images/wdac-wizard-event-log-system-expanded.png) + > [![Parse WDAC and AppLocker event log system events](../images/appcontrol-wizard-event-log-system.png)](../images/appcontrol-wizard-event-log-system-expanded.png) 4. Select the Next button to view the audit and block events and create rules. 5. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -45,7 +45,7 @@ To create rules from the WDAC `.EVTX` event logs files on the system: The Wizard parses the relevant audit and block events from the selected log files. You see a notification when the Wizard successfully finishes reading the events. > [!div class="mx-imgBorder"] - > [![Parse evtx file WDAC events](../images/wdac-wizard-event-log-files.png)](../images/wdac-wizard-event-log-files-expanded.png) + > [![Parse evtx file WDAC events](../images/appcontrol-wizard-event-log-files.png)](../images/appcontrol-wizard-event-log-files-expanded.png) 5. Select the Next button to view the audit and block events and create rules. 6. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -82,7 +82,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](../operations/que 2. Export the WDAC event results by selecting the **Export** button in the results view. > [!div class="mx-imgBorder"] - > [![Export the MDE Advanced Hunting results to CSV](../images/wdac-wizard-event-log-mde-ah-export.png)](../images/wdac-wizard-event-log-mde-ah-export-expanded.png) + > [![Export the MDE Advanced Hunting results to CSV](../images/appcontrol-wizard-event-log-mde-ah-export.png)](../images/appcontrol-wizard-event-log-mde-ah-export-expanded.png) 3. Select **Policy Editor** from the main page. 4. Select **Convert Event Log to a WDAC Policy**. @@ -92,7 +92,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](../operations/que The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You see a notification when the Wizard successfully finishes reading the events. > [!div class="mx-imgBorder"] - > [![Parse the Advanced Hunting CSV WDAC event files](../images/wdac-wizard-event-log-mde-ah-parsing.png)](../images/wdac-wizard-event-log-mde-ah-parsing-expanded.png) + > [![Parse the Advanced Hunting CSV WDAC event files](../images/appcontrol-wizard-event-log-mde-ah-parsing.png)](../images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png) 7. Select the Next button to view the audit and block events and create rules. 8. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -109,7 +109,7 @@ To create a rule and add it to the WDAC policy: 4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label is shown in the selected row confirming that the rule will be generated. > [!div class="mx-imgBorder"] - > [![Adding a publisher rule to the WDAC policy](../images/wdac-wizard-event-rule-creation.png)](../images/wdac-wizard-event-rule-creation-expanded.png) + > [![Adding a publisher rule to the WDAC policy](../images/appcontrol-wizard-event-rule-creation.png)](../images/appcontrol-wizard-event-rule-creation-expanded.png) 5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies. @@ -118,4 +118,4 @@ To create a rule and add it to the WDAC policy: ## Up next -- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](wdac-wizard-merging-policies.md) +- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](appcontrol-wizard-merging-policies.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md similarity index 73% rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md index 2f67ee3ad7..1468e8c87d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md @@ -30,7 +30,7 @@ If neither requirement is satisfied, it throws an error as the cmdlets aren't av | Article | Description | | - | - | -| [Creating a new base policy](wdac-wizard-create-base-policy.md) | This article describes how to create a new base policy using one of the supplied policy templates. | -| [Creating a new supplemental policy](wdac-wizard-create-supplemental-policy.md) | This article describes the steps necessary to create a supplemental policy, from one of the supplied templates, for an existing base policy. | -| [Editing a base or supplemental policy](wdac-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the tool's editing capabilities. | -| [Merging policies](wdac-wizard-merging-policies.md) | This article describes how to merge policies into a single application control policy. | +| [Creating a new base policy](appcontrol-wizard-create-base-policy.md) | This article describes how to create a new base policy using one of the supplied policy templates. | +| [Creating a new supplemental policy](appcontrol-wizard-create-supplemental-policy.md) | This article describes the steps necessary to create a supplemental policy, from one of the supplied templates, for an existing base policy. | +| [Editing a base or supplemental policy](appcontrol-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the tool's editing capabilities. | +| [Merging policies](appcontrol-wizard-merging-policies.md) | This article describes how to merge policies into a single application control policy. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md rename to windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md index 13ff7f41f2..06d8413204 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md @@ -1531,4 +1531,4 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and ## More information -- [Merge WDAC policies](../deployment/merge-wdac-policies.md) +- [Merge WDAC policies](../deployment/merge-appcontrol-policies.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md similarity index 98% rename from windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md rename to windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md index 7f203efaf7..8ab01119a3 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md @@ -34,4 +34,4 @@ Recently, Lamna experienced a ransomware event that required an expensive recove ## Up next -- [Create a Windows Defender Application Control policy for lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) +- [Create a Windows Defender Application Control policy for lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md rename to windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md index ff3b5d8fa8..87f332d446 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -212,7 +212,7 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables Set-RuleOption -FilePath -Option 13 ``` -4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/wdac-deployment-guide.md). +4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/appcontrol-deployment-guide.md). > [!NOTE] > Your WDAC policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer. @@ -223,4 +223,4 @@ To remove the Managed Installer feature from the device, you'll need to remove t ## Related articles -- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-wdac-managed-installer.md) +- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-appcontrol-managed-installer.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md rename to windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md index 3e76a698d2..44f9310f69 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md @@ -50,7 +50,7 @@ Policy2 is our new deny policy, which blocks MaliciousApp.exe and also the Windo ## Mixed Allow and Deny policy considerations -If the set of deny rules is to be added into an existing policy that includes explicit allow rules, then don't include the preceding "Allow All" rules. Instead, the deny rules should be merged with the existing WDAC policy via the [WDAC Wizard](wdac-wizard-merging-policies.md) or using the following PowerShell command: +If the set of deny rules is to be added into an existing policy that includes explicit allow rules, then don't include the preceding "Allow All" rules. Instead, the deny rules should be merged with the existing WDAC policy via the [WDAC Wizard](appcontrol-wizard-merging-policies.md) or using the following PowerShell command: ```PowerShell $DenyPolicy = @@ -60,7 +60,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Best Practices -1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/wdac-operational-guide.md) +1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/appcontrol-operational-guide.md) 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While WDAC has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md similarity index 88% rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md rename to windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md index 76720b9535..9a351a6af1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md @@ -11,12 +11,12 @@ ms.date: 11/07/2022 >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. +This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. @@ -44,7 +44,7 @@ Based on the above, Alice defines the pseudo-rules for the policy: 2. **"ConfigMgr works"** rules that include signer and hash rules for Configuration Manager components to properly function. 3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer) -The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are: +The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are: - Removal of the Intelligent Security Graph (ISG) option; and - Removal of filepath rules. @@ -56,7 +56,7 @@ Having defined the "circle-of-trust", Alice is ready to generate the initial pol Alice follows these steps to complete this task: > [!NOTE] -> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy. +> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-appcontrol-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy. 1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11. @@ -145,5 +145,5 @@ Alice has defined a policy for Lamna's fully managed devices that makes some tra ## Up next -- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-wdac-policy-using-reference-computer.md) -- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) +- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-appcontrol-policy-using-reference-computer.md) +- [Prepare to deploy Windows Defender Application Control policies](../deployment/appcontrol-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md rename to windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md index d4b6d3f256..b3ca05904b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md @@ -16,7 +16,7 @@ This section outlines the process to create a Windows Defender Application Contr > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads. @@ -61,7 +61,7 @@ Alice follows these steps to complete this task: 1. On a client device, run the following commands in an elevated Windows PowerShell session to initialize variables: > [!NOTE] - > If you prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md), substitute the example policy path with your preferred base policy in this step. + > If you prefer to use a different [example Windows Defender Application Control base policy](example-appcontrol-base-policies.md), substitute the example policy path with your preferred base policy in this step. ```powershell $PolicyPath = $env:userprofile+"\Desktop\" @@ -79,7 +79,7 @@ Alice follows these steps to complete this task: 1. Modify the policy to remove unsupported rule: > [!NOTE] - > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../wdac.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. + > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../appcontrol.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. ```powershell [xml]$xml = Get-Content $LamnaPolicy @@ -173,7 +173,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m - **Intelligent Security Graph (ISG)** - See [security considerations with the Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) + See [security considerations with the Intelligent Security Graph](use-appcontrol-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) Possible mitigations: @@ -208,5 +208,5 @@ In order to minimize user productivity impact, Alice has defined a policy that m ## Up next -- [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) -- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) +- [Create a Windows Defender Application Control policy for fully managed devices](create-appcontrol-policy-for-fully-managed-devices.md) +- [Prepare to deploy Windows Defender Application Control policies](../deployment/appcontrol-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md rename to windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md index 4b7a2f317b..afe2c9ef35 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md @@ -16,7 +16,7 @@ This section outlines the process to create a Windows Defender Application Contr > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. @@ -114,7 +114,7 @@ Alice previously created a policy for the organization's fully managed devices. Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed in-use devices: -- Everything described for Lamna's [Fully Managed Devices](create-wdac-policy-for-fully-managed-devices.md); +- Everything described for Lamna's [Fully Managed Devices](create-appcontrol-policy-for-fully-managed-devices.md); - Users have installed apps that they need to continue to run. Based on the above, Alice defines the pseudo-rules for the policy: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md rename to windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md similarity index 95% rename from windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md rename to windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md index e186ea2bb6..d0a5989c5f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md @@ -21,7 +21,7 @@ When you create policies for use with Windows Defender Application Control (WDAC | **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll_EnableHVCI.xml | | **DenyAllAudit.xml** | ***Warning: Will cause boot issues on Windows Server 2019 and earlier. Do not use on those operating systems.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DenyAllAudit.xml | | **Microsoft Configuration Manager** | Customers who use Configuration Manager can deploy a policy with Configuration Manager's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint | -| **SmartAppControl.xml** | This example policy includes rules based on [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) that are well-suited for lightly managed systems. This policy includes a rule that is unsupported for enterprise WDAC policies and must be removed. For more information about using this example policy, see [Create a custom base policy using an example base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\SmartAppControl.xml
%ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\SignedReputable.xml | +| **SmartAppControl.xml** | This example policy includes rules based on [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) that are well-suited for lightly managed systems. This policy includes a rule that is unsupported for enterprise WDAC policies and must be removed. For more information about using this example policy, see [Create a custom base policy using an example base policy](create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\SmartAppControl.xml
%ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\SignedReputable.xml | | **Example supplemental policy** | This example policy shows how to use supplemental policy to expand the DefaultWindows_Audit.xml allow a single Microsoft-signed file. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Supplemental.xml | | **Microsoft Recommended Block List** | This policy includes a list of Windows and Microsoft-signed code that Microsoft recommends blocking when using WDAC, if possible. | [Microsoft recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules)
%ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\Recommended_UserMode_Blocklist.xml | | **Microsoft recommended driver blocklist** | This policy includes rules to block known vulnerable or malicious kernel drivers. | [Microsoft recommended driver block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)
%OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\RecommendedDriverBlock_Enforced.xml
%ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\Recommended_Driver_Blocklist.xml | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md rename to windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md index d136e3824b..3d4bd0b9c0 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md @@ -78,7 +78,7 @@ Use the following steps to create a WDAC PFN rule for an app that is installed o 7. Select **Create Rule**. 8. Create any other rules desired, then complete the Wizard. -![Create PFN rule from WDAC Wizard](../images/wdac-wizard-custom-pfn-rule.png) +![Create PFN rule from WDAC Wizard](../images/appcontrol-wizard-custom-pfn-rule.png) ##### Create a PFN rule using a custom string @@ -91,4 +91,4 @@ Use the following steps to create a PFN rule with a custom string value: 5. Select **Create Rule**. 6. Create any other rules desired, then complete the Wizard. -![Create PFN rule with custom string from WDAC Wizard](../images/wdac-wizard-custom-manual-pfn-rule.png) +![Create PFN rule with custom string from WDAC Wizard](../images/appcontrol-wizard-custom-manual-pfn-rule.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md rename to windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md rename to windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md index caebc2c6c3..369b3581c4 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md @@ -19,7 +19,7 @@ The first step in implementing application control is to consider how your polic Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: -1. [Define (or refine) the "circle-of-trust"](understand-wdac-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing. +1. [Define (or refine) the "circle-of-trust"](understand-appcontrol-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing. 2. [Deploy the audit mode policy](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) to intended devices. 3. [Monitor audit block events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks. 4. Repeat steps 2-3 until the remaining block events meet expectations. @@ -38,7 +38,7 @@ To effectively manage Windows Defender Application Control policies, you should Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique policy ID. These unique attributes help you differentiate each policy when reviewing Windows Defender Application Control events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy. > [!NOTE] -> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-wdac-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. +> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-appcontrol-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. > PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy. In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (for example, "1.0.0.0"). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md rename to windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md index ce2f7e2e2f..598c2f8e14 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md @@ -97,7 +97,7 @@ As part of normal operations, they'll eventually install software updates, or pe ## File rule precedence order -WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](../deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-wdac-with-intelligent-security-graph.md) if allowed by the policy. +WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](../deployment/deploy-appcontrol-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-appcontrol-with-intelligent-security-graph.md) if allowed by the policy. > [!NOTE] > To make it easier to reason over your WDAC policies, we recommend maintaining separate ALLOW and DENY policies on Windows versions that support [multiple WDAC policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md similarity index 88% rename from windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md rename to windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md index abaeda5f34..31876f2c5b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md @@ -26,7 +26,7 @@ You should consider using Windows Defender Application Control as part of your o ## Decide what policies to create -Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-wdac-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. +Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-appcontrol-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. @@ -45,8 +45,8 @@ Organizations with well-defined, centrally managed app management and deployment | Possible answers | Design considerations| | - | - | | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | -| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-wdac-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | -| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | +| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-appcontrol-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-appcontrol-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| ### Are internally developed line-of-business (LOB) apps and apps developed by third-party companies digitally signed? @@ -56,7 +56,7 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p | Possible answers | Design considerations | | - | - | | All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | -| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | +| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-appcontrol.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | ### Are there specific groups in your organization that need customized application control policies? diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md b/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md rename to windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md rename to windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md similarity index 98% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md rename to windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md index 02cd2f93cd..555cbdcb32 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md @@ -94,4 +94,4 @@ Packaged apps aren't supported with the ISG and will need to be separately autho The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. > [!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md b/windows/security/application-security/application-control/app-control-for-business/feature-availability.md similarity index 85% rename from windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md rename to windows/security/application-security/application-control/app-control-for-business/feature-availability.md index 264f3589f8..5e6d77e3a5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md +++ b/windows/security/application-security/application-control/app-control-for-business/feature-availability.md @@ -15,7 +15,7 @@ ms.topic: overview |-------------|------|-------------| | Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Available on Windows 8 or later. | | Edition availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later.
WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).

Windows versions older than version 2004, including Windows Server 2019:
  • Policies deployed through GP are only supported on Enterprise and Server editions.
  • Policies deployed through MDM are supported on all editions.
| -| Management solutions |
  • [Intune](deployment/deploy-wdac-policies-using-intune.md)
  • [Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)
  • [Group policy](deployment/deploy-wdac-policies-using-group-policy.md)
  • [Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)
|
  • [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
  • Configuration Manager (custom policy deployment via software distribution only)
  • [Group Policy](applocker/determine-group-policy-structure-and-rule-enforcement.md)
  • PowerShell
      • | +| Management solutions |
      • [Intune](deployment/deploy-appcontrol-policies-using-intune.md)
      • [Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)
      • [Group policy](deployment/deploy-appcontrol-policies-using-group-policy.md)
      • [Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)
      |
      • [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
      • Configuration Manager (custom policy deployment via software distribution only)
      • [Group Policy](applocker/determine-group-policy-structure-and-rule-enforcement.md)
      • PowerShell
          • | | Per-user and Per-user group rules | Not available (policies are device-wide). | Available on Windows 8+. | | Kernel mode policies | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. | | [Rule option 11 - Disabled:Script Enforcement](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement) | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. **Disabled:Script Enforcement** isn't supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and shouldn't be used on those platforms. Doing so results in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-edit-gp.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-edit-gp.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-intune-custom-oma-uri.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-intune-custom-oma-uri.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-confirm-base-policy-modification.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-confirm-base-policy-modification.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-file-attribute-rule.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-file-attribute-rule.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-manual-pfn-rule.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-manual-pfn-rule.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-pfn-rule.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-pfn-rule.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-publisher-rule.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-publisher-rule.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-policy-rules.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-policy-rules.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-remove-file-rule.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-remove-file-rule.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files-expanded.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files-expanded.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export-expanded.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export-expanded.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system-expanded.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system-expanded.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation-expanded.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation-expanded.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-merge.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-merge.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-expandable.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-expandable.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-not-base.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-not-base.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-policy-rule-options-UI.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-policy-rule-options-UI.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-template-selection.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-template-selection.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-1.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png rename to windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-1.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-2.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png rename to windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-2.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-pid-task-mgr.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png rename to windows/security/application-security/application-control/app-control-for-business/images/appid-pid-task-mgr.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg-token.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png rename to windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg-token.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png rename to windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png b/windows/security/application-security/application-control/app-control-for-business/images/bit-toggling-keyboard-icon.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png rename to windows/security/application-security/application-control/app-control-for-business/images/bit-toggling-keyboard-icon.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png b/windows/security/application-security/application-control/app-control-for-business/images/calculator-menu-icon.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png rename to windows/security/application-security/application-control/app-control-for-business/images/calculator-menu-icon.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png b/windows/security/application-security/application-control/app-control-for-business/images/calculator-with-hex-in-binary.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png rename to windows/security/application-security/application-control/app-control-for-business/images/calculator-with-hex-in-binary.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig12-verifysigning.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig12-verifysigning.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig13-createnewgpo.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig13-createnewgpo.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig14-createnewfile.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig14-createnewfile.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig15-setnewfileprops.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig15-setnewfileprops.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig16-specifyinfo.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig16-specifyinfo.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig17-specifyinfo.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig17-specifyinfo.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig18-specifyux.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig18-specifyux.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig19-customsettings.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig19-customsettings.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig20-setsoftwareinv.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig20-setsoftwareinv.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig21-pathproperties.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig21-pathproperties.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig23-exceptionstocode.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig23-exceptionstocode.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig24-creategpo.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig24-creategpo.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig26-enablecode.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig26-enablecode.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig27-managecerttemp.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig27-managecerttemp.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig29-enableconstraints.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig29-enableconstraints.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig30-selectnewcert.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig30-selectnewcert.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig31-getmoreinfo.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig31-getmoreinfo.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png b/windows/security/application-security/application-control/app-control-for-business/images/event-3077.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png rename to windows/security/application-security/application-control/app-control-for-business/images/event-3077.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png b/windows/security/application-security/application-control/app-control-for-business/images/event-3089.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png rename to windows/security/application-security/application-control/app-control-for-business/images/event-3089.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png b/windows/security/application-security/application-control/app-control-for-business/images/event-3099-options.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png rename to windows/security/application-security/application-control/app-control-for-business/images/event-3099-options.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png b/windows/security/application-security/application-control/app-control-for-business/images/hex-icon.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png rename to windows/security/application-security/application-control/app-control-for-business/images/hex-icon.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png b/windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule-xml.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png rename to windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule-xml.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png rename to windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-confirm-appcontrol-rule.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-confirm-appcontrol-rule.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy-2.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy-2.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-2.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-2.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-3.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-3.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-2.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-2.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-3.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-3.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-4.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-4.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol.jpg similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol.jpg diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png b/windows/security/application-security/application-control/app-control-for-business/images/policyflow.png similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png rename to windows/security/application-security/application-control/app-control-for-business/images/policyflow.png diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/app-control-for-business/index.yml similarity index 69% rename from windows/security/application-security/application-control/windows-defender-application-control/index.yml rename to windows/security/application-security/application-control/app-control-for-business/index.yml index 04252abe74..5bf64100cc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml +++ b/windows/security/application-security/application-control/app-control-for-business/index.yml @@ -19,9 +19,9 @@ landingContent: - linkListType: overview links: - text: What is Application Control? - url: wdac.md + url: appcontrol.md - text: What is Windows Defender Application Control (WDAC)? - url: wdac-and-applocker-overview.md + url: appcontrol-and-applocker-overview.md - text: What is AppLocker? url: applocker\applocker-overview.md - text: WDAC and AppLocker feature availability @@ -34,27 +34,27 @@ landingContent: - text: Using code signing to simplify application control url: deployment/use-code-signing-for-better-control-and-protection.md - text: Applications that can bypass WDAC and how to block them - url: design/applications-that-can-bypass-wdac.md + url: design/applications-that-can-bypass-appcontrol.md - text: Microsoft's Recommended Driver Blocklist url: design/microsoft-recommended-driver-block-rules.md - text: Example WDAC policies - url: design/example-wdac-base-policies.md + url: design/example-appcontrol-base-policies.md - text: Managing multiple policies - url: design/deploy-multiple-wdac-policies.md + url: design/deploy-multiple-appcontrol-policies.md - linkListType: how-to-guide links: - text: Create a WDAC policy for a lightly managed device - url: design/create-wdac-policy-for-lightly-managed-devices.md + url: design/create-appcontrol-policy-for-lightly-managed-devices.md - text: Create a WDAC policy for a fully managed device - url: design/create-wdac-policy-for-fully-managed-devices.md + url: design/create-appcontrol-policy-for-fully-managed-devices.md - text: Create a WDAC policy for a fixed-workload - url: design/create-wdac-policy-using-reference-computer.md + url: design/create-appcontrol-policy-using-reference-computer.md - text: Create a WDAC blocklist policy - url: design/create-wdac-deny-policy.md + url: design/create-appcontrol-deny-policy.md - text: Deploying catalog files for WDAC management - url: deployment/deploy-catalog-files-to-support-wdac.md + url: deployment/deploy-catalog-files-to-support-appcontrol.md - text: Using the WDAC Wizard - url: design/wdac-wizard.md + url: design/appcontrol-wizard.md #- linkListType: Tutorial (videos) # links: # - text: Using the WDAC Wizard @@ -69,49 +69,49 @@ landingContent: - text: Understanding policy and file rules url: design/select-types-of-rules-to-create.md - text: Understanding WDAC secure settings - url: design/understanding-wdac-policy-settings.md + url: design/understanding-appcontrol-policy-settings.md - linkListType: how-to-guide links: - text: Allow managed installer and configure managed installer rules url: design/configure-authorized-apps-deployed-with-a-managed-installer.md - text: Allow reputable apps with ISG - url: design/use-wdac-with-intelligent-security-graph.md + url: design/use-appcontrol-with-intelligent-security-graph.md - text: Managed MSIX and Appx Packaged Apps - url: design/manage-packaged-apps-with-wdac.md + url: design/manage-packaged-apps-with-appcontrol.md - text: Allow com object registration - url: design/allow-com-object-registration-in-wdac-policy.md + url: design/allow-com-object-registration-in-appcontrol-policy.md - text: Manage plug-ins, add-ins, and modules - url: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md + url: design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md # Card - title: Learn how to deploy WDAC Policies linkLists: - linkListType: overview links: - text: Using signed policies to protect against tampering - url: deployment/use-signed-policies-to-protect-wdac-against-tampering.md + url: deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md - text: Audit mode policies - url: deployment/audit-wdac-policies.md + url: deployment/audit-appcontrol-policies.md - text: Enforcement mode policies - url: deployment/enforce-wdac-policies.md + url: deployment/enforce-appcontrol-policies.md - text: Disabling WDAC policies - url: deployment/disable-wdac-policies.md + url: deployment/disable-appcontrol-policies.md - linkListType: tutorial links: - text: Deployment with MDM - url: deployment/deploy-wdac-policies-using-intune.md + url: deployment/deploy-appcontrol-policies-using-intune.md - text: Deployment with Configuration Manager - url: deployment/deploy-wdac-policies-with-memcm.md + url: deployment/deploy-appcontrol-policies-with-memcm.md - text: Deployment with script and refresh policy - url: deployment/deploy-wdac-policies-with-script.md + url: deployment/deploy-appcontrol-policies-with-script.md - text: Deployment with group policy - url: deployment/deploy-wdac-policies-using-group-policy.md + url: deployment/deploy-appcontrol-policies-using-group-policy.md # Card - title: Learn how to troubleshoot and debug WDAC events linkLists: - linkListType: overview links: - text: Debugging and troubleshooting - url: operations/wdac-debugging-and-troubleshooting.md + url: operations/appcontrol-debugging-and-troubleshooting.md - text: Understanding event IDs url: operations/event-id-explanations.md - text: Understanding event Tags diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md rename to windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md index dc6c98cb9b..6ae9a1a3fe 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md @@ -104,7 +104,7 @@ Sometimes, you may be able to supplement the information contained in the core W Having gathered the necessary diagnostic information from a device, you're ready to begin your analysis of the diagnostic data collected in the previous section. -1. Verify the set of WDAC policies that are active and enforced. Confirm that only those policies you expect to be active are currently active. Be aware of the [Windows inbox policies](inbox-wdac-policies.md) that may also be active. You can use either of these methods: +1. Verify the set of WDAC policies that are active and enforced. Confirm that only those policies you expect to be active are currently active. Be aware of the [Windows inbox policies](inbox-appcontrol-policies.md) that may also be active. You can use either of these methods: - Review the output from *CiTool.exe -lp*, if applicable, which was saved to the CIDiag output directory as CiToolOutput.json. See [use Microsoft Edge to view the formatted json file](/microsoft-edge/devtools-guide-chromium/json-viewer/json-viewer). - Review all [policy activation events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-policy-activation-events) from the core WDAC event log found at **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md rename to windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md rename to windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md rename to windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md rename to windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md index a100e1a2c0..6f332731a9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md @@ -45,7 +45,7 @@ These events are found in the **AppLocker - MSI and Script** event log. |--------|-----------| | 8028 | This event indicates that a script host, such as PowerShell, queried Application Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the WDAC policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with Application Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. | | 8029 | This event is the enforcement mode equivalent of event 8028. Note: While this event says that a script was blocked, the script hosts control the actual script enforcement behavior. The script host may allow the file to run with restrictions and not block the file outright. For example, PowerShell runs script not allowed by your WDAC policy in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). | -| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](../design/allow-com-object-registration-in-wdac-policy.md). | +| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](../design/allow-com-object-registration-in-appcontrol-policy.md). | | 8037 | This event indicates that a script host checked whether to allow a script to run, and the file passed the WDAC policy. | | 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files generate a single 8038 event with TotalSignatureCount 0. These events are correlated with 8028 and 8029 events and can be matched using the `Correlation ActivityID` found in the **System** portion of the event. | | 8039 | This event indicates that a packaged app (MSIX/AppX) was allowed to install or run because the WDAC policy is in audit mode. But, it would have been blocked if the policy was enforced. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md rename to windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md rename to windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md rename to windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md index f33e99121c..9f7e0f0155 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md @@ -89,7 +89,7 @@ msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi ### Slow boot and performance with custom policies -WDAC evaluates all processes that run, including inbox Windows processes. You can cause slower boot times, degraded performance, and possibly boot issues if your policies don't build upon the WDAC templates or don't trust the Windows signers. For these reasons, you should use the [WDAC base templates](../design/example-wdac-base-policies.md) whenever possible to create your policies. +WDAC evaluates all processes that run, including inbox Windows processes. You can cause slower boot times, degraded performance, and possibly boot issues if your policies don't build upon the WDAC templates or don't trust the Windows signers. For these reasons, you should use the [WDAC base templates](../design/example-appcontrol-base-policies.md) whenever possible to create your policies. #### AppId Tagging policy considerations diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md rename to windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md diff --git a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 239ddd052c..5038cdb7a5 100644 --- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -38,6 +38,6 @@ WDAC has no specific hardware or software requirements. ## Related articles -- [Windows Defender Application Control](windows-defender-application-control/wdac.md) +- [Windows Defender Application Control](app-control-for-business/appcontrol.md) - [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) - [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml index f8b2ebf7a8..a84a5f19c5 100644 --- a/windows/security/application-security/application-control/toc.yml +++ b/windows/security/application-security/application-control/toc.yml @@ -1,8 +1,8 @@ items: - name: Smart App Control - href: windows-defender-application-control/wdac.md + href: app-control-for-business/appcontrol.md - name: Windows Defender Application Control - href: windows-defender-application-control/wdac.md + href: app-control-for-business/appcontrol.md - name: Windows Defender Application Control and virtualization-based protection of code integrity href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: User Account Control (UAC) @@ -14,5 +14,4 @@ items: - name: UAC settings and configuration href: user-account-control/settings-and-configuration.md - name: Microsoft Vulnerable Driver Blocklist - href: windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md - + href: app-control-for-business/design/microsoft-recommended-driver-block-rules.md diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 4729ae6e10..d668a98028 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -50,7 +50,7 @@ In either of these scenarios, once the rules are added, they must be deleted to Windows Firewall supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration: -1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications. +1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications. 1. Configure firewall rules using *PolicyAppId tags* using one of the two methods: - Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting - Create local firewall rules with PowerShell: use the [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) cmdlet and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 564b83b498..dd250485d8 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -386,7 +386,7 @@ Examples: Set-ProcessMitigation -Name notepad.exe -Enable SEHOP -Disable MandatoryASLR,DEPATL ``` -- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](../application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. +- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](../application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. - **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET "Certificate Trust" XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning). For example: From b497abbc0d5222dfff7d8ccddea399d7b0a2c699 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 15:57:36 -0600 Subject: [PATCH 032/164] Add missing redirect --- .openpublishing.redirection.windows-security.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index bcbf7f307d..ad9e6e6bf0 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -400,6 +400,11 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create", + "redirect_document_id": false + }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", From 76d5cb5f24aef25a7246dc581766ced179e17a39 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 10 Sep 2024 16:14:35 -0700 Subject: [PATCH 033/164] Add in events from PM md file --- ...iagnostic-events-fields-windows-11-24H2.md | 4264 ++++++++++++++++- 1 file changed, 4263 insertions(+), 1 deletion(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index df9b42ccbd..e024065536 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -32,4 +32,4266 @@ You can learn more about Windows functional and diagnostic data through these ar - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) \ No newline at end of file +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) + + +## Appraiser events + +### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount + +This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **DatasourceApplicationFile_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_NI22H2** No content is currently available. +- **DatasourceApplicationFile_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceApplicationFile_RS1** The total number of objects of this type present on this device. +- **DatasourceApplicationFile_ZN23H2** No content is currently available. +- **DatasourceApplicationFile_ZN23H2Exp** No content is currently available. +- **DatasourceApplicationFile_ZN23H2Setup** No content is currently available. +- **DatasourceApplicationFileBackup** No content is currently available. +- **DatasourceBackupApplicationRestore** No content is currently available. +- **DatasourceDevicePnp_20H1Setup** The total number of objects of this type present on this device. +- **DatasourceDevicePnp_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_NI22H2** No content is currently available. +- **DatasourceDevicePnp_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DatasourceDevicePnp_ZN23H2** No content is currently available. +- **DatasourceDevicePnp_ZN23H2Exp** No content is currently available. +- **DatasourceDevicePnp_ZN23H2Setup** No content is currently available. +- **DatasourceDriverPackage_20H1Setup** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_NI22H2** No content is currently available. +- **DatasourceDriverPackage_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_RS1** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_ZN23H2** No content is currently available. +- **DatasourceDriverPackage_ZN23H2Exp** No content is currently available. +- **DatasourceDriverPackage_ZN23H2Setup** No content is currently available. +- **DataSourceMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_NI22H2** No content is currently available. +- **DataSourceMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoBlock_RS1** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoBlock_ZN23H2** No content is currently available. +- **DataSourceMatchingInfoBlock_ZN23H2Exp** No content is currently available. +- **DataSourceMatchingInfoBlock_ZN23H2Setup** No content is currently available. +- **DataSourceMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_NI22H2** No content is currently available. +- **DataSourceMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPassive_RS1** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPassive_ZN23H2** No content is currently available. +- **DataSourceMatchingInfoPassive_ZN23H2Exp** No content is currently available. +- **DataSourceMatchingInfoPassive_ZN23H2Setup** No content is currently available. +- **DataSourceMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_NI22H2** No content is currently available. +- **DataSourceMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2** No content is currently available. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2Exp** No content is currently available. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2Setup** No content is currently available. +- **DatasourceSystemBios_20H1Setup** The total number of objects of this type present on this device. +- **DatasourceSystemBios_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_NI22H2** No content is currently available. +- **DatasourceSystemBios_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DatasourceSystemBios_ZN23H2** No content is currently available. +- **DatasourceSystemBios_ZN23H2Exp** No content is currently available. +- **DatasourceSystemBios_ZN23H2Setup** No content is currently available. +- **DecisionApplicationFile_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_NI22H2** No content is currently available. +- **DecisionApplicationFile_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionApplicationFile_RS1** The total number of objects of this type present on this device. +- **DecisionApplicationFile_ZN23H2** No content is currently available. +- **DecisionApplicationFile_ZN23H2Exp** No content is currently available. +- **DecisionApplicationFile_ZN23H2Setup** No content is currently available. +- **DecisionDevicePnp_20H1Setup** The total number of objects of this type present on this device. +- **DecisionDevicePnp_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_NI22H2** No content is currently available. +- **DecisionDevicePnp_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionDevicePnp_RS1** The total number of objects of this type present on this device. +- **DecisionDevicePnp_ZN23H2** No content is currently available. +- **DecisionDevicePnp_ZN23H2Exp** No content is currently available. +- **DecisionDevicePnp_ZN23H2Setup** No content is currently available. +- **DecisionDriverPackage_20H1Setup** The total number of objects of this type present on this device. +- **DecisionDriverPackage_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_NI22H2** No content is currently available. +- **DecisionDriverPackage_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionDriverPackage_RS1** The total number of objects of this type present on this device. +- **DecisionDriverPackage_ZN23H2** No content is currently available. +- **DecisionDriverPackage_ZN23H2Exp** No content is currently available. +- **DecisionDriverPackage_ZN23H2Setup** No content is currently available. +- **DecisionMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_NI22H2** No content is currently available. +- **DecisionMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoBlock_RS1** The total number of objects of this type present on this device. +- **DecisionMatchingInfoBlock_ZN23H2** No content is currently available. +- **DecisionMatchingInfoBlock_ZN23H2Exp** No content is currently available. +- **DecisionMatchingInfoBlock_ZN23H2Setup** No content is currently available. +- **DecisionMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_NI22H2** No content is currently available. +- **DecisionMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPassive_ZN23H2** No content is currently available. +- **DecisionMatchingInfoPassive_ZN23H2Exp** No content is currently available. +- **DecisionMatchingInfoPassive_ZN23H2Setup** No content is currently available. +- **DecisionMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_NI22H2** No content is currently available. +- **DecisionMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_ZN23H2** No content is currently available. +- **DecisionMatchingInfoPostUpgrade_ZN23H2Exp** No content is currently available. +- **DecisionMatchingInfoPostUpgrade_ZN23H2Setup** No content is currently available. +- **DecisionMediaCenter_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMediaCenter_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_NI22H2** No content is currently available. +- **DecisionMediaCenter_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMediaCenter_RS1** The total number of objects of this type present on this device. +- **DecisionMediaCenter_ZN23H2** No content is currently available. +- **DecisionMediaCenter_ZN23H2Exp** No content is currently available. +- **DecisionMediaCenter_ZN23H2Setup** No content is currently available. +- **DecisionSModeState_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSModeState_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSModeState_NI22H2** No content is currently available. +- **DecisionSModeState_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSModeState_RS1** The total number of objects of this type present on this device. +- **DecisionSModeState_ZN23H2** No content is currently available. +- **DecisionSModeState_ZN23H2Exp** No content is currently available. +- **DecisionSModeState_ZN23H2Setup** No content is currently available. +- **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device. +- **DecisionSystemBios_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_NI22H2** No content is currently available. +- **DecisionSystemBios_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemBios_RS1** The total number of objects of this type present on this device. +- **DecisionSystemBios_ZN23H2** No content is currently available. +- **DecisionSystemBios_ZN23H2Exp** No content is currently available. +- **DecisionSystemBios_ZN23H2Setup** No content is currently available. +- **DecisionSystemDiskSize_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemDiskSize_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_NI22H2** No content is currently available. +- **DecisionSystemDiskSize_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device. +- **DecisionSystemDiskSize_ZN23H2** No content is currently available. +- **DecisionSystemDiskSize_ZN23H2Exp** No content is currently available. +- **DecisionSystemDiskSize_ZN23H2Setup** No content is currently available. +- **DecisionSystemMemory_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemMemory_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_NI22H2** No content is currently available. +- **DecisionSystemMemory_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device. +- **DecisionSystemMemory_ZN23H2** No content is currently available. +- **DecisionSystemMemory_ZN23H2Exp** No content is currently available. +- **DecisionSystemMemory_ZN23H2Setup** No content is currently available. +- **DecisionSystemProcessorCpuCores_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuCores_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_NI22H2** No content is currently available. +- **DecisionSystemProcessorCpuCores_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuCores_ZN23H2** No content is currently available. +- **DecisionSystemProcessorCpuCores_ZN23H2Exp** No content is currently available. +- **DecisionSystemProcessorCpuCores_ZN23H2Setup** No content is currently available. +- **DecisionSystemProcessorCpuModel_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuModel_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_NI22H2** No content is currently available. +- **DecisionSystemProcessorCpuModel_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuModel_ZN23H2** No content is currently available. +- **DecisionSystemProcessorCpuModel_ZN23H2Exp** No content is currently available. +- **DecisionSystemProcessorCpuModel_ZN23H2Setup** No content is currently available. +- **DecisionSystemProcessorCpuSpeed_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorPopCnt** No content is currently available. +- **DecisionTest_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionTest_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_NI22H2** No content is currently available. +- **DecisionTest_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionTest_RS1** The total number of objects of this type present on this device. +- **DecisionTest_ZN23H2** No content is currently available. +- **DecisionTest_ZN23H2Exp** No content is currently available. +- **DecisionTest_ZN23H2Setup** No content is currently available. +- **DecisionTpmVersion_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionTpmVersion_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_NI22H2** No content is currently available. +- **DecisionTpmVersion_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device. +- **DecisionTpmVersion_ZN23H2** No content is currently available. +- **DecisionTpmVersion_ZN23H2Exp** No content is currently available. +- **DecisionTpmVersion_ZN23H2Setup** No content is currently available. +- **DecisionUefiSecureBoot_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionUefiSecureBoot_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_NI22H2** No content is currently available. +- **DecisionUefiSecureBoot_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device. +- **DecisionUefiSecureBoot_ZN23H2** No content is currently available. +- **DecisionUefiSecureBoot_ZN23H2Exp** No content is currently available. +- **DecisionUefiSecureBoot_ZN23H2Setup** No content is currently available. +- **InventoryApplicationFile** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryMediaCenter** The count of the number of this particular object type present on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **InventoryTest** The count of the number of this particular object type present on this device. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **PCFP** The count of the number of this particular object type present on this device. +- **SystemMemory** The count of the number of this particular object type present on this device. +- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. +- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPopCnt** No content is currently available. +- **SystemProcessorPopCnt_NI22H2** No content is currently available. +- **SystemProcessorPopCnt_RS1** No content is currently available. +- **SystemProcessorPopCnt_ZN23H2** No content is currently available. +- **SystemProcessorPopCnt_ZN23H2Exp** No content is currently available. +- **SystemProcessorPopCnt_ZN23H2Setup** No content is currently available. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. +- **SystemProcessorSse2** The total number of objects of this type present on this device. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The total number of objects of this type present on this device. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWlan** The total number of objects of this type present on this device. +- **Wmdrm_CO21H2Setup** The total number of objects of this type present on this device. +- **Wmdrm_CU23H2Setup** The count of the number of this particular object type present on this device. +- **Wmdrm_NI22H2** No content is currently available. +- **Wmdrm_NI22H2Setup** The total number of objects of this type present on this device. +- **Wmdrm_RS1** The total number of objects of this type present on this device. +- **Wmdrm_ZN23H2** No content is currently available. +- **Wmdrm_ZN23H2Exp** No content is currently available. +- **Wmdrm_ZN23H2Setup** No content is currently available. + + +### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove + +This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreAdd + +No content is currently available. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** No content is currently available. +- **BackupLabel** No content is currently available. +- **CatalogSource** No content is currently available. +- **CreatePlaceholder** No content is currently available. +- **Name** No content is currently available. +- **ProgramId** No content is currently available. +- **SdbEntryGuid** No content is currently available. +- **SdbRestoreAction** No content is currently available. + + +### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreStartSync + +No content is currently available. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** No content is currently available. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove + +This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync + +This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd + +This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks? +- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks. +- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade? + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync + +This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.RestoreContext + +No content is currently available. + +The following fields are available: + +- **AppraiserBranch** No content is currently available. +- **AppraiserVersion** No content is currently available. +- **Context** No content is currently available. +- **PCFP** No content is currently available. +- **Result** No content is currently available. +- **Time** No content is currently available. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntAdd + +No content is currently available. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** No content is currently available. +- **Blocking** No content is currently available. +- **PopCntPassed** No content is currently available. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntStartSync + +No content is currently available. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** No content is currently available. + + +## Census events + +### Census.Xbox + +This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date. + +The following fields are available: + +- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console. +- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console. +- **XboxLiveDeviceId** Retrieves the unique device ID of the console. +- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft. + + +## Code Integrity events + +### Microsoft.Windows.Security.CodeIntegrity.Driver.AggregatedBlock + +No content is currently available. + +The following fields are available: + +- **CertificateInfo** No content is currently available. +- **DriverInfo** No content is currently available. +- **EventVersion** No content is currently available. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.AutoEnablementIsBlocked + +Indicates if OEM attempted to block autoenablement via regkey. + +The following fields are available: + +- **BlockHvciAutoenablement** True if auto-enablement was successfully blocked, false otherwise. +- **BlockRequested** No content is currently available. +- **Scenario** No content is currently available. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility + +Fires when the compatibility check completes. Gives the results from the check. + +The following fields are available: + +- **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement. +- **Scenario** No content is currently available. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled + +Fires when auto-enablement is successful and HVCI is being enabled on the device. + +The following fields are available: + +- **Error** No content is currently available. +- **Scenario** No content is currently available. +- **SuccessfullyEnabled** No content is currently available. +- **Upgrade** No content is currently available. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity + +Fires at the beginning and end of the HVCI auto-enablement process in sysprep. + +The following fields are available: + +- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. See [wilActivity](#wilactivity). + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled + +No content is currently available. + + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed + +Fires when driver scanning fails to get results. + + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverInSdbError + +Fires when there is an error checking the SDB for a particular driver. + +The following fields are available: + +- **DriverPath** Path to the driver that was being checked in the SDB when checking encountered an error. +- **Error** Error encountered during checking the SDB. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverNonCompliantError + +Fires when a driver is discovered that is non-compliant with HVCI. + +The following fields are available: + +- **DriverPath** Path to driver. +- **NonComplianceMask** Error code indicating driver violation. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.IsRegionDisabledLanguage + +Fires when an incompatible language pack is detected. + +The following fields are available: + +- **Language** String containing the incompatible language pack detected. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.KcetHvciDisabled + +No content is currently available. + + + +### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOff + +No content is currently available. + + + +### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOffIgnored + +No content is currently available. + +The following fields are available: + +- **Count** No content is currently available. +- **CurrentTimeMax** No content is currently available. +- **CurrentTimeMin** No content is currently available. +- **NightsWatchDesktopIgnoreAutoOptOut** No content is currently available. +- **OOBECompleteTime** No content is currently available. +- **OOBESafetyTime** No content is currently available. + + +### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWOff + +No content is currently available. + + + +### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWToEnforcementMode + +No content is currently available. + + + +## Common data extensions + +### Common Data Extensions.app + +Describes the properties of the running application. This extension could be populated by a client app or a web app. + +The following fields are available: + +- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. +- **env** The environment from which the event was logged. +- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. +- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. +- **locale** The locale of the app. +- **name** The name of the app. +- **userId** The userID as known by the application. +- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. + + +### Common Data Extensions.container + +Describes the properties of the container for events logged within a container. + +The following fields are available: + +- **epoch** An ID that's incremented for each SDK initialization. +- **localId** The device ID as known by the client. +- **osVer** The operating system version. +- **seq** An ID that's incremented for each event. +- **type** The container type. Examples: Process or VMHost + + +### Common Data Extensions.device + +Describes the device-related fields. + +The following fields are available: + +- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. +- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId +- **make** Device manufacturer. +- **model** Device model. + + +### Common Data Extensions.Envelope + +Represents an envelope that contains all of the common data extensions. + +The following fields are available: + +- **data** Represents the optional unique diagnostic data for a particular event schema. +- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). +- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). +- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv). +- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). +- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). +- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). +- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). +- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). +- **iKey** Represents an ID for applications or other logical groupings of events. +- **name** Represents the uniquely qualified name for the event. +- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.mscv + +Describes the correlation vector-related fields. + +The following fields are available: + +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries. + + +### Common Data Extensions.os + +Describes some properties of the operating system. + +The following fields are available: + +- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. +- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. +- **locale** Represents the locale of the operating system. +- **name** Represents the operating system name. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.sdk + +Used by platform specific libraries to record fields that are required for a specific SDK. + +The following fields are available: + +- **epoch** An ID that is incremented for each SDK initialization. +- **installId** An ID that's created during the initialization of the SDK for the first time. +- **libVer** The SDK version. +- **seq** An ID that is incremented for each event. +- **ver** The version of the logging SDK. + + +### Common Data Extensions.user + +Describes the fields related to a user. + +The following fields are available: + +- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. +- **locale** The language and region. +- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. + + +### Common Data Extensions.utc + +Describes the properties that could be populated by a logging library on Windows. + +The following fields are available: + +- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. +- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number +- **cat** Represents a bitmask of the ETW Keywords associated with the event. +- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. +- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **flags** Represents the bitmap that captures various Windows specific flags. +- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event. +- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence +- **op** Represents the ETW Op Code. +- **pgName** The short form of the provider group name associated with the event. +- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. +- **providerGuid** The ETW provider ID associated with the provider name. +- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. +- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. +- **wcmp** The Windows Shell Composer ID. +- **wPId** The Windows Core OS product ID. +- **wsId** The Windows Core OS session ID. + + +### Common Data Extensions.xbl + +Describes the fields that are related to XBOX Live. + +The following fields are available: + +- **claims** Any additional claims whose short claim name hasn't been added to this structure. +- **did** XBOX device ID +- **dty** XBOX device type +- **dvr** The version of the operating system on the device. +- **eid** A unique ID that represents the developer entity. +- **exp** Expiration time +- **ip** The IP address of the client device. +- **nbf** Not before time +- **pid** A comma separated list of PUIDs listed as base10 numbers. +- **sbx** XBOX sandbox identifier +- **sid** The service instance ID. +- **sty** The service type. +- **tid** The XBOX Live title ID. +- **tvr** The XBOX Live title version. +- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. +- **xid** A list of base10-encoded XBOX User IDs. + + +## Common data fields + +### Ms.Device.DeviceInventoryChange + +Describes the installation state for all hardware and software components available on a particular device. + +The following fields are available: + +- **action** The change that was invoked on a device inventory object. +- **inventoryId** Device ID used for Compatibility testing +- **objectInstanceId** Object identity which is unique within the device scope. +- **objectType** Indicates the object type that the event applies to. +- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. +- + +### Ms.Support.HttpEvent + +No content is currently available. + +The following fields are available: + +- **Common** No content is currently available. See [Common](#common). +- **EventData** No content is currently available. See [EventData](#eventdata). + + +### Ms.Support.Info + +No content is currently available. + +The following fields are available: + +- **Common** No content is currently available. See [Common](#common). +- **EventData** No content is currently available. See [EventData](#eventdata). + + +## Component-based servicing events + +### CbsServicingProvider.CbsCapabilityEnumeration + +This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date. + +The following fields are available: + +- **architecture** Indicates the scan was limited to the specified architecture. +- **capabilityCount** The number of optional content packages found during the scan. +- **clientId** The name of the application requesting the optional content. +- **duration** The amount of time it took to complete the scan. +- **hrStatus** The HReturn code of the scan. +- **language** Indicates the scan was limited to the specified language. +- **majorVersion** Indicates the scan was limited to the specified major version. +- **minorVersion** Indicates the scan was limited to the specified minor version. +- **namespace** Indicates the scan was limited to packages in the specified namespace. +- **sourceFilter** A bitmask indicating the scan checked for locally available optional content. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + + +### CbsServicingProvider.CbsCapabilitySessionFinalize + +This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **capabilities** The names of the optional content packages that were installed. +- **clientId** The name of the application requesting the optional content. +- **currentID** The ID of the current install session. +- **downloadSource** The source of the download. +- **highestState** The highest final install state of the optional content. +- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version. +- **hrStatus** The HReturn code of the install operation. +- **rebootCount** The number of reboots required to complete the install. +- **retryID** The session ID that will be used to retry a failed operation. +- **retryStatus** Indicates whether the install will be retried in the event of failure. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + + +### CbsServicingProvider.CbsCapabilitySessionPended + +This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date. + +The following fields are available: + +- **clientId** The name of the application requesting the optional content. +- **pendingDecision** Indicates the cause of reboot, if applicable. + + +### CbsServicingProvider.CbsFodInventory + +No content is currently available. + +The following fields are available: + +- **capabilities** No content is currently available. +- **initiatedOffline** No content is currently available. +- **stackBuild** No content is currently available. +- **stackMajorVersion** No content is currently available. +- **stackMinorVersion** No content is currently available. +- **stackRevision** No content is currently available. + + +### CbsServicingProvider.CbsLateAcquisition + +This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date. + +The following fields are available: + +- **Features** The list of feature packages that could not be updated. +- **RetryID** The ID identifying the retry attempt to update the listed packages. + + +### CbsServicingProvider.CbsPackageRemoval + +This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build number of the security update being uninstalled. +- **clientId** The name of the application requesting the uninstall. +- **currentStateEnd** The final state of the update after the operation. +- **failureDetails** Information about the cause of a failure, if applicable. +- **failureSourceEnd** The stage during the uninstall where the failure occurred. +- **hrStatusEnd** The overall exit code of the operation. +- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image. +- **majorVersion** The major version number of the security update being uninstalled. +- **minorVersion** The minor version number of the security update being uninstalled. +- **originalState** The starting state of the update before the operation. +- **pendingDecision** Indicates the cause of reboot, if applicable. +- **primitiveExecutionContext** The state during system startup when the uninstall was completed. +- **revisionVersion** The revision number of the security update being uninstalled. +- **transactionCanceled** Indicates whether the uninstall was cancelled. + + +### CbsServicingProvider.CbsPostponedReserveInstallDecision + +No content is currently available. + +The following fields are available: + +- **hardReserveSize** No content is currently available. +- **hardReserveUsedSpace** No content is currently available. +- **postponed** No content is currently available. +- **userFreeSpace** No content is currently available. +- **usingReserves** No content is currently available. + + +### CbsServicingProvider.CbsQualityUpdateInstall + +This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build version number of the update package. +- **clientId** The name of the application requesting the optional content. +- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device. +- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure. +- **currentStateEnd** The final state of the package after the operation has completed. +- **doqTimeSeconds** The time in seconds spent updating drivers. +- **executeTimeSeconds** The number of seconds required to execute the install. +- **failureDetails** The driver or installer that caused the update to fail. +- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred. +- **hrStatusEnd** The return code of the install operation. +- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file. +- **majorVersion** The major version number of the update package. +- **minorVersion** The minor version number of the update package. +- **originalState** The starting state of the package. +- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation. +- **planTimeSeconds** The time in seconds required to plan the update operations. +- **poqTimeSeconds** The time in seconds processing file and registry operations. +- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update. +- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot. +- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed. +- **rebootCount** The number of reboots required to install the update. +- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update. +- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update. +- **revisionVersion** The revision version number of the update package. +- **rptTimeSeconds** The time in seconds spent executing installer plugins. +- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update. +- **stackRevision** The revision number of the servicing stack. +- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update. + + +### CbsServicingProvider.CbsSelectableUpdateChangeV2 + +This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date. + +The following fields are available: + +- **applicableUpdateState** Indicates the highest applicable state of the optional content. +- **buildVersion** The build version of the package being installed. +- **clientId** The name of the application requesting the optional content change. +- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file. +- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file. +- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations. +- **executionSequence** A counter that tracks the number of servicing operations attempted on the device. +- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable. +- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable. +- **hrDownloadResult** The return code of the download operation. +- **hrStatusUpdate** The return code of the servicing operation. +- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled. +- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows. +- **majorVersion** The major version of the package being installed. +- **minorVersion** The minor version of the package being installed. +- **packageArchitecture** The architecture of the package being installed. +- **packageLanguage** The language of the package being installed. +- **packageName** The name of the package being installed. +- **rebootRequired** Indicates whether a reboot is required to complete the operation. +- **revisionVersion** The revision number of the package being installed. +- **stackBuild** The build number of the servicing stack binary performing the installation. +- **stackMajorVersion** The major version number of the servicing stack binary performing the installation. +- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation. +- **stackRevision** The revision number of the servicing stack binary performing the installation. +- **updateName** The name of the optional Windows Operation System feature being enabled or disabled. +- **updateStartState** A value indicating the state of the optional content before the operation started. +- **updateTargetState** A value indicating the desired state of the optional content. + + +### CbsServicingProvider.CbsUpdateDeferred + +This event reports the results of deferring Windows Content to keep Windows up to date. + + + +## Deployment events + +### Microsoft.Windows.Deployment.Imaging.AppExit + +This event is sent on imaging application exit. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **hr** HResult returned from app exit. +- **totalTimeInMs** Total time taken in Ms. + + +### Microsoft.Windows.Deployment.Imaging.AppInvoked + +This event is sent when the app for image creation is invoked. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **branch** Corresponding branch for the image. +- **isInDbg** Whether the app is in debug mode or not. +- **isWSK** Whether the app is building images using WSK or not. + + +## DISM events + +### Microsoft.Windows.StartRepairCore.DISMPendingInstall + +The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **dismPendingInstallPackageName** The name of the pending package. + + +### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions + +The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **errorCode** The result code returned by the event. + + +### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd + +The SRT Repair Action End event sends information to report repair operation ended for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **errorCode** The result code returned by the event. +- **failedUninstallCount** The number of driver updates that failed to uninstall. +- **failedUninstallFlightIds** The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall. +- **foundDriverUpdateCount** The number of found driver updates. +- **srtRepairAction** The scenario name for a repair. +- **successfulUninstallCount** The number of successfully uninstalled driver updates. +- **successfulUninstallFlightIds** The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates. + + +### Microsoft.Windows.StartRepairCore.SRTRepairActionStart + +The SRT Repair Action Start event sends information to report repair operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **srtRepairAction** The scenario name for a repair. + + +### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd + +The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **errorCode** The result code returned by the event. +- **flightIds** The Flight IDs (identifier of the beta release) of found driver updates. +- **foundDriverUpdateCount** The number of found driver updates. +- **srtRootCauseDiag** The scenario name for a diagnosis event. + + +### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart + +The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **srtRootCauseDiag** The scenario name for a diagnosis event. + + +## DxgKernelTelemetry events + +### DxgKrnlTelemetry.GPUAdapterInventoryV2 + +This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. + +The following fields are available: + +- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. +- **aiSeqId** The event sequence ID. +- **bootId** The system boot ID. +- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. +- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. +- **DDIInterfaceVersion** The device driver interface version. +- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). +- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). +- **Display1UMDFilePath** The file path to the location of the Display User Mode Driver in the Driver Store. +- **DisplayAdapterLuid** The display adapter LUID. +- **DriverDate** The date of the display driver. +- **DriverRank** The rank of the display driver. +- **DriverVersion** The display driver version. +- **DriverWorkarounds** Numeric value indicating the driver workarounds that are enabled for this device. +- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. +- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. +- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. +- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. +- **DxDbCurrentVersion** No content is currently available. +- **DxDbVersionCheckStatus** No content is currently available. +- **GPUDeviceID** The GPU device ID. +- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. +- **GPURevisionID** The GPU revision ID. +- **GPUVendorID** The GPU vendor ID. +- **HwFlipQueueSupportState** Numeric value indicating the adapter's support for hardware flip queues. +- **HwSchSupportState** Numeric value indicating the adapter's support for hardware scheduling. +- **IddPairedRenderAdapterLuid** Identifier for the render adapter paired with this display adapter. +- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided3** Number of device driver interface function pointers provided. +- **InterfaceId** The GPU interface ID. +- **IsCrossAdapterScanOutSupported** No content is currently available. +- **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwFlipQueueEnabled** Boolean value indicating whether hardware flip queues are enabled. +- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. +- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? +- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? +- **IsLDA** Is the GPU comprised of Linked Display Adapters? +- **IsMiracastSupported** Does the GPU support Miracast? +- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? +- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? +- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? +- **IsPostAdapter** Is this GPU the POST GPU in the device? +- **IsRemovable** TRUE if the adapter supports being disabled or removed. +- **IsRenderDevice** Does the GPU have rendering capabilities? +- **IsSoftwareDevice** Is this a software implementation of the GPU? +- **IsVirtualRefreshRateSupported** Boolean value indicating whether the adapter supports virtual refresh rates. +- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. +- **MdmSupportStatus** No content is currently available. +- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? +- **NodeTypes** No content is currently available. +- **NumExecutionNodes** No content is currently available. +- **NumNonVidPnTargets** Number of display targets. +- **NumPhysicalAdapters** No content is currently available. +- **NumVidPnSources** The number of supported display output sources. +- **NumVidPnTargets** The number of supported display output targets. +- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). +- **SubSystemID** The subsystem ID. +- **SubVendorID** The GPU sub vendor ID. +- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? +- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) +- **version** The event version. +- **WDDMVersion** The Windows Display Driver Model version. + + +### DxgKrnlTelemetry.GPUStartAdapter + +No content is currently available. + +The following fields are available: + +- **DDIInterfaceVersion** No content is currently available. +- **DriverDate** No content is currently available. +- **DriverRank** No content is currently available. +- **DriverVersion** No content is currently available. +- **FailureReason** No content is currently available. +- **GPUDeviceID** No content is currently available. +- **GPURevisionID** No content is currently available. +- **GPUVendorID** No content is currently available. +- **IsSoftwareDevice** No content is currently available. +- **StartAdapterFailedSequenceId** No content is currently available. +- **Status** No content is currently available. +- **SubSystemID** No content is currently available. +- **SubVendorID** No content is currently available. +- **version** No content is currently available. + + +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **rdmaConnectionsForStorage** No content is currently available. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **securityLevelForStorage** The cluster parameter: security level for storage. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **useRdmaForStorage** No content is currently available. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + +## Fault Reporting events + +### Microsoft.Windows.FaultReporting.AppCrashEvent + +This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event. + +The following fields are available: + +- **AppName** The name of the app that has crashed. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppTimeStamp** The date/time stamp of the app. +- **AppVersion** The version of the app that has crashed. +- **ExceptionCode** The exception code returned by the process that has crashed. +- **ExceptionOffset** The address where the exception had occurred. +- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. +- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name. +- **IsFatal** True/False to indicate whether the crash resulted in process termination. +- **ModName** Exception module name (e.g. bar.dll). +- **ModTimeStamp** The date/time stamp of the module. +- **ModVersion** The version of the module that has crashed. +- **PackageFullName** Store application identity. +- **PackageRelativeAppId** Store application identity. +- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. +- **ProcessCreateTime** The time of creation of the process that has crashed. +- **ProcessId** The ID of the process that has crashed. +- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. +- **TargetAppId** The kernel reported AppId of the application being reported. +- **TargetAppVer** The specific version of the application being reported +- **TargetAsId** The sequence number for the hanging process. + + +## Feature quality events + +### Microsoft.Windows.FeatureQuality.Heartbeat + +This event indicates the feature status heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **Features** Array of features. + + +### Microsoft.Windows.FeatureQuality.StateChange + +This event indicates the change of feature state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **flightId** Flight id. +- **state** New state. + + +### Microsoft.Windows.FeatureQuality.Status + +This event indicates the feature status. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **featureId** Feature id. +- **flightId** Flight id. +- **time** Time of status change. +- **variantId** Variant id. + + +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed + +This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **failureReason** Provides data about the uninstall initialization operation failure. +- **hr** Provides the Win32 error code for the operation failure. + + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly. + + + +## Hang Reporting events + +### Microsoft.Windows.HangReporting.AppHangEvent + +This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events. + +The following fields are available: + +- **AppName** The name of the app that has hung. +- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppVersion** The version of the app that has hung. +- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report. +- **PackageFullName** Store application identity. +- **PackageRelativeAppId** Store application identity. +- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. +- **ProcessCreateTime** The time of creation of the process that has hung. +- **ProcessId** The ID of the process that has hung. +- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. +- **TargetAppId** The kernel reported AppId of the application being reported. +- **TargetAppVer** The specific version of the application being reported. +- **TargetAsId** The sequence number for the hanging process. +- **TypeCode** Bitmap describing the hang type. +- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application. +- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting. +- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting. +- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. + + +## Holographic events + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded + +This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **ClassGuid** Windows Mixed Reality device class GUID. +- **DeviceInterfaceId** Windows Mixed Reality device interface ID. +- **DriverVersion** Windows Mixed Reality device driver version. +- **FirmwareVersion** Windows Mixed Reality firmware version. +- **Manufacturer** Windows Mixed Reality device manufacturer. +- **ModelName** Windows Mixed Reality device model name. +- **SerialNumber** Windows Mixed Reality device serial number. + + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceRemoved + +This event indicates Windows Mixed Reality device state. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly. + +The following fields are available: + +- **DeviceInterfaceId** Device Interface ID. + + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated + +No content is currently available. + +The following fields are available: + +- **AppSessionGuid** No content is currently available. +- **IsForCompositor** No content is currently available. +- **Source** No content is currently available. +- **WindowInstanceId** No content is currently available. + + +### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated + +This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **HmdState** Windows Mixed Reality Headset HMD state. +- **NewHoloShellState** Windows Mixed Reality HoloShell state. +- **PriorHoloShellState** Windows Mixed Reality state prior to entering to HoloShell. +- **SimulationEnabled** Windows Mixed Reality Simulation state. + + +### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated + +This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode. +- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. +- **PackageVersion** Windows Mixed Reality Portal app package version. +- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. +- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity). + + +### Microsoft.Windows.Shell.HolographicFirstRun.SomethingWentWrong + +This event is emitted when something went wrong error occurs. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly. + +The following fields are available: + +- **ErrorSource** Source of error, obsoleted always 0. +- **StartupContext** Start up state. +- **StatusCode** Error status code. +- **SubstatusCode** Error sub status code. + + +### TraceLoggingHoloLensSensorsProvider.OnDeviceAdd + +This event provides Windows Mixed Reality device state with new process that hosts the driver. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly. + +The following fields are available: + +- **Process** Process ID. +- **Thread** Thread ID. + + +### TraceLoggingOasisUsbHostApiProvider.DeviceInformation + +This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **BootloaderMajorVer** Windows Mixed Reality device boot loader major version. +- **BootloaderMinorVer** Windows Mixed Reality device boot loader minor version. +- **BootloaderRevisionNumber** Windows Mixed Reality device boot loader revision number. +- **BTHFWMajorVer** Windows Mixed Reality device BTHFW major version. This event also used to count WMR device. +- **BTHFWMinorVer** Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device. +- **BTHFWRevisionNumber** Windows Mixed Reality device BTHFW revision number. +- **CalibrationBlobSize** Windows Mixed Reality device calibration blob size. +- **CalibrationFwMajorVer** Windows Mixed Reality device calibration firmware major version. +- **CalibrationFwMinorVer** Windows Mixed Reality device calibration firmware minor version. +- **CalibrationFwRevNum** Windows Mixed Reality device calibration firmware revision number. +- **DeviceInfoFlags** Windows Mixed Reality device info flags. +- **DeviceReleaseNumber** Windows Mixed Reality device release number. +- **FirmwareMajorVer** Windows Mixed Reality device firmware major version. +- **FirmwareMinorVer** Windows Mixed Reality device firmware minor version. +- **FirmwareRevisionNumber** Windows Mixed Reality device calibration firmware revision number. +- **FpgaFwMajorVer** Windows Mixed Reality device FPGA firmware major version. +- **FpgaFwMinorVer** Windows Mixed Reality device FPGA firmware minor version. +- **FpgaFwRevisionNumber** Windows Mixed Reality device FPGA firmware revision number. +- **FriendlyName** Windows Mixed Reality device friendly name. +- **HashedSerialNumber** Windows Mixed Reality device hashed serial number. +- **HeaderSize** Windows Mixed Reality device header size. +- **HeaderVersion** Windows Mixed Reality device header version. +- **LicenseKey** Windows Mixed Reality device header license key. +- **Make** Windows Mixed Reality device make. +- **ManufacturingDate** Windows Mixed Reality device manufacturing date. +- **Model** Windows Mixed Reality device model. +- **PresenceSensorHidVendorPage** Windows Mixed Reality device presence sensor HID vendor page. +- **PresenceSensorHidVendorUsage** Windows Mixed Reality device presence sensor HID vendor usage. +- **PresenceSensorUsbVid** Windows Mixed Reality device presence sensor USB VId. +- **ProductBoardRevision** Windows Mixed Reality device product board revision number. +- **SerialNumber** Windows Mixed Reality device serial number. + + +## Inventory events + +### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd + +This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AndroidPackageId** A unique identifier for an Android app. +- **HiddenArp** Indicates whether a program hides itself from showing up in ARP. +- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics). +- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00 +- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. +- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array. +- **InventoryVersion** The version of the inventory file generating the events. +- **Language** The language code of the program. +- **MsiInstallDate** The install date recorded in the program's MSI package. +- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. +- **MsiProductCode** A GUID that describe the MSI Product. +- **Name** The name of the application. +- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. +- **PackageFullName** The package full name for a Store application. +- **ProgramInstanceId** A hash of the file IDs in an app. +- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. +- **RootDirPath** The path to the root directory where the program was installed. +- **Source** How the program was installed (for example, ARP, MSI, Appx). +- **SparkId** No content is currently available. +- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. +- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. +- **Version** The version number of the program. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationKbStartSync + +No content is currently available. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** No content is currently available. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove + +This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +## Kernel events + +### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem + +This event is sent when a new problem code is assigned to a device. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **Count** The total number of events. +- **DeviceInstanceId** The unique identifier of the device in the system. +- **LastProblem** The previous problem code that was set on the device. +- **LastProblemStatus** The previous NTSTATUS value that was set on the device. +- **Problem** The new problem code that was set on the device. +- **ProblemStatus** The new NTSTATUS value that was set on the device. +- **ServiceName** The driver or service name that is attached to the device. + + +### Microsoft.Windows.Kernel.Power.AbnormalShutdown + +No content is currently available. + +The following fields are available: + +- **BootEnvironment** No content is currently available. See [BootEnvironment](#bootenvironment). +- **BootStatValid** No content is currently available. +- **Bugcheck** No content is currently available. See [Bugcheck](#bugcheck). +- **CrashDump** No content is currently available. See [CrashDump](#crashdump). +- **CurrentBootId** No content is currently available. +- **FirmwareReset** No content is currently available. See [FirmwareReset](#firmwarereset). +- **LastShutdownBootId** No content is currently available. +- **LongPowerButtonHold** No content is currently available. See [LongPowerButtonHold](#longpowerbuttonhold). +- **SystemStateTransition** No content is currently available. See [SystemStateTransition](#systemstatetransition). +- **Watchdog** No content is currently available. See [Watchdog](#watchdog). +- **WheaBootErrorCount** No content is currently available. + + +### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown + +This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they are expected to. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **temperature** Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit. +- **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits. +- **TotalUpTimeMs** No content is currently available. + + +## Microsoft Edge events + +### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** No content is currently available. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** No content is currently available. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** No content is currently available. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** No content is currently available. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date. + +The following fields are available: + +- **appAp** Any additional parameters for the specified application. Default: ''. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. +- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. +- **appEdgePreviewDisenrollReason** No content is currently available. +- **appEdgePreviewPreviousValuesV2** No content is currently available. +- **appEdgePreviewState** No content is currently available. +- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. +- **appFirstFRESeenTime** No content is currently available. +- **appFirstFRESeenVersion** No content is currently available. +- **appInactivityBadgeApplied** No content is currently available. +- **appInactivityBadgeCleared** No content is currently available. +- **appInactivityBadgeDuration** No content is currently available. +- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appIsPinnedSystem** No content is currently available. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appLastLaunchCount** No content is currently available. +- **appLastLaunchTime** The time when browser was last launched. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appOOBEInstallTime** No content is currently available. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply. +- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z. +- **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) For example, HIT from proxy.domain.tld, MISS from proxy.local. +- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US. +- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2. +- **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. For example, Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z. +- **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. For example, CP=\"CAO PSA OUR\". +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply. +- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. +- **appPingEventSystemUptimeTicks** No content is currently available. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'. +- **appUpdateCheckIsRollbackAllowed** Check for status showing whether or not rollback is allowed. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetChannel** Check for status showing the target release channel. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. +- **appUpdateCount** No content is currently available. +- **appUpdatesAllowedForMeteredNetworks** No content is currently available. +- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. +- **hwDiskType** Device’s hardware disk type. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwLogicalCpus** Number of logical CPUs of the device. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isCTADevice** No content is currently available. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **oemProductManufacturer** The device manufacturer name. +- **oemProductName** The product name of the device defined by device manufacturer. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osIsDefaultNetworkConnectionMetered** No content is currently available. +- **osIsInLockdownMode** No content is currently available. +- **osIsWIP** No content is currently available. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osProductType** No content is currently available. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **osWIPBranch** No content is currently available. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.PingXml + +No content is currently available. + +The following fields are available: + +- **EventInfo.Level** No content is currently available. +- **Xml** No content is currently available. + + +## Migration events + +### Microsoft.Windows.MigrationCore.MigObjectCountDLSys + +This event is used to indicate object count for system paths during different phases of Windows feature update. + +The following fields are available: + +- **migDiagSession->CString** Indicates the phase of the update. +- **objectCount** Number of files being tracked for the corresponding phase of the update. +- **sfInfo.Name** No content is currently available. + + +### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr + +This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios. + +The following fields are available: + +- **currentSid** Indicates the user SID for which the migration is being performed. +- **migDiagSession->CString** The phase of the upgrade where migration occurs. (E.g.: Validate tracked content) +- **objectCount** The count for the number of objects that are being transferred. +- **sfInfo.Name** This event identifies the phase of the upgrade where migration happens. + + +### Microsoft.Windows.MigrationCore.MigObjectCountKFSys + +This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios. + +The following fields are available: + +- **migDiagSession->CString** Identifies the phase of the upgrade where migration happens. +- **objectCount** The count of the number of objects that are being transferred. +- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads + + +### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr + +This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios. + +The following fields are available: + +- **currentSid** Indicates the user SID for which the migration is being performed. +- **migDiagSession->CString** The phase of the upgrade where the migration occurs. (For example, Validate tracked content.) +- **objectCount** The number of objects that are being transferred. +- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads. + + +## OneSettings events + +### Microsoft.Windows.OneSettingsClient.Heartbeat + +This event indicates the config state heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **Configs** Array of configs. + + +### Microsoft.Windows.OneSettingsClient.StateChange + +This event indicates the change in config state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **flightId** Flight id. +- **state** New state. + + +### Microsoft.Windows.OneSettingsClient.Status + +This event indicates the config usage of status update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **flightId** Flight id. +- **time** Time. + + +## OOBE events + +### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateNthLogonDisplayStatus + +NthLogon NDUP evaluated whether it should launch or not. + +The following fields are available: + +- **nthSkippedReasonFlag** Flag indicating skip reason. +- **reason** Skip reason string. + + +### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdatePageSkipped + +This event provides information about skipping expedited update page. The data collected with this event is used to help keep Windows secure, up to date, and performing properly. + +The following fields are available: + +- **reason** Reason for skip. +- **skippedReasonFlag** Flag representing reason for skip. + + +### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStatusResult + +This event provides status of expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly. + +The following fields are available: + +- **oobeExpeditedUpdateStatus** Expedited update status. +- **reason** Reason for the status. +- **resultCode** HR result of operation. + + +## Other events + +### Microsoft.Windows.Analog.HolographicDriverClient.TelemetryUserPresenceChanged + +No content is currently available. + +The following fields are available: + +- **correlationGuid** No content is currently available. +- **isPresent** No content is currently available. + + +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered + +No content is currently available. + +The following fields are available: + +- **SessionID** No content is currently available. +- **TargetAsId** No content is currently available. +- **windowInstanceId** No content is currently available. + + +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave + +No content is currently available. + +The following fields are available: + +- **EventHistory** No content is currently available. +- **ExternalComponentState** No content is currently available. +- **LastEvent** No content is currently available. +- **SessionID** No content is currently available. +- **TargetAsId** No content is currently available. +- **windowInstanceId** No content is currently available. + + +### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeyFinalize + +No content is currently available. + +The following fields are available: + +- **accountType** No content is currently available. +- **cacheType** No content is currently available. +- **finalizeStatus** No content is currently available. +- **gestureRequired** No content is currently available. +- **isIsoContainer** No content is currently available. +- **isVsm** No content is currently available. +- **keyAccountId** No content is currently available. +- **keyAlgId** No content is currently available. +- **keyDomain** No content is currently available. +- **keyImplType** No content is currently available. +- **keyTenant** No content is currently available. +- **keyType** No content is currently available. +- **signStatus** No content is currently available. +- **silentByCaller** No content is currently available. +- **silentByProperty** No content is currently available. + + +### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeySignHash + +No content is currently available. + +The following fields are available: + +- **accountType** No content is currently available. +- **cacheType** No content is currently available. +- **callerCmdLine** No content is currently available. +- **didPrompt** No content is currently available. +- **gestureRequired** No content is currently available. +- **isCacheWithTimedCounterEnabled** No content is currently available. +- **isCallerProcessQueryLimited** No content is currently available. +- **isUnlockTimeSet** No content is currently available. +- **keyAccountId** No content is currently available. +- **keyDomain** No content is currently available. +- **keyImplType** No content is currently available. +- **keyTenant** No content is currently available. +- **keyType** No content is currently available. +- **numSignatures** No content is currently available. +- **persistedInPinCache** No content is currently available. +- **protectionLevel** No content is currently available. +- **sessionGuid** No content is currently available. +- **signStatus** No content is currently available. +- **silentByCaller** No content is currently available. +- **silentByProperty** No content is currently available. +- **timeSinceUnlockMs** No content is currently available. +- **usedPinCache** No content is currently available. +- **validTicket** No content is currently available. + + +### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateFailed + +No content is currently available. + +The following fields are available: + +- **Action** No content is currently available. +- **hr** No content is currently available. +- **IsRejectedByFirmware** No content is currently available. +- **IsResealNeeded** No content is currently available. +- **RevokedBootmanager** No content is currently available. +- **SecureBootUpdateCaller** No content is currently available. +- **UpdateType** No content is currently available. +- **WillResealSucceed** No content is currently available. + + +### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted + +No content is currently available. + +The following fields are available: + +- **AvailableUpdates** No content is currently available. +- **SecureBootUpdateCaller** No content is currently available. + + +### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateSucceeded + +No content is currently available. + +The following fields are available: + +- **Action** No content is currently available. +- **IsRebootRequiredBeforeUpdate** No content is currently available. +- **IsResealNeeded** No content is currently available. +- **RevokedBootmanager** No content is currently available. +- **SecureBootUpdateCaller** No content is currently available. +- **UpdateType** No content is currently available. +- **WillResealSucceed** No content is currently available. + + +### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateCompleted + +No content is currently available. + +The following fields are available: + +- **Action** No content is currently available. +- **hr** No content is currently available. +- **IsResealNeeded** No content is currently available. +- **sbServicingFailureReason** No content is currently available. +- **SecureBootUpdateCaller** No content is currently available. +- **UpdateType** No content is currently available. +- **WillResealSucceed** No content is currently available. + + +### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateStarted + +No content is currently available. + +The following fields are available: + +- **SecureBootUpdateCaller** No content is currently available. +- **UpdateType** No content is currently available. + + +### Microsoft.Windows.Security.SBServicingCore.SBServicingCoreFunctionFailed + +No content is currently available. + +The following fields are available: + +- **Action** No content is currently available. +- **Function** No content is currently available. +- **hr** No content is currently available. + + +### Microsoft.Windows.Shell.CortanaSearch.WebView2ProcessFailed + +No content is currently available. + +The following fields are available: + +- **ExitCode** No content is currently available. +- **ProcessFailedKind** No content is currently available. +- **Reason** No content is currently available. +- **SessionId** No content is currently available. + + +### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.GetUserAccountState + +No content is currently available. + +The following fields are available: + +- **CassService** No content is currently available. +- **componentName** No content is currently available. +- **correlationVector** No content is currently available. +- **currentPageGroupId** No content is currently available. +- **currentPageId** No content is currently available. +- **experienceId** No content is currently available. +- **experienceVersion** No content is currently available. +- **isExperienceInbox** No content is currently available. +- **pageId** No content is currently available. +- **pageSessionId** No content is currently available. +- **processSessionId** No content is currently available. +- **state** No content is currently available. + + +### Microsoft.Windows.WinRE.Agent.CreateWinRePartitionFailed + +No content is currently available. + +The following fields are available: + +- **ErrorCode** No content is currently available. + + +### Microsoft.Windows.WinRE.Agent.ExtendOsPartitionSucceed + +No content is currently available. + + + +### Microsoft.Windows.WinRE.Agent.ShrinkOsPartitionFailed + +No content is currently available. + +The following fields are available: + +- **HRESULT** No content is currently available. + + +### Microsoft.Windows.WinRE.Agent.WinreFormatPartition + +No content is currently available. + + + +### Microsoft.Windows.WinRE.Agent.WinreFormatPartitionSucceed + +No content is currently available. + + +## Privacy consent logging events + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted + +This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **presentationVersion** Which display version of the privacy consent experience the user completed +- **privacyConsentState** The current state of the privacy consent experience +- **settingsVersion** Which setting version of the privacy consent experience the user completed +- **userOobeExitReason** The exit reason of the privacy consent experience + + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus + +This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **isAdmin** whether the person who is logging in is an admin +- **isExistingUser** whether the account existed in a downlevel OS +- **isLaunching** Whether or not the privacy consent experience will be launched +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience +- **userRegionCode** The current user's region setting + + +## Setup events + +### Microsoft.Windows.Setup.WinSetupMon.ProtectionViolation + +This event provides information about move or deletion of a file or a directory which is being monitored for data safety during feature updates. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **Mode** No content is currently available. +- **Path** Path to the file or the directory which is being moved or deleted. +- **Process** Path to the process which is requesting the move or the deletion. +- **SessionId** No content is currently available. +- **TargetPath** (Optional) If the operation is a move, the target path to which the file or directory is being moved. + + +### Microsoft.Windows.Setup.WinSetupMon.TraceError + +No content is currently available. + +The following fields are available: + +- **Message** No content is currently available. +- **SessionId** No content is currently available. +- **Status** No content is currently available. + + +### Microsoft.Windows.Setup.WinSetupMon.TraceErrorVolume + +No content is currently available. + +The following fields are available: + +- **Message** No content is currently available. +- **SessionId** No content is currently available. +- **Status** No content is currently available. +- **Volume** No content is currently available. + + +## Surface events + +### Microsoft.Surface.Battery.Prod.BatteryInfoEvent + +This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly. + +The following fields are available: + +- **batteryData** Battery Performance data. +- **batteryData.data()** Battery performance data. +- **BatteryDataSize:** Size of the battery performance data. +- **batteryInfo.data()** Battery performance data. +- **BatteryInfoSize:** Size of the battery performance data. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **BPMCurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device. +- **BPMExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC? +- **BPMHvtCountA** Current HVT count for BPM counter A. +- **BPMHvtCountB** Current HVT count for BPM counter B. +- **bpmOptOutLifetimeCount** BPM OptOut Lifetime Count. +- **BPMRsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMRsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMRsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMRsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMTotalEngagedMinutes** Total time that BPM was engaged. +- **BPMTotalEntryEvents** Total number of times entering BPM. +- **BPMv4CurrentlyEngaged** No content is currently available. +- **BPMv4ExitCriteria** No content is currently available. +- **BPMv4HvtCountA** No content is currently available. +- **BPMv4HvtCountB** No content is currently available. +- **BPMv4RsocBucketsHighTemp_Values** No content is currently available. +- **BPMv4RsocBucketsLowTemp_Values** No content is currently available. +- **BPMv4RsocBucketsMediumHighTemp_Values** No content is currently available. +- **BPMv4RsocBucketsMediumLowTemp_Values** No content is currently available. +- **BPMv4TotalEngagedMinutes** No content is currently available. +- **BPMv4TotalEntryEvents** No content is currently available. +- **ComponentId** Component ID. +- **FwVersion** FW version that created this log. +- **LogClass** Log Class. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** Log MGR version. +- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **ProductId** Product ID. +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_CTT + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **batteryPresent** No content is currently available. +- **BPMKioskModeStartDateInSeconds** First time Battery Limit was turned on. +- **BPMKioskModeTotalEngagedMinutes** Total time Battery Limit was on (SOC value at 50%). +- **ComponentId** Component ID. +- **CTTEqvTimeat35C** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 80% SOC. +- **CTTEqvTimeat35CinBPM** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 55% SOC and when device is in BPM. Round up. +- **CTTMinSOC1day** Rolling 1 day minimum SOC. Value set to 0 initially. +- **CTTMinSOC28day** Rolling 28 day minimum SOC. Value set to 0 initially. +- **CTTMinSOC3day** Rolling 3 day minimum SOC. Value set to 0 initially. +- **CTTMinSOC7day** Rolling 7 day minimum SOC. Value set to 0 initially. +- **CTTReduction** No content is currently available. +- **CTTStartDateInSeconds** Start date from when device was starting to be used. +- **currentAuthenticationState** Current Authentication State. +- **FwVersion** FW version that created this log. +- **LogClass** LOG CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG MGR VERSION. +- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **newSnFruUpdateCount** New Sn FRU Update Count. +- **newSnUpdateCount** New Sn Update Count. +- **ProductId** Product ID. +- **ProtectionPolicy** Battery limit engaged. True (0 False). +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. +- **VoltageOptimization** Current CTT reduction in mV. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **cbTimeCell_Values** cb time for different cells. +- **ComponentId** Component ID. +- **cycleCount** Cycle Count. +- **deltaVoltage** Delta voltage. +- **eocChargeVoltage_Values** EOC Charge voltage values. +- **fullChargeCapacity** Full Charge Capacity. +- **FwVersion** FW version that created this log. +- **lastCovEvent** Last Cov event. +- **lastCuvEvent** Last Cuv event. +- **LogClass** LOG_CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG_MGR_VERSION. +- **manufacturerName** Manufacturer name. +- **maxChargeCurrent** Max charge current. +- **maxDeltaCellVoltage** Max delta cell voltage. +- **maxDischargeCurrent** Max discharge current. +- **maxTempCell** Max temp cell. +- **maxVoltage_Values** Max voltage values. +- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **minTempCell** Min temp cell. +- **minVoltage_Values** Min voltage values. +- **numberOfCovEvents** Number of Cov events. +- **numberOfCuvEvents** Number of Cuv events. +- **numberOfOCD1Events** Number of OCD1 events. +- **numberOfOCD2Events** Number of OCD2 events. +- **numberOfQmaxUpdates** Number of Qmax updates. +- **numberOfRaUpdates** Number of Ra updates. +- **numberOfShutdowns** Number of shutdowns. +- **pfStatus_Values** pf status values. +- **ProductId** Product ID. +- **qmax_Values** Qmax values for different cells. +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **avgCurrLastRun** Average current last run. +- **avgPowLastRun** Average power last run. +- **batteryMSPN** BatteryMSPN +- **batteryMSSN** BatteryMSSN. +- **cell0Ra3** Cell0Ra3. +- **cell1Ra3** Cell1Ra3. +- **cell2Ra3** Cell2Ra3. +- **cell3Ra3** Cell3Ra3. +- **ComponentId** Component ID. +- **currentAtEoc** Current at Eoc. +- **firstPFstatusA** First PF status-A. +- **firstPFstatusB** First PF status-B. +- **firstPFstatusC** First PF status-C. +- **firstPFstatusD** First PF status-D. +- **FwVersion** FW version that created this log. +- **lastQmaxUpdate** Last Qmax update. +- **lastRaDisable** Last Ra disable. +- **lastRaUpdate** Last Ra update. +- **lastValidChargeTerm** Last valid charge term. +- **LogClass** LOG CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG MGR VERSION. +- **maxAvgCurrLastRun** Max average current last run. +- **maxAvgPowLastRun** Max average power last run. +- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **mfgInfoBlockB01** MFG info Block B01. +- **mfgInfoBlockB02** MFG info Block B02. +- **mfgInfoBlockB03** MFG info Block B03. +- **mfgInfoBlockB04** MFG info Block B04. +- **numOfRaDisable** Number of Ra disable. +- **numOfValidChargeTerm** Number of valid charge term. +- **ProductId** Product ID. +- **qmaxCycleCount** Qmax cycle count. +- **SeqNum** Sequence Number. +- **stateOfHealthEnergy** State of health energy. +- **stateOfHealthFcc** State of health Fcc. +- **stateOfHealthPercent** State of health percent. +- **TimeStamp** UTC seconds when log was created. +- **totalFwRuntime** Total FW runtime. +- **updateStatus** Update status. +- **Ver** Schema version. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV3 + +Hardware level data about battery performance. + +The following fields are available: + +- **BatteryTelemetry** Hardware Level Data about battery performance. +- **ComponentId** Component ID. +- **FwVersion** FW version that created this log. +- **LogClass** LOG CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG MGR VERSION. +- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **ProductId** ProductId ID. +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. + + +## Update Assistant events + +### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed + +This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (i.e. reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **activeProcesses** Number of active processes. +- **atleastOneMitigationSucceeded** Bool flag indicating if at least one mitigation succeeded. +- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter. +- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service. +- **countDownloadedPayload** Count instances of payload downloaded. +- **description** Description of failure. +- **devicePreference** Recommended Troubleshooting Setting on the device. +- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe. +- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab. +- **executionHR** HR code of the execution of the mitigation. +- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, eg when executing Critical troubleshooters, the executionPreference is set to the Silent option. +- **exitCode** Exit code of the execution of the mitigation. +- **experimentFeatureId** Experiment feature ID. +- **experimentFeatureState** Config state of the experiment. +- **hr** HRESULT for error code. +- **isActiveSessionPresent** If an active user session is present on the device. +- **isCriticalMitigationAvailable** If a critical mitigation is available to this device. +- **isFilteringSuccessful** If the filtering operation was successful. +- **isReApply** reApply status for the mitigation. +- **mitigationId** ID value of the mitigation. +- **mitigationProcessCycleTime** Process cycle time used by the mitigation. +- **mitigationRequestWithCompressionFailed** Boolean flag indicating if HTTP request with compression failed for this device. +- **mitigationServiceResultFetched** Boolean flag indicating if mitigation details were fetched from the admin service. +- **mitigationVersion** String indicating version of the mitigation. +- **oneSettingsMetadataParsed** If OneSettings metadata was parsed successfully. +- **oneSettingsSchemaVersion** Schema version used by the OneSettings parser. +- **onlyNoOptMitigationsPresent** Checks if all mitigations were no opt. +- **parsedOneSettingsFile** Indicates if OneSettings parsing was successful. +- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter. +- **SessionId** Random GUID used for grouping events in a session. +- **subType** Error type. +- **totalKernelTime** Total kernel time used by the mitigation. +- **totalNumberOfApplicableMitigations** Total number of applicable mitigations. +- **totalProcesses** Total number of processes assigned to the job object. +- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object. +- **totalUserTime** Total user mode time used by the job object. + + +### Microsoft.Windows.RecommendedTroubleshootingService.MitigationSucceeded + +This event is raised after an executable delivered by Mitigation Service has successfully run. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **activeProcesses** Number of active processes. +- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter. +- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service. +- **devicePreference** Recommended troubleshooting setting on the device. +- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe. +- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab. +- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option. +- **exitCode** Exit code of the execution of the mitigation. +- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (i.e. ProblemNotFound). +- **experimentFeatureId** Experiment feature ID. +- **experimentFeatureState** Feature state for the experiment. +- **mitigationId** ID value of the mitigation. +- **mitigationProcessCycleTime** Process cycle time used by the mitigation. +- **mitigationVersion** String indicating version of the mitigation. +- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter. +- **SessionId** Random GUID used for grouping events in a session. +- **totalKernelTime** Total kernel time used by the mitigation. +- **totalProcesses** Total number of processes assigned to the job object. +- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object. +- **totalUserTime** Total user mode time used by the job object. + + +## Update events + +### Update360Telemetry.FellBackToDownloadingAllPackageFiles + +No content is currently available. + +The following fields are available: + +- **ErrorCode** No content is currently available. +- **FlightId** No content is currently available. +- **ObjectId** No content is currently available. +- **Package** No content is currently available. +- **RelatedCV** No content is currently available. +- **ScenarioId** No content is currently available. +- **SessionId** No content is currently available. +- **UpdateId** No content is currently available. + + +### Update360Telemetry.UpdateAgentCommit + +This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CancelRequested** Boolean that indicates whether cancel was requested. +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentPostRebootResult + +This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **ErrorCode** The error code returned for the current post reboot phase. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **ObjectId** Unique value for each Update Agent mode. +- **PostRebootResult** Indicates the Hresult. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **RollbackFailureReason** Indicates the cause of the rollback. +- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. +- **UpdateOutputState** A numeric value indicating the state of the update at the time of reboot. + + +## Windows Error Reporting events + +### Microsoft.Windows.WERVertical.OSCrash + +This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. + +The following fields are available: + +- **BootId** Uint32 identifying the boot number for this device. +- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check. +- **BugCheckParameter1** Uint64 parameter providing additional information. +- **BugCheckParameter2** Uint64 parameter providing additional information. +- **BugCheckParameter3** Uint64 parameter providing additional information. +- **BugCheckParameter4** Uint64 parameter providing additional information. +- **DumpFileAttributes** Codes that identify the type of data contained in the dump file +- **DumpFileSize** Size of the dump file +- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise +- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). + + +## Windows Hardware Error Architecture events + +### WheaProvider.WheaDriverErrorExternal + +This event is sent when a common platform hardware error is recorded by an external WHEA error source driver. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **creatorId** A GUID that identifies the entity that created the error record. +- **errorFlags** Flags set on the error record. +- **notifyType** A GUID that identifies the notification mechanism by which an error condition is reported to the operating system. +- **partitionId** A GUID that identifies the partition on which the hardware error occurred. +- **platformId** A GUID that identifies the platform on which the hardware error occurred. +- **record** A binary blob containing the full error record. Due to the nature of common platform error records we have no way of fully parsing this blob for any given record. +- **recordId** The identifier of the error record. This identifier is unique only on the system that created the error record. +- **sectionFlags** The flags for each section recorded in the error record. +- **sectionTypes** A GUID that represents the type of sections contained in the error record. +- **severityCount** The severity of each individual section. +- **timeStamp** Error time stamp as recorded in the error record. + + +### WheaProvider.WheaDriverExternalLogginLimitReached + +This event indicates that WHEA has reached the logging limit for critical events from external drivers. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **timeStamp** Time at which the logging limit was reached. + + +## Windows Store events + +### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation + +This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** Number of retry attempts before it was canceled. +- **BundleId** The Item Bundle ID. +- **CategoryId** The Item Category ID. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed before this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Was this requested by a user? +- **IsMandatory** Was this a mandatory update? +- **IsRemediation** Was this a remediation install? +- **IsRestore** Is this automatically restoring a previously acquired product? +- **IsUpdate** Flag indicating if this is an update. +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The product family name of the product being installed. +- **ProductId** The identity of the package or packages being installed. +- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled. +- **UserAttemptNumber** The total number of user attempts at installation before it was canceled. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginAcquireLicense + +No content is currently available. + +The following fields are available: + +- **AggregatedPackageFullNames** No content is currently available. +- **AttemptNumber** The retry count for the install item. +- **BundleId** The Item bundle id. +- **CategoryId** The Item category Id. +- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). +- **IsBundle** No content is currently available. +- **IsInteractive** Was this call a result of user interaction. +- **IsMandatory** No content is currently available. +- **IsRemediation** Was the item a repair. +- **IsRestore** No content is currently available. +- **IsUpdate** Is it an update. +- **ParentBundleId** No content is currently available. +- **PFN** The Product Full Name. +- **ProductId** The Product Id. +- **SystemAttemptNumber** No content is currently available. +- **UserAttemptNumber** No content is currently available. +- **WUContentId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginDownload + +No content is currently available. + +The following fields are available: + +- **AggregatedPackageFullNames** No content is currently available. +- **AttemptNumber** Number of retry attempts before it was cancelled. +- **BundleId** The Item bundle id. +- **CategoryId** The Item category Id. +- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). +- **IsBundle** No content is currently available. +- **IsInteractive** Was this call a result of user interaction. +- **IsMandatory** No content is currently available. +- **IsRemediation** Was the item a repair. +- **IsRestore** No content is currently available. +- **IsUpdate** Is it an update. +- **ParentBundleId** No content is currently available. +- **PFN** The Product Full Name. +- **ProductId** The Product Id. +- **SystemAttemptNumber** No content is currently available. +- **UserAttemptNumber** No content is currently available. +- **WUContentId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginGetFreeEntitlement + +No content is currently available. + +The following fields are available: + +- **CampaignId** No content is currently available. +- **StoreId** No content is currently available. +- **UseDeviceId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginInstall + +No content is currently available. + +The following fields are available: + +- **AggregatedPackageFullNames** No content is currently available. +- **AttemptNumber** Number of retry attempts before it was cancelled. +- **BundleId** The Item bundle id. +- **CategoryId** The Item category Id. +- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). +- **IsBundle** No content is currently available. +- **IsInteractive** Was this call a result of user interaction. +- **IsMandatory** No content is currently available. +- **IsRemediation** Was the item a repair. +- **IsRestore** No content is currently available. +- **IsUpdate** Is it an update. +- **ParentBundleId** No content is currently available. +- **PFN** The Product Full Name. +- **ProductId** The Product Id. +- **SystemAttemptNumber** No content is currently available. +- **UserAttemptNumber** No content is currently available. +- **WUContentId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginSearchUpdatePackages + +No content is currently available. + +The following fields are available: + +- **AttemptNumber** No content is currently available. +- **BundleId** No content is currently available. +- **CategoryId** No content is currently available. +- **ClientAppId** No content is currently available. +- **IsBundle** No content is currently available. +- **IsInteractive** No content is currently available. +- **IsMandatory** No content is currently available. +- **IsRemediation** No content is currently available. +- **IsRestore** No content is currently available. +- **IsUpdate** No content is currently available. +- **ParentBundleId** No content is currently available. +- **PFN** No content is currently available. +- **ProductId** No content is currently available. +- **SystemAttemptNumber** No content is currently available. +- **UserAttemptNumber** No content is currently available. +- **WUContentId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.BlockLowPriorityWorkItems + +No content is currently available. + +The following fields are available: + +- **ClientId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation + +This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all package or packages to be downloaded and installed. +- **AttemptNumber** Total number of installation attempts. +- **BundleId** The identity of the Windows Insider build that is associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Was this requested by a user? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this an automatic restore of a previously acquired product? +- **IsUpdate** Is this a product update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of all packages to be downloaded and installed. +- **PreviousHResult** The previous HResult code. +- **PreviousInstallState** Previous installation state before it was canceled. +- **ProductId** The name of the package or packages requested for installation. +- **RelatedCV** Correlation Vector of a previous performed action on this product. +- **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled. +- **UserAttemptNumber** Total number of user attempts to install before it was canceled. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense + +This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. +- **AttemptNumber** The total number of attempts to acquire this product. +- **BundleId** The bundle ID +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** HResult code to show the result of the operation (success/failure). +- **IsBundle** Is this a bundle? +- **IsInteractive** Did the user initiate the installation? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this happening after a device restore? +- **IsUpdate** Is this an update? +- **ParentBundleId** The parent bundle ID (if it's part of a bundle). +- **PFN** Product Family Name of the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The number of attempts by the system to acquire this product. +- **UserAttemptNumber** The number of attempts by the user to acquire this product +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndDownload + +This event is sent after an app is downloaded to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. +- **AttemptNumber** Number of retry attempts before it was canceled. +- **BundleId** The identity of the Windows Insider build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **DownloadSize** The total size of the download. +- **ExtendedHResult** Any extended HResult error codes. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this initiated by the user? +- **IsMandatory** Is this a mandatory installation? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this a restore of a previously acquired product? +- **IsUpdate** Is this an update? +- **ParentBundleId** The parent bundle ID (if it's part of a bundle). +- **PFN** The Product Family Name of the app being download. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The number of attempts by the system to download. +- **UserAttemptNumber** The number of attempts by the user to download. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate + +This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **HResult** The result code of the last action performed before this operation. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndGetFreeEntitlement + +No content is currently available. + +The following fields are available: + +- **CampaignId** No content is currently available. +- **HResult** No content is currently available. +- **StoreId** No content is currently available. +- **UseDeviceId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndInstall + +This event is sent after a product has been installed to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **ExtendedHResult** The extended HResult error code. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this an interactive installation? +- **IsMandatory** Is this a mandatory installation? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this automatically restoring a previously acquired product? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** Product Family Name of the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates + +This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AutoUpdateWorkScheduledWithUOTime** The time when work was first scheduled with UO. Value deleted when UO calls UnblockLowPriorityWorkItems. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsApplicability** Is this request to only check if there are any applicable packages to install? +- **IsInteractive** Is this user requested? +- **IsOnline** Is the request doing an online check? +- **NumberOfApplicableUpdates** The number of packages returned by this operation. +- **PFN** The PackageFullName of the app currently installed on the machine. This operation is scanning for an update for this app. Value will be empty if operation is scanning for updates for more than one app. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages + +This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData + +This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of system attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete + +This event is sent at the end of an app install or update to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The name of the product catalog from which this app was chosen. +- **FailedRetry** Indicates whether the installation or update retry was successful. +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate + +This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The name of the product catalog from which this app was chosen. +- **ClientAppId** No content is currently available. +- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. +- **InstalledPFuN** No content is currently available. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. +- **PluginWorkCreationHr** No content is currently available. +- **ProductId** The product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest + +This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **BundleId** The identity of the build associated with this product. +- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SkuId** Specific edition ID being installed. +- **VolumePath** The disk path of the installation. + + +### Microsoft.Windows.StoreAgent.Telemetry.InstallRequestReceived + +No content is currently available. + +The following fields are available: + +- **ClientId** No content is currently available. +- **StoreId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation + +This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The Product Full Name. +- **PreviousHResult** The result code of the last action performed before this operation. +- **PreviousInstallState** Previous state before the installation or update was paused. +- **ProductId** The Store Product ID for the product being installed. +- **RelatedCV** Correlation Vector of a previous performed action on this product. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.QueueStuckError + +No content is currently available. + +The following fields are available: + +- **ItemLifetimeInSeconds** No content is currently available. +- **OpenSlots** No content is currently available. +- **PendingItems** No content is currently available. +- **QueueItems** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.RestoreDeviceMetrics + +No content is currently available. + +The following fields are available: + +- **DeferredAppIds** No content is currently available. +- **DelayedAppIds** No content is currently available. +- **NumBackupApps** No content is currently available. +- **NumCompatibleApps** No content is currently available. +- **NumIncompatibleApps** No content is currently available. +- **NumProcessedBackupApps** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.RestoreError + +No content is currently available. + +The following fields are available: + +- **ErrorCode** No content is currently available. +- **ErrorLocation** No content is currently available. +- **ErrorMessage** No content is currently available. +- **ErrorMethod** No content is currently available. +- **ErrorName** No content is currently available. +- **ErrorType** No content is currently available. +- **LineNumber** No content is currently available. +- **Severity** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation + +This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed before this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **IsUserRetry** Did the user initiate the retry? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **PreviousHResult** The previous HResult error code. +- **PreviousInstallState** Previous state before the installation was paused. +- **ProductId** The Store Product ID for the product being installed. +- **RelatedCV** Correlation Vector for the original install before it was resumed. +- **ResumeClientId** The ID of the app that initiated the resume operation. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest + +This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ProductId** The Store Product ID for the product being installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.ScheduleWorkWithUO + +No content is currently available. + +The following fields are available: + +- **ClientId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest + +This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The Store Catalog ID for the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SkuId** Specfic edition of the app being updated. + + +### Microsoft.Windows.StoreAgent.Telemetry.StateTransition + +Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure. + +The following fields are available: + +- **CatalogId** The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog. +- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. +- **HResult** The resulting HResult error/success code of this operation. +- **NewState** The current fulfillment state of this product. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **PluginLastStage** The most recent product fulfillment step that the plug-in has reported (different than its state). +- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. +- **Prevstate** The previous fulfillment state of this product. +- **ProductId** Product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.UnblockLowPriorityWorkItems + +No content is currently available. + +The following fields are available: + +- **ClientId** No content is currently available. + + +### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest + +This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **PFamN** The name of the app that is requested for update. + + +## Windows Update Delivery Optimization events + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled + +This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Is the download being done in the background? +- **bytesFromCacheServer** Bytes received from a cache host. +- **bytesFromCDN** The number of bytes received from a CDN source. +- **bytesFromGroupPeers** The number of bytes received from a peer in the same group. +- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group. +- **bytesFromLedbat** The number of bytes received from a source using an Ledbat enabled connection. +- **bytesFromLinkLocalPeers** The number of bytes received from local peers. +- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. +- **bytesFromPeers** The number of bytes received from a peer in the same LAN. +- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. +- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. +- **cdnIp** The IP Address of the source CDN (Content Delivery Network). +- **cdnUrl** The URL of the source CDN (Content Delivery Network). +- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. +- **errorCode** The error code that was returned. +- **experimentId** When running a test, this is used to correlate events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **predefinedCallerName** The name of the API Caller. +- **reasonCode** Reason the action or event occurred. +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the file download session. +- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds. +- **totalTimeMs** The duration of the download, in milliseconds. +- **updateID** The ID of the update being downloaded. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted + +This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Is the download a background download? +- **bytesFromCacheServer** Bytes received from a cache host. +- **bytesFromCDN** The number of bytes received from a CDN source. +- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group. +- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group. +- **bytesFromLedbat** The number of bytes received from source using an Ledbat enabled connection. +- **bytesFromLinkLocalPeers** The number of bytes received from local peers. +- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. +- **bytesFromPeers** The number of bytes received from a peer in the same LAN. +- **bytesRequested** The total number of bytes requested for download. +- **cacheServerConnectionCount** Number of connections made to cache hosts. +- **cdnConnectionCount** The total number of connections made to the CDN. +- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. +- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. +- **cdnIp** The IP address of the source CDN. +- **cdnUrl** Url of the source Content Distribution Network (CDN). +- **congestionPrevention** Indicates a download may have been suspended to prevent network congestion. +- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. +- **downlinkBps** The maximum measured available download bandwidth (in bytes per second). +- **downlinkUsageBps** The download speed (in bytes per second). +- **downloadMode** The download mode used for this file download session. +- **downloadModeReason** Reason for the download. +- **downloadModeSrc** Source of the DownloadMode setting. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **expiresAt** The time when the content will expire from the Delivery Optimization Cache. +- **fileID** The ID of the file being downloaded. +- **fileSize** The size of the file being downloaded. +- **groupConnectionCount** The total number of connections made to peers in the same group. +- **groupID** A GUID representing a custom group of devices. +- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. +- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. +- **isThrottled** Event Rate throttled (event represents aggregated data). +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **lanConnectionCount** The total number of connections made to peers in the same LAN. +- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network. +- **numPeers** The total number of peers used for this download. +- **numPeersLocal** The total number of local peers used for this download. +- **predefinedCallerName** The name of the API Caller. +- **restrictedUpload** Is the upload restricted? +- **routeToCacheServer** The cache server setting, source, and value. +- **rttMs** Min, Max, Avg round-trip time to the source. +- **rttRLedbatMs** Min, Max, Avg round-trip time to a Ledbat enabled source. +- **sessionID** The ID of the download session. +- **sessionTimeMs** The duration of the session, in milliseconds. +- **totalTimeMs** Duration of the download (in seconds). +- **updateID** The ID of the update being downloaded. +- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second). +- **uplinkUsageBps** The upload speed (in bytes per second). + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused + +This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Is the download a background download? +- **cdnUrl** The URL of the source CDN (Content Delivery Network). +- **errorCode** The error code that was returned. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being paused. +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **predefinedCallerName** The name of the API Caller object. +- **reasonCode** The reason for pausing the download. +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the download session. +- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds. +- **totalTimeMs** The duration of the download, in milliseconds. +- **updateID** The ID of the update being paused. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted + +This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Indicates whether the download is happening in the background. +- **bytesRequested** Number of bytes requested for the download. +- **callerAppPackageName** No content is currently available. +- **cdnUrl** The URL of the source Content Distribution Network (CDN). +- **costFlags** A set of flags representing network cost. +- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). +- **diceRoll** Random number used for determining if a client will use peering. +- **doClientVersion** The version of the Delivery Optimization client. +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadModeReason** Reason for the download. +- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). +- **errorCode** The error code that was returned. +- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. +- **fileID** The ID of the file being downloaded. +- **filePath** The path to where the downloaded file will be written. +- **fileSize** Total file size of the file that was downloaded. +- **fileSizeCaller** Value for total file size provided by our caller. +- **groupID** ID for the group. +- **isEncrypted** Indicates whether the download is encrypted. +- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data). +- **isVpn** Indicates whether the device is connected to a Virtual Private Network. +- **jobID** The ID of the Windows Update job. +- **peerID** The ID for this delivery optimization client. +- **predefinedCallerName** Name of the API caller. +- **routeToCacheServer** Cache server setting, source, and value. +- **sessionID** The ID for the file download session. +- **setConfigs** A JSON representation of the configurations that have been set, and their sources. +- **updateID** The ID of the update being downloaded. +- **UusVersion** No content is currently available. + + +### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication + +This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **cdnHeaders** The HTTP headers returned by the CDN. +- **cdnIp** The IP address of the CDN. +- **cdnUrl** The URL of the CDN. +- **errorCode** The error code that was returned. +- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **httpStatusCode** The HTTP status code returned by the CDN. +- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET +- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.). +- **requestOffset** The byte offset within the file in the sent request. +- **requestSize** The size of the range requested from the CDN. +- **responseSize** The size of the range response received from the CDN. +- **sessionID** The ID of the download session. + + +## Windows Update events + +### Microsoft.Windows.Update.Aggregator.UusCoreHealth.HealthAggregatorSummary + +No content is currently available. + +The following fields are available: + +- **Fallback** No content is currently available. +- **FlightId** No content is currently available. +- **IsStable** No content is currently available. +- **Lock** No content is currently available. +- **UpdateId** No content is currently available. +- **UusVersion** No content is currently available. +- **VersionActivationsSinceLastBoot** No content is currently available. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize + +This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **flightMetadata** Contains the FlightId and the build being flighted. +- **objectId** Unique value for each Update Agent mode. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. + + +### Microsoft.Windows.Update.Orchestrator.Client.AppUpdateInstallResult + +No content is currently available. + +The following fields are available: + +- **Completed** No content is currently available. +- **DeploymentAttempted** No content is currently available. +- **DeploymentErrorCode** No content is currently available. +- **DeploymentExtendedErrorCode** No content is currently available. +- **InstallFailureReason** No content is currently available. +- **OperationStatus** No content is currently available. +- **Succeeded** No content is currently available. +- **updaterId** No content is currently available. +- **UusVersion** No content is currently available. +- **VelocityEnabled** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallAlreadyRunning + +No content is currently available. + +The following fields are available: + +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallResult + +This event returns the result after installing a business critical store application. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **AppInstallState** The application installation state. +- **HRESULT** The result code (HResult) of the install. +- **PFN** The package family name of the package being installed. +- **updaterId** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Client.EdgeUpdateResult + +This event sends data indicating the result of invoking the edge updater. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **ExitCode** The exit code that was returned. +- **HRESULT** The result code (HResult) of the operation. +- **UusVersion** No content is currently available. +- **VelocityEnabled** A flag that indicates if velocity is enabled. +- **WorkCompleted** A flag that indicates if work is completed. + + +### Microsoft.Windows.Update.Orchestrator.Client.MACUpdateInstallResult + +This event reports the installation result details of the MACUpdate expedited application. + +The following fields are available: + +- **Completed** Indicates whether the installation is complete. +- **DeploymentAttempted** No content is currently available. +- **DeploymentErrorCode** No content is currently available. +- **DeploymentExtendedErrorCode** No content is currently available. +- **InstallFailureReason** Indicates the reason an install failed. +- **IsRetriableError** Indications whether the error is retriable. +- **OperationStatus** Returns the operation status result reported by the installation attempt. +- **Succeeded** Indicates whether the installation succeeded. +- **UusVersion** No content is currently available. +- **VelocityEnabled** Indicates whether the velocity tag for MACUpdate is enabled. + + +### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh + +This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date. + +The following fields are available: + +- **configuredPoliciescount** Number of policies on the device. +- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight). +- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Worker.EulaAccepted + +Indicates that EULA for an update has been accepted. + +The following fields are available: + +- **HRESULT** No content is currently available. +- **publisherIntent** Publisher Intent id associated with the update. +- **reason** Reason for EULA acceptance. +- **update** Update for which EULA has been accepted. See [update](#update). +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Worker.OobeUpdateApproved + +This event signifies an update being approved around the OOBE time period. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **approved** Flag to determine if it is approved or not. +- **provider** The provider related to which the update is approved. +- **publisherIntent** The publisher intent of the Update. +- **update** Additional information about the Update. See [update](#update). +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Worker.SetIpuMode + +No content is currently available. + +The following fields are available: + +- **flightId** No content is currently available. +- **mode** No content is currently available. +- **provider** No content is currently available. +- **reason** No content is currently available. +- **uniqueId** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Orchestrator.Worker.UpdateActionCritical + +This event informs the update related action being performed around the OOBE timeframe. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **action** The type of action being performed (Install or download etc.). +- **connectivity** Informs if the device is connected to network while this action is performed. +- **freeDiskSpaceInMB** Amount of free disk space. +- **freeDiskSpaceInMBDelta** No content is currently available. +- **interactive** Informs if this action is caused due to user interaction. +- **nextAction** No content is currently available. +- **priority** The CPU and IO priority this action is being performed on. +- **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.). +- **publisherIntent** No content is currently available. +- **scenario** No content is currently available. +- **update** Update related metadata including UpdateId. See [update](#update). +- **uptimeMinutes** Duration USO for up for in the current boot session. +- **uptimeMinutesDelta** No content is currently available. +- **UusVersion** No content is currently available. +- **wilActivity** Wil Activity related information. See [wilActivity](#wilactivity). + + +### Microsoft.Windows.Update.SIHClient.CheckForUpdatesStarted + +No content is currently available. + +The following fields are available: + +- **CallerApplicationName** No content is currently available. +- **EventInstanceID** No content is currently available. +- **ServiceGuid** No content is currently available. +- **TargetMetadataVersion** No content is currently available. +- **UusVersion** No content is currently available. +- **WUDeviceID** No content is currently available. + + +### Microsoft.Windows.Update.SIHClient.CheckForUpdatesSucceeded + +No content is currently available. + +The following fields are available: + +- **ApplicableUpdateInfo** No content is currently available. +- **CachedEngineVersion** No content is currently available. +- **CallerApplicationName** No content is currently available. +- **EventInstanceID** No content is currently available. +- **ServiceGuid** No content is currently available. +- **StatusCode** No content is currently available. +- **TargetMetadataVersion** No content is currently available. +- **UusVersion** No content is currently available. +- **WUDeviceID** No content is currently available. + + +### Microsoft.Windows.Update.SIHClient.DownloadSucceeded + +No content is currently available. + +The following fields are available: + +- **CachedEngineVersion** No content is currently available. +- **CallerApplicationName** No content is currently available. +- **DownloadType** No content is currently available. +- **EventInstanceID** No content is currently available. +- **ServiceGuid** No content is currently available. +- **TargetMetadataVersion** No content is currently available. +- **UpdateID** No content is currently available. +- **UusVersion** No content is currently available. +- **WUDeviceID** No content is currently available. + + +### Microsoft.Windows.Update.SIHClient.TaskRunCompleted + +This event is a launch event for Server Initiated Healing client. + +The following fields are available: + +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **CmdLineArgs** Command line arguments passed in by the caller. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UusVersion** The version of the Update Undocked Stack. +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). + + +### Microsoft.Windows.Update.SIHClient.TaskRunStarted + +This event is a launch event for Server Initiated Healing client. + +The following fields are available: + +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **CmdLineArgs** Command line arguments passed in by the caller. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **UusVersion** The version of the Update Undocked Stack. +- **WUDeviceID** Unique device id controlled by the software distribution client. + + +### Microsoft.Windows.Update.Undocked.Brain.ActiveVersionUpdated + +No content is currently available. + +The following fields are available: + +- **Fallback** No content is currently available. +- **FlightID** No content is currently available. +- **Lock** No content is currently available. +- **MinutesSinceInstall** No content is currently available. +- **Stable** No content is currently available. +- **UpdateID** No content is currently available. +- **VersionActive** No content is currently available. +- **VersionPrevious** No content is currently available. + + +### Microsoft.Windows.Update.Undocked.Brain.FailoverVersionExcluded + +No content is currently available. + +The following fields are available: + +- **AlreadyExcluded** No content is currently available. +- **Exception** No content is currently available. +- **ExclusionReason** No content is currently available. +- **Success** No content is currently available. +- **VerFailover** No content is currently available. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.DownloadRequest + +No content is currently available. + +The following fields are available: + +- **errorCode** No content is currently available. +- **flightId** No content is currently available. +- **rangeRequestState** No content is currently available. +- **relatedCV** No content is currently available. +- **result** No content is currently available. +- **sessionId** No content is currently available. +- **updateId** No content is currently available. +- **uusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.Initialize + +No content is currently available. + +The following fields are available: + +- **errorCode** No content is currently available. +- **flightId** No content is currently available. +- **flightMetadata** No content is currently available. +- **relatedCV** No content is currently available. +- **result** No content is currently available. +- **sessionData** No content is currently available. +- **sessionId** No content is currently available. +- **updateId** No content is currently available. +- **uusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.Install + +No content is currently available. + +The following fields are available: + +- **errorCode** No content is currently available. +- **flightId** No content is currently available. +- **folderExists** No content is currently available. +- **packageNewer** No content is currently available. +- **relatedCV** No content is currently available. +- **result** No content is currently available. +- **retryCount** No content is currently available. +- **sessionId** No content is currently available. +- **updateId** No content is currently available. +- **uusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.ModeStart + +No content is currently available. + +The following fields are available: + +- **flightId** No content is currently available. +- **mode** No content is currently available. +- **relatedCV** No content is currently available. +- **sessionId** No content is currently available. +- **updateId** No content is currently available. +- **uusVersion** No content is currently available. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.Payload + +No content is currently available. + +The following fields are available: + +- **errorCode** No content is currently available. +- **fileCount** No content is currently available. +- **flightId** No content is currently available. +- **mode** No content is currently available. +- **relatedCV** No content is currently available. +- **result** No content is currently available. +- **sessionId** No content is currently available. +- **updateId** No content is currently available. +- **uusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesCanceled + +This event checks for updates canceled on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** No content is currently available. +- **CallerName** No content is currently available. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumFailedAudienceMetadataSignatures** No content is currently available. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down. +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesFailed + +This event checks for failed updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** No content is currently available. +- **CallerName** No content is currently available. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FailedUpdateInfo** No content is currently available. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumFailedAudienceMetadataSignatures** No content is currently available. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down. +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult.). +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UndockedComponents** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesRetry + +This event checks for update retries on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **CallerName** No content is currently available. +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesScanInitFailed + +This event checks for failed update initializations on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** No content is currently available. +- **CallerName** No content is currently available. +- **MetadataIntegrityMode** No content is currently available. +- **NumFailedAudienceMetadataSignatures** No content is currently available. +- **NumFailedMetadataSignatures** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** No content is currently available. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **SyncType** No content is currently available. +- **UndockedComponents** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesServiceRegistrationFailed + +This event checks for updates for failed service registrations the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** No content is currently available. +- **CallerName** No content is currently available. +- **Context** Context of failure. +- **MetadataIntegrityMode** No content is currently available. +- **NumFailedAudienceMetadataSignatures** No content is currently available. +- **NumFailedMetadataSignatures** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** No content is currently available. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **SyncType** No content is currently available. +- **UndockedComponents** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesSucceeded + +This event checks for successful updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketInfo** No content is currently available. +- **AADDeviceTicketResult** No content is currently available. +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. +- **CallerName** No content is currently available. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete. +- **NumFailedAudienceMetadataSignatures** No content is currently available. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced down. +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UusVersion** No content is currently available. +- **WUFBInfo** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CommitFailed + +This event checks for failed commits on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UndockedComponents** No content is currently available. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CommitStarted + +This event tracks the commit started event on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.CommitSucceeded + +This event is used to track the commit succeeded process, after the update installation, when the software update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc. +- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **HandlerType** The specific id of the flight the device is getting. +- **Props** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UndockedComponents** No content is currently available. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.DownloadCanceled + +This event tracks the download canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Name of application making the Windows Update request. Used to identify context of request. +- **CallerName** No content is currently available. +- **ClassificationId** No content is currently available. +- **DownloadPriority** Indicates the priority of the download activity. +- **DownloadStartTimeUTC** No content is currently available. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **HostName** Identifies the hostname. +- **NetworkCost** Identifies the network cost. +- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. +- **Props** No content is currently available. +- **Reason** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.DownloadFailed + +This event tracks the download failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Name of application making the Windows Update request. Used to identify context of request. +- **CallerName** No content is currently available. +- **ClassificationId** No content is currently available. +- **DownloadPriority** Indicates the priority of the download activity. +- **DownloadStartTimeUTC** No content is currently available. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FlightId** The specific id of the flight the device is getting. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **HostName** Identifies the hostname. +- **NetworkCost** Identifies the network cost. +- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.DownloadPaused + +No content is currently available. + +The following fields are available: + +- **BundleId** No content is currently available. +- **CallerName** No content is currently available. +- **ClassificationId** No content is currently available. +- **DownloadPriority** No content is currently available. +- **EventType** No content is currently available. +- **FlightId** No content is currently available. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **Props** No content is currently available. +- **RegulationResult** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** No content is currently available. +- **UpdateId** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.DownloadQueued + +This event tracks the download queued event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** No content is currently available. +- **DownloadPriority** Indicates the priority of the download activity. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **Props** No content is currently available. +- **QueuedReason** No content is currently available. +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.DownloadResumed + +No content is currently available. + +The following fields are available: + +- **BundleId** No content is currently available. +- **CallerName** No content is currently available. +- **ClassificationId** No content is currently available. +- **DownloadPriority** No content is currently available. +- **EventType** No content is currently available. +- **FlightId** No content is currently available. +- **HandlerInfo** No content is currently available. +- **HandlerType** No content is currently available. +- **Props** No content is currently available. +- **RegulationResult** No content is currently available. +- **RelatedCV** No content is currently available. +- **ServiceGuid** No content is currently available. +- **UpdateId** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.InstallCanceled + +This event tracks the install canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **Reason** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.InstallFailed + +This event tracks the install failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FlightId** The specific id of the flight the device is getting. +- **HandlerInfo** No content is currently available. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UndockedComponents** No content is currently available. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.InstallRebootPending + +This event tracks the install reboot pending event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.InstallStarted + +The event tracks the install started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.InstallSucceeded + +The event tracks the successful install event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerInfo** No content is currently available. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UndockedComponents** No content is currently available. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.RevertFailed + +This event tracks the revert failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UndockedComponents** No content is currently available. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.RevertStarted + +This event tracks the revert started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClient.RevertSucceeded + +The event tracks the successful revert event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** No content is currently available. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UndockedComponents** No content is currently available. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClientExt.DownloadCheckpoint + +This is a checkpoint event between the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** No content is currently available. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FileId** Unique identifier for the downloaded file. +- **FileName** Name of the downloaded file. +- **FlightId** The specific id of the flight the device is getting. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClientExt.DownloadHeartbeat + +This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BytesTotal** Total bytes to transfer for this content. +- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat. +- **CallerName** No content is currently available. +- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat. +- **CurrentError** Last (transient) error encountered by the active download. +- **DownloadHBFlags** No content is currently available. +- **DownloadState** Current state of the active download for this content (queued, suspended, progressing). +- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". +- **FlightId** The specific id of the flight the device is getting. +- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any. +- **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any. +- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby). +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ResumeCount** Number of times this active download has resumed from a suspended state. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SuspendCount** Number of times this active download has entered a suspended state. +- **SuspendReason** Last reason for which this active download has entered suspended state. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityFragmentSigning + +This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** No content is currently available. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. +- **ListOfSHA256OfIntermediateCerData** List of Base64 string of hash of intermediate cert data. +- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id). +- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. +- **RawValidityWindowInDays** Raw unparsed string of validity window in effect when verifying the timestamp. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SHA256OfLeafCerData** Base64 string of hash of the leaf cert data. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityGeneral + +No content is currently available. + +The following fields are available: + +- **CallerName** No content is currently available. +- **EndpointUrl** No content is currently available. +- **ExtendedStatusCode** No content is currently available. +- **MetadataIntegrityMode** No content is currently available. +- **RawMode** No content is currently available. +- **ServiceGuid** No content is currently available. +- **SLSPrograms** No content is currently available. +- **StatusCode** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegritySignature + +This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** No content is currently available. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id). +- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. +- **RevisionId** Identifies the revision of this specific piece of content. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key. +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob. +- **SignatureAlgorithm** Hash algorithm for the metadata signature. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed. +- **UpdateID** No content is currently available. +- **UusVersion** No content is currently available. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityTimestamp + +This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** No content is currently available. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. +- **UusVersion** No content is currently available. +- **ValidityWindowInDays** Validity window in effect when verifying the timestamp. + + +### Microsoft.Windows.Update.WUClientExt.UUSLoadModuleFailed + +This is the UUSLoadModule failed event and is used to track the failure of loading an undocked component. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **ModulePath** Path of the undocked module. +- **ModuleVersion** Version of the undocked module. +- **Props** No content is currently available. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **StatusCode** Result of the undocked module loading operation. +- **UusSessionId** No content is currently available. +- **UusVersion** Active UUS version. + + +## Winlogon events + +### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon + +This event signals the completion of the setup process. It happens only once during the first logon. \ No newline at end of file From 66fe0945b45eedaebf300d2eff934af5675d1a31 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 17:16:45 -0600 Subject: [PATCH 034/164] Cleanup redirects --- ...blishing.redirection.windows-security.json | 2400 ----------------- 1 file changed, 2400 deletions(-) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index ad9e6e6bf0..7a1c2827b5 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -145,11 +145,6 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", - "redirect_document_id": false - }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference", @@ -490,11 +485,6 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", - "redirect_document_id": false - }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets", @@ -505,11 +495,6 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", - "redirect_document_id": false - }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker", @@ -655,11 +640,6 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol", "redirect_document_id": false }, - { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac", - "redirect_document_id": false - }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules", @@ -830,81 +810,6 @@ "redirect_url": "/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt", "redirect_document_id": false }, - { - "source_path": "windows/security/encryption-data-protection.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/index", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/encrypted-hard-drive.md", - "redirect_url": "/windows/security/information-protection/encrypted-hard-drive", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md", - "redirect_url": "/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/secure-the-windows-10-boot-process.md", - "redirect_url": "/windows/security/information-protection/secure-the-windows-10-boot-process", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md", - "redirect_url": "/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md", - "redirect_url": "/windows/security/information-protection/tpm/change-the-tpm-owner-password", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/how-windows-uses-the-tpm.md", - "redirect_url": "/windows/security/information-protection/tpm/how-windows-uses-the-tpm", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md", - "redirect_url": "/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/manage-tpm-commands.md", - "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-commands", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/manage-tpm-lockout.md", - "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-lockout", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md", - "redirect_url": "/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/tpm-fundamentals.md", - "redirect_url": "/windows/security/information-protection/tpm/tpm-fundamentals", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/tpm-recommendations.md", - "redirect_url": "/windows/security/information-protection/tpm/tpm-recommendations", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-overview.md", - "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-overview", - "redirect_document_id": false - }, - { - "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md", - "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings", - "redirect_document_id": false - }, { "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md", "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-overview", @@ -990,11 +895,6 @@ "redirect_url": "/windows/security/identity-protection/credential-guard/configure", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md", "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works", @@ -1015,11 +915,6 @@ "redirect_url": "/windows/security/identity-protection/credential-guard", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md", - "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/deploy/cloud.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud-only", @@ -1065,11 +960,6 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md", "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services", @@ -1100,16 +990,6 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", @@ -1190,21 +1070,6 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki", @@ -1220,36 +1085,11 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning", @@ -1260,81 +1100,16 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", - "redirect_document_id": false - }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs", @@ -1350,11 +1125,6 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", @@ -1420,11 +1190,6 @@ "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis", "redirect_document_id": false }, - { - "source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows", - "redirect_document_id": false - }, { "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", @@ -1535,26 +1300,11 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-and-adds-faq", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-countermeasures.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-and-administration-faq", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker#device-encryption", @@ -1570,31 +1320,11 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-questions", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-network-unlock-faq", @@ -1635,11 +1365,6 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-upgrading-faq", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords#bitlocker-recovery-password-viewer", @@ -1650,26 +1375,6 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-using-with-other-programs-faq", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure.md", - "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks.md", - "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md", "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting", @@ -1715,26 +1420,11 @@ "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys.md", - "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/encrypted-hard-drive.md", "redirect_url": "/windows/security/operating-system-security/data-protection/encrypted-hard-drive", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/index.md", - "redirect_url": "/windows/security/encryption-data-protection", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/personal-data-encryption/faq-pde.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde", @@ -1745,36 +1435,6 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/index", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/pluton/microsoft-pluton-security-processor.md", "redirect_url": "/windows/security/hardware-security/pluton/microsoft-pluton-security-processor", @@ -1845,11 +1505,6 @@ "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings", "redirect_document_id": false }, - { - "source_path": "windows/security/information-protection/tpm/trusted-platform-module-top-node.md", - "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node", - "redirect_document_id": false - }, { "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip", @@ -2725,436 +2380,11 @@ "redirect_url": "/compliance/assurance/assurance-microsoft-security-development-lifecycle", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/applocker/administer-applocker-using-mdm.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/applocker/administer-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-architecture-and-components.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-functions.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-overview.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-policies-deployment-guide.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-policies-design-guide.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-policy-use-scenarios.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-processes-and-interactions.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-settings.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/applocker-technical-reference.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/configure-the-application-identity-service.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/configure-the-appLocker-reference-device.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-applocker-default-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-your-applocker-policies.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/create-your-applocker-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/delete-an-applocker-rule.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/determine-your-application-control-objectives.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/dll-rules-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/document-your-application-list.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/document-your-applocker-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/edit-an-applocker-policy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/edit-applocker-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/enable-the-dll-rule-collection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/enforce-applocker-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/executable-rules-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/how-applocker-works-techref.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/maintain-applocker-policies.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-manually.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/monitor-application-usage-with-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/optimize-applocker-performance.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/plan-for-applocker-policy-management.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/refresh-an-applocker-policy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/requirements-to-use-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/script-rules-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/security-considerations-for-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/select-types-of-rules-to-create.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/test-and-update-an-applocker-policy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/tools-to-use-with-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understand-applocker-enforcement-settings.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-applocker-default-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-behavior.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-collections.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/using-event-viewer-with-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/what-is-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/windows-installer-rules-in-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/working-with-applocker-policies.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/applocker/working-with-applocker-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md", "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise", @@ -3175,51 +2405,26 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-enable-virtualization-based-security.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/enable-virtualization-based-security", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/device-guard/memory-integrity.md", "redirect_url": "https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md", "redirect_url": "/windows/security", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/fips-140-validation.md", "redirect_url": "/windows/security/security-foundations/certification/fips-140-validation", @@ -3340,11 +2545,6 @@ "redirect_url": "/microsoft-365/security/mtp/top-scoring-industry-tests", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/intelligence/transparency-report.md", - "redirect_url": "/windows/security/threat-protection/intelligence/av-tests", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/intelligence/trojans-malware.md", "redirect_url": "/microsoft-365/security/intelligence/trojans-malware", @@ -5870,11 +5070,6 @@ "redirect_url": "/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/msft-security-dev-lifecycle.md", - "redirect_url": "/windows/security/security-foundations/msft-security-dev-lifecycle", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md", "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies", @@ -6335,11 +5530,6 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers", @@ -6360,11 +5550,6 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire", @@ -6635,26 +5820,6 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md", - "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption", @@ -7120,601 +6285,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md", "redirect_url": "/windows/security", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/citool-commands.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/feature-availability.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/feature-availability", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/index.yml", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/index", @@ -7725,166 +6300,11 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/types-of-devices.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md", "redirect_url": "https://aka.ms/AzureCodeSigning", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md", - "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard", @@ -7990,11 +6410,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/basic-permissions", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/check-sensor-status", @@ -8005,11 +6420,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/community", @@ -8130,11 +6540,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/custom-ti-api", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings", @@ -8215,11 +6620,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/files", @@ -8230,11 +6630,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/find-machine-info-by-ip", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/find-machines-by-ip", @@ -8255,91 +6650,41 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-info-by-id", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-domain-info", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-files-info", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-ip-info", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-machine-info", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-user-info", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection", @@ -8355,21 +6700,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-machines", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-statistics", @@ -8380,96 +6715,46 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-information", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-machines", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-statistics", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineaction-object", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineactions-collection", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-machines", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-statistics", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection", @@ -8485,46 +6770,21 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-by-id", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-log-on-users", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-related-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineaction-object", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineactions-collection", @@ -8545,11 +6805,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection", @@ -8565,21 +6820,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-package-sas-uri", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-started.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-started", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ti-indicators-collection", @@ -8590,31 +6835,16 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-information", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-machines", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-containers-help-protect-windows", @@ -8685,31 +6915,16 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/is-domain-seen-in-org", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/is-ip-seen-org", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/isolate-machine", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/licensing", @@ -8755,11 +6970,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-alerts", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list.md", "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list", @@ -8795,11 +7005,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-incidents", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list", @@ -8970,11 +7175,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/rbac", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/respond-file-alerts", @@ -8995,11 +7195,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/restrict-code-execution", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md", "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-api", @@ -9035,11 +7230,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/run-av-scan", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/run-detection-test", @@ -9050,11 +7240,6 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/secure-score-dashboard", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/security-operations-dashboard", @@ -9065,41 +7250,16 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/service-status", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/stop-and-quarantine-file", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/supported-response-apis", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics.md", "redirect_url": "/microsoft-365/security/defender-endpoint/threat-analytics", @@ -9170,31 +7330,16 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-dashboard-insights", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/unisolate-machine", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/unrestrict-code-execution", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/update-alert", @@ -9315,601 +7460,56 @@ "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md", - "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md", "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md", - "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/best-practices-configuring.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-authentication-methods.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-logging", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/documenting-the-zones.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md", "redirect_url": "/windows/security", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/exemption-list.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exemption-list", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/filter-origin-documentation.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/firewall-gpos.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md", "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831418(v=ws.11)", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-network-access-groups.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-the-gpos.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md", "redirect_url": "/windows/security", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/quarantine.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/quarantine", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-gpos.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall", "redirect_document_id": false }, - { - "source_path": "windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide", - "redirect_document_id": false - }, - { - "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md", - "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security", - "redirect_document_id": false - }, { "source_path": "windows/security/threat-protection/windows-platform-common-criteria.md", "redirect_url": "/windows/security/security-foundations/certification/windows-platform-common-criteria", From 9fbf7abbcde52d71da319d147a3ee4a4ef78cb23 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Tue, 10 Sep 2024 17:30:07 -0600 Subject: [PATCH 035/164] Undo cleanup --- ...blishing.redirection.windows-security.json | 2402 ++++++++++++++++- 1 file changed, 2401 insertions(+), 1 deletion(-) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index 7a1c2827b5..1ecd6242b4 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -145,6 +145,11 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference", @@ -485,6 +490,11 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false + }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets", @@ -495,6 +505,11 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false + }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker", @@ -640,6 +655,11 @@ "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac", + "redirect_document_id": false + }, { "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md", "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules", @@ -810,6 +830,81 @@ "redirect_url": "/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt", "redirect_document_id": false }, + { + "source_path": "windows/security/encryption-data-protection.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/index", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/encrypted-hard-drive.md", + "redirect_url": "/windows/security/information-protection/encrypted-hard-drive", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md", + "redirect_url": "/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/secure-the-windows-10-boot-process.md", + "redirect_url": "/windows/security/information-protection/secure-the-windows-10-boot-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md", + "redirect_url": "/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md", + "redirect_url": "/windows/security/information-protection/tpm/change-the-tpm-owner-password", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/how-windows-uses-the-tpm.md", + "redirect_url": "/windows/security/information-protection/tpm/how-windows-uses-the-tpm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md", + "redirect_url": "/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/manage-tpm-commands.md", + "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/manage-tpm-lockout.md", + "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-lockout", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md", + "redirect_url": "/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/tpm-fundamentals.md", + "redirect_url": "/windows/security/information-protection/tpm/tpm-fundamentals", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/tpm-recommendations.md", + "redirect_url": "/windows/security/information-protection/tpm/tpm-recommendations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-overview.md", + "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md", + "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings", + "redirect_document_id": false + }, { "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md", "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-overview", @@ -895,6 +990,11 @@ "redirect_url": "/windows/security/identity-protection/credential-guard/configure", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md", "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works", @@ -915,6 +1015,11 @@ "redirect_url": "/windows/security/identity-protection/credential-guard", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md", + "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/deploy/cloud.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud-only", @@ -960,6 +1065,11 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md", "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services", @@ -990,6 +1100,16 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust", @@ -1070,6 +1190,21 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki", @@ -1085,11 +1220,36 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning", @@ -1100,16 +1260,81 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust", + "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs", @@ -1125,6 +1350,11 @@ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", @@ -1190,6 +1420,11 @@ "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis", "redirect_document_id": false }, + { + "source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows", + "redirect_document_id": false + }, { "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md", "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", @@ -1300,11 +1535,26 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-and-adds-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-countermeasures.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-and-administration-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker#device-encryption", @@ -1320,11 +1570,31 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-questions", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-network-unlock-faq", @@ -1365,6 +1635,11 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-upgrading-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md", "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords#bitlocker-recovery-password-viewer", @@ -1375,6 +1650,26 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-using-with-other-programs-faq", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure.md", + "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks.md", + "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md", "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting", @@ -1420,11 +1715,26 @@ "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys.md", + "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/encrypted-hard-drive.md", "redirect_url": "/windows/security/operating-system-security/data-protection/encrypted-hard-drive", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/index.md", + "redirect_url": "/windows/security/encryption-data-protection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/personal-data-encryption/faq-pde.yml", "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde", @@ -1435,6 +1745,36 @@ "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/index", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md", + "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/pluton/microsoft-pluton-security-processor.md", "redirect_url": "/windows/security/hardware-security/pluton/microsoft-pluton-security-processor", @@ -1505,6 +1845,11 @@ "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings", "redirect_document_id": false }, + { + "source_path": "windows/security/information-protection/tpm/trusted-platform-module-top-node.md", + "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node", + "redirect_document_id": false + }, { "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip", @@ -2380,11 +2725,436 @@ "redirect_url": "/compliance/assurance/assurance-microsoft-security-development-lifecycle", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/applocker/administer-applocker-using-mdm.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/applocker/administer-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-architecture-and-components.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-functions.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-overview.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-policies-deployment-guide.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-policies-design-guide.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-policy-use-scenarios.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-processes-and-interactions.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-settings.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/applocker-technical-reference.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/configure-the-application-identity-service.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/configure-the-appLocker-reference-device.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-applocker-default-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-your-applocker-policies.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/create-your-applocker-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/delete-an-applocker-rule.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/determine-your-application-control-objectives.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/dll-rules-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/document-your-application-list.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/document-your-applocker-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/edit-an-applocker-policy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/edit-applocker-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/enable-the-dll-rule-collection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/enforce-applocker-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/executable-rules-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/how-applocker-works-techref.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/maintain-applocker-policies.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-manually.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/monitor-application-usage-with-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/optimize-applocker-performance.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/plan-for-applocker-policy-management.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/refresh-an-applocker-policy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/requirements-to-use-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/script-rules-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/security-considerations-for-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/test-and-update-an-applocker-policy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/tools-to-use-with-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understand-applocker-enforcement-settings.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-applocker-default-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-behavior.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-collections.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/using-event-viewer-with-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/what-is-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/windows-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/working-with-applocker-policies.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/applocker/working-with-applocker-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md", "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise", @@ -2405,26 +3175,51 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-enable-virtualization-based-security.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/enable-virtualization-based-security", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/device-guard/memory-integrity.md", "redirect_url": "https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md", "redirect_url": "/windows/security", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/fips-140-validation.md", "redirect_url": "/windows/security/security-foundations/certification/fips-140-validation", @@ -2545,6 +3340,11 @@ "redirect_url": "/microsoft-365/security/mtp/top-scoring-industry-tests", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/intelligence/transparency-report.md", + "redirect_url": "/windows/security/threat-protection/intelligence/av-tests", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/intelligence/trojans-malware.md", "redirect_url": "/microsoft-365/security/intelligence/trojans-malware", @@ -5070,6 +5870,11 @@ "redirect_url": "/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/msft-security-dev-lifecycle.md", + "redirect_url": "/windows/security/security-foundations/msft-security-dev-lifecycle", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md", "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies", @@ -5530,6 +6335,11 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers", @@ -5550,6 +6360,11 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire", @@ -5820,6 +6635,26 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md", + "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md", "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption", @@ -6285,11 +7120,601 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md", "redirect_url": "/windows/security", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/citool-commands.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/feature-availability.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/feature-availability", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/index.yml", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/index", @@ -6300,11 +7725,166 @@ "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/types-of-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md", "redirect_url": "https://aka.ms/AzureCodeSigning", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard", @@ -6410,6 +7990,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/basic-permissions", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/check-sensor-status", @@ -6420,6 +8005,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/community", @@ -6540,6 +8130,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/custom-ti-api", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings", @@ -6620,6 +8215,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/files", @@ -6630,6 +8230,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/find-machine-info-by-ip", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/find-machines-by-ip", @@ -6650,41 +8255,91 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-info-by-id", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-domain-info", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-files-info", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-ip-info", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-machine-info", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-user-info", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection", @@ -6700,11 +8355,21 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-machines", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-statistics", @@ -6715,46 +8380,96 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-information", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-machines", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-statistics", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineaction-object", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineactions-collection", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-machines", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-statistics", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection", @@ -6770,21 +8485,46 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-by-id", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-log-on-users", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-related-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineaction-object", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineactions-collection", @@ -6805,6 +8545,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection", @@ -6820,11 +8565,21 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-package-sas-uri", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-started.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-started", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-ti-indicators-collection", @@ -6835,16 +8590,31 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-information", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-machines", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-containers-help-protect-windows", @@ -6915,16 +8685,31 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/is-domain-seen-in-org", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/is-ip-seen-org", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/isolate-machine", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/licensing", @@ -6970,6 +8755,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-alerts", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list.md", "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list", @@ -7005,6 +8795,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/manage-incidents", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list", @@ -7175,6 +8970,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/rbac", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/respond-file-alerts", @@ -7195,6 +8995,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/restrict-code-execution", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md", "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-api", @@ -7230,6 +9035,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/run-av-scan", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/run-detection-test", @@ -7240,6 +9050,11 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/secure-score-dashboard", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/security-operations-dashboard", @@ -7250,16 +9065,41 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/service-status", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/stop-and-quarantine-file", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "/microsoft-365/security/defender-endpoint/supported-response-apis", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics.md", "redirect_url": "/microsoft-365/security/defender-endpoint/threat-analytics", @@ -7330,16 +9170,31 @@ "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-dashboard-insights", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/unisolate-machine", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/unrestrict-code-execution", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", + "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/microsoft-365/security/defender-endpoint/update-alert", @@ -7460,56 +9315,601 @@ "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md", + "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md", "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md", + "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md", "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/best-practices-configuring.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-authentication-methods.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-logging", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/documenting-the-zones.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md", "redirect_url": "/windows/security", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/exemption-list.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exemption-list", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/filter-origin-documentation.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/firewall-gpos.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md", "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831418(v=ws.11)", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-network-access-groups.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-the-gpos.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md", "redirect_url": "/windows/security", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/quarantine.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/quarantine", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-gpos.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md", "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall", "redirect_document_id": false }, + { + "source_path": "windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md", + "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security", + "redirect_document_id": false + }, { "source_path": "windows/security/threat-protection/windows-platform-common-criteria.md", "redirect_url": "/windows/security/security-foundations/certification/windows-platform-common-criteria", @@ -7581,4 +9981,4 @@ "redirect_document_id": false } ] -} +} \ No newline at end of file From 5ba38a1abf94ac693d14e3f197c045cc7eb938a1 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 10 Sep 2024 16:30:36 -0700 Subject: [PATCH 036/164] Fix issues from build report --- ...iagnostic-events-fields-windows-11-24H2.md | 45 +++++++++---------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index e024065536..ab423f3e35 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -440,7 +440,7 @@ Fires when the compatibility check completes. Gives the results from the check. The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. -- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement. +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement) - **Scenario** No content is currently available. @@ -462,7 +462,7 @@ Fires at the beginning and end of the HVCI auto-enablement process in sysprep. The following fields are available: -- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. See [wilActivity](#wilactivity). +- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled @@ -728,8 +728,8 @@ No content is currently available. The following fields are available: -- **Common** No content is currently available. See [Common](#common). -- **EventData** No content is currently available. See [EventData](#eventdata). +- **Common** No content is currently available. +- **EventData** No content is currently available. ### Ms.Support.Info @@ -738,8 +738,8 @@ No content is currently available. The following fields are available: -- **Common** No content is currently available. See [Common](#common). -- **EventData** No content is currently available. See [EventData](#eventdata). +- **Common** No content is currently available. +- **EventData** No content is currently available. ## Component-based servicing events @@ -1364,7 +1364,7 @@ The following fields are available: - **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. - **PackageVersion** Windows Mixed Reality Portal app package version. - **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. -- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity). +- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. ### Microsoft.Windows.Shell.HolographicFirstRun.SomethingWentWrong @@ -1507,16 +1507,16 @@ No content is currently available. The following fields are available: -- **BootEnvironment** No content is currently available. See [BootEnvironment](#bootenvironment). +- **BootEnvironment** No content is currently available. - **BootStatValid** No content is currently available. -- **Bugcheck** No content is currently available. See [Bugcheck](#bugcheck). -- **CrashDump** No content is currently available. See [CrashDump](#crashdump). +- **Bugcheck** No content is currently available. +- **CrashDump** No content is currently available. - **CurrentBootId** No content is currently available. -- **FirmwareReset** No content is currently available. See [FirmwareReset](#firmwarereset). +- **FirmwareReset** No content is currently available. - **LastShutdownBootId** No content is currently available. -- **LongPowerButtonHold** No content is currently available. See [LongPowerButtonHold](#longpowerbuttonhold). -- **SystemStateTransition** No content is currently available. See [SystemStateTransition](#systemstatetransition). -- **Watchdog** No content is currently available. See [Watchdog](#watchdog). +- **LongPowerButtonHold** No content is currently available. +- **SystemStateTransition** No content is currently available. +- **Watchdog** No content is currently available. - **WheaBootErrorCount** No content is currently available. @@ -1553,7 +1553,7 @@ The following fields are available: - **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. -- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. - **installSourceName** A string representation of the installation source. - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. @@ -1585,7 +1585,7 @@ The following fields are available: - **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. - **installSourceName** A string representation of the installation source. - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. @@ -1617,7 +1617,7 @@ The following fields are available: - **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. - **installSourceName** A string representation of the installation source. - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. @@ -1649,7 +1649,7 @@ The following fields are available: - **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol for more details on this policy. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. - **installSourceName** A string representation of the installation source. - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. @@ -3432,7 +3432,7 @@ The following fields are available: - **HRESULT** No content is currently available. - **publisherIntent** Publisher Intent id associated with the update. - **reason** Reason for EULA acceptance. -- **update** Update for which EULA has been accepted. See [update](#update). +- **update** Update for which EULA has been accepted. - **UusVersion** No content is currently available. @@ -3445,7 +3445,7 @@ The following fields are available: - **approved** Flag to determine if it is approved or not. - **provider** The provider related to which the update is approved. - **publisherIntent** The publisher intent of the Update. -- **update** Additional information about the Update. See [update](#update). +- **update** Additional information about the Update. - **UusVersion** No content is currently available. @@ -3479,12 +3479,11 @@ The following fields are available: - **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.). - **publisherIntent** No content is currently available. - **scenario** No content is currently available. -- **update** Update related metadata including UpdateId. See [update](#update). +- **update** Update related metadata including UpdateId. - **uptimeMinutes** Duration USO for up for in the current boot session. - **uptimeMinutesDelta** No content is currently available. - **UusVersion** No content is currently available. -- **wilActivity** Wil Activity related information. See [wilActivity](#wilactivity). - +- **wilActivity** Wil Activity related information. ### Microsoft.Windows.Update.SIHClient.CheckForUpdatesStarted From a1d838f3156e216ef659c5f154ff1fd1fd1684fc Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Tue, 10 Sep 2024 18:45:21 -0700 Subject: [PATCH 037/164] Fix "No content" issues For 42 events that aren't new --- ...iagnostic-events-fields-windows-11-24H2.md | 560 +++++++++--------- 1 file changed, 280 insertions(+), 280 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index ab423f3e35..e22f9d4875 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -45,198 +45,198 @@ The following fields are available: - **DatasourceApplicationFile_CO21H2Setup** The total number of objects of this type present on this device. - **DatasourceApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_NI22H2** No content is currently available. +- **DatasourceApplicationFile_NI22H2** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_NI22H2Setup** The total number of objects of this type present on this device. - **DatasourceApplicationFile_RS1** The total number of objects of this type present on this device. -- **DatasourceApplicationFile_ZN23H2** No content is currently available. -- **DatasourceApplicationFile_ZN23H2Exp** No content is currently available. -- **DatasourceApplicationFile_ZN23H2Setup** No content is currently available. -- **DatasourceApplicationFileBackup** No content is currently available. -- **DatasourceBackupApplicationRestore** No content is currently available. +- **DatasourceApplicationFile_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFileBackup** The count of the number of this particular object type present on this device. +- **DatasourceBackupApplicationRestore** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1Setup** The total number of objects of this type present on this device. - **DatasourceDevicePnp_CO21H2Setup** The total number of objects of this type present on this device. - **DatasourceDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_NI22H2** No content is currently available. +- **DatasourceDevicePnp_NI22H2** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_NI22H2Setup** The total number of objects of this type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DatasourceDevicePnp_ZN23H2** No content is currently available. -- **DatasourceDevicePnp_ZN23H2Exp** No content is currently available. -- **DatasourceDevicePnp_ZN23H2Setup** No content is currently available. +- **DatasourceDevicePnp_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1Setup** The total number of objects of this type present on this device. - **DatasourceDriverPackage_CO21H2Setup** The total number of objects of this type present on this device. - **DatasourceDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_NI22H2** No content is currently available. +- **DatasourceDriverPackage_NI22H2** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_NI22H2Setup** The total number of objects of this type present on this device. - **DatasourceDriverPackage_RS1** The total number of objects of this type present on this device. -- **DatasourceDriverPackage_ZN23H2** No content is currently available. -- **DatasourceDriverPackage_ZN23H2Exp** No content is currently available. -- **DatasourceDriverPackage_ZN23H2Setup** No content is currently available. +- **DatasourceDriverPackage_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device. - **DataSourceMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_NI22H2** No content is currently available. +- **DataSourceMatchingInfoBlock_NI22H2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total number of objects of this type present on this device. -- **DataSourceMatchingInfoBlock_ZN23H2** No content is currently available. -- **DataSourceMatchingInfoBlock_ZN23H2Exp** No content is currently available. -- **DataSourceMatchingInfoBlock_ZN23H2Setup** No content is currently available. +- **DataSourceMatchingInfoBlock_ZN23H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device. - **DataSourceMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_NI22H2** No content is currently available. +- **DataSourceMatchingInfoPassive_NI22H2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total number of objects of this type present on this device. -- **DataSourceMatchingInfoPassive_ZN23H2** No content is currently available. -- **DataSourceMatchingInfoPassive_ZN23H2Exp** No content is currently available. -- **DataSourceMatchingInfoPassive_ZN23H2Setup** No content is currently available. +- **DataSourceMatchingInfoPassive_ZN23H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device. - **DataSourceMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_NI22H2** No content is currently available. +- **DataSourceMatchingInfoPostUpgrade_NI22H2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device. -- **DataSourceMatchingInfoPostUpgrade_ZN23H2** No content is currently available. -- **DataSourceMatchingInfoPostUpgrade_ZN23H2Exp** No content is currently available. -- **DataSourceMatchingInfoPostUpgrade_ZN23H2Setup** No content is currently available. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1Setup** The total number of objects of this type present on this device. - **DatasourceSystemBios_CO21H2Setup** The total number of objects of this type present on this device. - **DatasourceSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_NI22H2** No content is currently available. +- **DatasourceSystemBios_NI22H2** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_NI22H2Setup** The total number of objects of this type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. -- **DatasourceSystemBios_ZN23H2** No content is currently available. -- **DatasourceSystemBios_ZN23H2Exp** No content is currently available. -- **DatasourceSystemBios_ZN23H2Setup** No content is currently available. +- **DatasourceSystemBios_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_NI22H2** No content is currently available. +- **DecisionApplicationFile_NI22H2** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionApplicationFile_RS1** The total number of objects of this type present on this device. -- **DecisionApplicationFile_ZN23H2** No content is currently available. -- **DecisionApplicationFile_ZN23H2Exp** No content is currently available. -- **DecisionApplicationFile_ZN23H2Setup** No content is currently available. +- **DecisionApplicationFile_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1Setup** The total number of objects of this type present on this device. - **DecisionDevicePnp_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_NI22H2** No content is currently available. +- **DecisionDevicePnp_NI22H2** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionDevicePnp_RS1** The total number of objects of this type present on this device. -- **DecisionDevicePnp_ZN23H2** No content is currently available. -- **DecisionDevicePnp_ZN23H2Exp** No content is currently available. -- **DecisionDevicePnp_ZN23H2Setup** No content is currently available. +- **DecisionDevicePnp_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1Setup** The total number of objects of this type present on this device. - **DecisionDriverPackage_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_NI22H2** No content is currently available. +- **DecisionDriverPackage_NI22H2** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionDriverPackage_RS1** The total number of objects of this type present on this device. -- **DecisionDriverPackage_ZN23H2** No content is currently available. -- **DecisionDriverPackage_ZN23H2Exp** No content is currently available. -- **DecisionDriverPackage_ZN23H2Setup** No content is currently available. +- **DecisionDriverPackage_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_NI22H2** No content is currently available. +- **DecisionMatchingInfoBlock_NI22H2** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionMatchingInfoBlock_RS1** The total number of objects of this type present on this device. -- **DecisionMatchingInfoBlock_ZN23H2** No content is currently available. -- **DecisionMatchingInfoBlock_ZN23H2Exp** No content is currently available. -- **DecisionMatchingInfoBlock_ZN23H2Setup** No content is currently available. +- **DecisionMatchingInfoBlock_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_NI22H2** No content is currently available. +- **DecisionMatchingInfoPassive_NI22H2** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPassive_ZN23H2** No content is currently available. -- **DecisionMatchingInfoPassive_ZN23H2Exp** No content is currently available. -- **DecisionMatchingInfoPassive_ZN23H2Setup** No content is currently available. +- **DecisionMatchingInfoPassive_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_NI22H2** No content is currently available. +- **DecisionMatchingInfoPostUpgrade_NI22H2** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_ZN23H2** No content is currently available. -- **DecisionMatchingInfoPostUpgrade_ZN23H2Exp** No content is currently available. -- **DecisionMatchingInfoPostUpgrade_ZN23H2Setup** No content is currently available. +- **DecisionMatchingInfoPostUpgrade_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionMediaCenter_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_NI22H2** No content is currently available. +- **DecisionMediaCenter_NI22H2** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionMediaCenter_RS1** The total number of objects of this type present on this device. -- **DecisionMediaCenter_ZN23H2** No content is currently available. -- **DecisionMediaCenter_ZN23H2Exp** No content is currently available. -- **DecisionMediaCenter_ZN23H2Setup** No content is currently available. +- **DecisionMediaCenter_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSModeState_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionSModeState_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionSModeState_NI22H2** No content is currently available. +- **DecisionSModeState_NI22H2** The count of the number of this particular object type present on this device. - **DecisionSModeState_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionSModeState_RS1** The total number of objects of this type present on this device. -- **DecisionSModeState_ZN23H2** No content is currently available. -- **DecisionSModeState_ZN23H2Exp** No content is currently available. -- **DecisionSModeState_ZN23H2Setup** No content is currently available. +- **DecisionSModeState_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSModeState_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSModeState_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device. - **DecisionSystemBios_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_NI22H2** No content is currently available. +- **DecisionSystemBios_NI22H2** The count of the number of this particular object type present on this device. - **DecisionSystemBios_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionSystemBios_RS1** The total number of objects of this type present on this device. -- **DecisionSystemBios_ZN23H2** No content is currently available. -- **DecisionSystemBios_ZN23H2Exp** No content is currently available. -- **DecisionSystemBios_ZN23H2Setup** No content is currently available. +- **DecisionSystemBios_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSystemDiskSize_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionSystemDiskSize_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemDiskSize_NI22H2** No content is currently available. +- **DecisionSystemDiskSize_NI22H2** The count of the number of this particular object type present on this device. - **DecisionSystemDiskSize_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device. -- **DecisionSystemDiskSize_ZN23H2** No content is currently available. -- **DecisionSystemDiskSize_ZN23H2Exp** No content is currently available. -- **DecisionSystemDiskSize_ZN23H2Setup** No content is currently available. +- **DecisionSystemDiskSize_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSystemMemory_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionSystemMemory_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemMemory_NI22H2** No content is currently available. +- **DecisionSystemMemory_NI22H2** The count of the number of this particular object type present on this device. - **DecisionSystemMemory_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionSystemMemory_RS1** The total number of objects of this type present on this device. -- **DecisionSystemMemory_ZN23H2** No content is currently available. -- **DecisionSystemMemory_ZN23H2Exp** No content is currently available. -- **DecisionSystemMemory_ZN23H2Setup** No content is currently available. +- **DecisionSystemMemory_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSystemProcessorCpuCores_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionSystemProcessorCpuCores_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemProcessorCpuCores_NI22H2** No content is currently available. +- **DecisionSystemProcessorCpuCores_NI22H2** The count of the number of this particular object type present on this device. - **DecisionSystemProcessorCpuCores_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device. -- **DecisionSystemProcessorCpuCores_ZN23H2** No content is currently available. -- **DecisionSystemProcessorCpuCores_ZN23H2Exp** No content is currently available. -- **DecisionSystemProcessorCpuCores_ZN23H2Setup** No content is currently available. +- **DecisionSystemProcessorCpuCores_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSystemProcessorCpuModel_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionSystemProcessorCpuModel_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionSystemProcessorCpuModel_NI22H2** No content is currently available. +- **DecisionSystemProcessorCpuModel_NI22H2** The count of the number of this particular object type present on this device. - **DecisionSystemProcessorCpuModel_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device. -- **DecisionSystemProcessorCpuModel_ZN23H2** No content is currently available. -- **DecisionSystemProcessorCpuModel_ZN23H2Exp** No content is currently available. -- **DecisionSystemProcessorCpuModel_ZN23H2Setup** No content is currently available. +- **DecisionSystemProcessorCpuModel_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionSystemProcessorCpuSpeed_CO21H2Setup** The total number of objects of this type present on this device. -- **DecisionSystemProcessorPopCnt** No content is currently available. +- **DecisionSystemProcessorPopCnt** The count of the number of this particular object type present on this device. - **DecisionTest_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionTest_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionTest_NI22H2** No content is currently available. +- **DecisionTest_NI22H2** The count of the number of this particular object type present on this device. - **DecisionTest_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionTest_RS1** The total number of objects of this type present on this device. -- **DecisionTest_ZN23H2** No content is currently available. -- **DecisionTest_ZN23H2Exp** No content is currently available. -- **DecisionTest_ZN23H2Setup** No content is currently available. +- **DecisionTest_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionTest_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionTest_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionTpmVersion_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionTpmVersion_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionTpmVersion_NI22H2** No content is currently available. +- **DecisionTpmVersion_NI22H2** The count of the number of this particular object type present on this device. - **DecisionTpmVersion_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionTpmVersion_RS1** The total number of objects of this type present on this device. -- **DecisionTpmVersion_ZN23H2** No content is currently available. -- **DecisionTpmVersion_ZN23H2Exp** No content is currently available. -- **DecisionTpmVersion_ZN23H2Setup** No content is currently available. +- **DecisionTpmVersion_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_ZN23H2Setup** The count of the number of this particular object type present on this device. - **DecisionUefiSecureBoot_CO21H2Setup** The total number of objects of this type present on this device. - **DecisionUefiSecureBoot_CU23H2Setup** The count of the number of this particular object type present on this device. -- **DecisionUefiSecureBoot_NI22H2** No content is currently available. +- **DecisionUefiSecureBoot_NI22H2** The count of the number of this particular object type present on this device. - **DecisionUefiSecureBoot_NI22H2Setup** The total number of objects of this type present on this device. - **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device. -- **DecisionUefiSecureBoot_ZN23H2** No content is currently available. -- **DecisionUefiSecureBoot_ZN23H2Exp** No content is currently available. -- **DecisionUefiSecureBoot_ZN23H2Setup** No content is currently available. +- **DecisionUefiSecureBoot_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_ZN23H2Setup** The count of the number of this particular object type present on this device. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. @@ -248,12 +248,12 @@ The following fields are available: - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The total number of objects of this type present on this device. -- **SystemProcessorPopCnt** No content is currently available. -- **SystemProcessorPopCnt_NI22H2** No content is currently available. -- **SystemProcessorPopCnt_RS1** No content is currently available. -- **SystemProcessorPopCnt_ZN23H2** No content is currently available. -- **SystemProcessorPopCnt_ZN23H2Exp** No content is currently available. -- **SystemProcessorPopCnt_ZN23H2Setup** No content is currently available. +- **SystemProcessorPopCnt** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_NI22H2** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_RS1** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_ZN23H2** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_ZN23H2Setup** The count of the number of this particular object type present on this device. - **SystemProcessorPrefetchW** The total number of objects of this type present on this device. - **SystemProcessorSse2** The total number of objects of this type present on this device. - **SystemTouch** The count of the number of this particular object type present on this device. @@ -262,12 +262,12 @@ The following fields are available: - **SystemWlan** The total number of objects of this type present on this device. - **Wmdrm_CO21H2Setup** The total number of objects of this type present on this device. - **Wmdrm_CU23H2Setup** The count of the number of this particular object type present on this device. -- **Wmdrm_NI22H2** No content is currently available. +- **Wmdrm_NI22H2** The count of the number of this particular object type present on this device. - **Wmdrm_NI22H2Setup** The total number of objects of this type present on this device. - **Wmdrm_RS1** The total number of objects of this type present on this device. -- **Wmdrm_ZN23H2** No content is currently available. -- **Wmdrm_ZN23H2Exp** No content is currently available. -- **Wmdrm_ZN23H2Setup** No content is currently available. +- **Wmdrm_ZN23H2** The count of the number of this particular object type present on this device. +- **Wmdrm_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **Wmdrm_ZN23H2Setup** The count of the number of this particular object type present on this device. ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove @@ -373,26 +373,26 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntAdd -No content is currently available. +This event sends data indicating whether the system supports the PopCnt CPU requirement for newer versions of Windows, to help keep Windows up-to-date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **AppraiserVersion** No content is currently available. -- **Blocking** No content is currently available. -- **PopCntPassed** No content is currently available. +- **AppraiserVersion** Appraiser version +- **Blocking** Is the upgrade blocked due to the processor missing the PopCnt instruction? +- **PopCntPassed** Whether the machine passes the latest OS hardware requirements or not for the PopCnt instruction. ### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntStartSync -No content is currently available. +The SystemProcessorPopCntStartSync event indicates that a new set of SystemProcessorPopCntAdd events will be sent. This event is used to understand if the system supports the PopCnt CPU requirement for newer versions of Windows. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **AppraiserVersion** No content is currently available. +- **AppraiserVersion** Appraiser version. ## Census events @@ -429,8 +429,8 @@ Indicates if OEM attempted to block autoenablement via regkey. The following fields are available: - **BlockHvciAutoenablement** True if auto-enablement was successfully blocked, false otherwise. -- **BlockRequested** No content is currently available. -- **Scenario** No content is currently available. +- **BlockRequested** Whether an autoenablement block was requested. +- **Scenario** Used to differentiate VBS and HVCI paths. ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility @@ -450,10 +450,10 @@ Fires when auto-enablement is successful and HVCI is being enabled on the device The following fields are available: -- **Error** No content is currently available. -- **Scenario** No content is currently available. -- **SuccessfullyEnabled** No content is currently available. -- **Upgrade** No content is currently available. +- **Error** Error code if there was an issue during enablement +- **Scenario** Indicates whether enablement was for VBS vs HVCI +- **SuccessfullyEnabled** Indicates whether enablement was successful +- **Upgrade** Indicates whether the event was fired during upgrade (rather than clean install) ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity @@ -467,7 +467,7 @@ The following fields are available: ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled -No content is currently available. +Fires when HVCI is already enabled so no need to continue auto-enablement. @@ -1048,8 +1048,8 @@ The following fields are available: - **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. - **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. - **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. -- **DxDbCurrentVersion** No content is currently available. -- **DxDbVersionCheckStatus** No content is currently available. +- **DxDbCurrentVersion** Version of the DirectX Database on the device. +- **DxDbVersionCheckStatus** Numeric value indicating the result of the last check on the DirectX Database version for the device. - **GPUDeviceID** The GPU device ID. - **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. - **GPURevisionID** The GPU revision ID. @@ -1061,7 +1061,7 @@ The following fields are available: - **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. - **InterfaceFuncPointersProvided3** Number of device driver interface function pointers provided. - **InterfaceId** The GPU interface ID. -- **IsCrossAdapterScanOutSupported** No content is currently available. +- **IsCrossAdapterScanOutSupported** Boolean value indicating whether the adapter supports cross-adapter scanout optimization. - **IsDisplayDevice** Does the GPU have displaying capabilities? - **IsHwFlipQueueEnabled** Boolean value indicating whether hardware flip queues are enabled. - **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. @@ -1078,12 +1078,12 @@ The following fields are available: - **IsSoftwareDevice** Is this a software implementation of the GPU? - **IsVirtualRefreshRateSupported** Boolean value indicating whether the adapter supports virtual refresh rates. - **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. -- **MdmSupportStatus** No content is currently available. +- **MdmSupportStatus** Numeric value indicating support for Microsoft Display Mux. - **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? -- **NodeTypes** No content is currently available. -- **NumExecutionNodes** No content is currently available. +- **NodeTypes** Types of execution nodes comprising the graphics adapter. +- **NumExecutionNodes** Number of execution nodes comprising the graphics adapter. - **NumNonVidPnTargets** Number of display targets. -- **NumPhysicalAdapters** No content is currently available. +- **NumPhysicalAdapters** Number of physical graphics adapters. - **NumVidPnSources** The number of supported display output sources. - **NumVidPnTargets** The number of supported display output targets. - **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). @@ -1174,7 +1174,7 @@ The following fields are available: - **quarantineDuration** The quarantine duration. - **quarantineThreshold** The quarantine threshold. - **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. -- **rdmaConnectionsForStorage** No content is currently available. +- **rdmaConnectionsForStorage** This specifies the rdma connections for storage. - **resiliencyLevel** Specifies the level of resiliency. - **resourceCounts** Specifies the number of resources. - **resourceTypeCounts** Specifies the number of resource types in the cluster. @@ -1189,7 +1189,7 @@ The following fields are available: - **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. - **upNodeCount** Specifies the number of nodes that are up (online). - **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. -- **useRdmaForStorage** No content is currently available. +- **useRdmaForStorage** The cluster parameter to use rdma for storage. - **vmIsolationTime** The cluster parameter: VM isolation time. - **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. @@ -1332,14 +1332,14 @@ The following fields are available: ### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated -No content is currently available. +This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **AppSessionGuid** No content is currently available. -- **IsForCompositor** No content is currently available. -- **Source** No content is currently available. -- **WindowInstanceId** No content is currently available. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **IsForCompositor** True/False to indicate whether the holographic space is for compositor process. +- **Source** An enumeration indicating the source of the log. +- **WindowInstanceId** Unique value for each window instance. ### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated @@ -1456,7 +1456,7 @@ The following fields are available: - **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. - **RootDirPath** The path to the root directory where the program was installed. - **Source** How the program was installed (for example, ARP, MSI, Appx). -- **SparkId** No content is currently available. +- **SparkId** Unique ID that represents a Win32 app installed from the Microsoft Store. - **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. - **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. - **Version** The version number of the program. @@ -1503,21 +1503,21 @@ The following fields are available: ### Microsoft.Windows.Kernel.Power.AbnormalShutdown -No content is currently available. +This event provides diagnostic information of the most recent abnormal shutdown. The following fields are available: -- **BootEnvironment** No content is currently available. -- **BootStatValid** No content is currently available. -- **Bugcheck** No content is currently available. -- **CrashDump** No content is currently available. -- **CurrentBootId** No content is currently available. -- **FirmwareReset** No content is currently available. -- **LastShutdownBootId** No content is currently available. -- **LongPowerButtonHold** No content is currently available. -- **SystemStateTransition** No content is currently available. -- **Watchdog** No content is currently available. -- **WheaBootErrorCount** No content is currently available. +- **BootEnvironment** Errors from boot environment. +- **BootStatValid** Status of bootstat file. +- **Bugcheck** Bugcheck information. +- **CrashDump** Crash dump information. +- **CurrentBootId** ID of this boot. +- **FirmwareReset** System reset by firmware. +- **LastShutdownBootId** BootID of last shutdown. +- **LongPowerButtonHold** Long power button hold information. +- **SystemStateTransition** State transition information. +- **Watchdog** Watchdog information. +- **WheaBootErrorCount** Whea boot error information. ### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown @@ -1528,7 +1528,7 @@ The following fields are available: - **temperature** Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit. - **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits. -- **TotalUpTimeMs** No content is currently available. +- **TotalUpTimeMs** Contains the total system up time in milliseconds. ## Microsoft Edge events @@ -1539,7 +1539,7 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **account_type** No content is currently available. +- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. - **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. - **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). @@ -1571,7 +1571,7 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **account_type** No content is currently available. +- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. - **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. - **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). @@ -1603,7 +1603,7 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **account_type** No content is currently available. +- **account_type** Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. - **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. - **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). @@ -1635,7 +1635,7 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **account_type** No content is currently available. +- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. - **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. - **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). @@ -1677,23 +1677,23 @@ The following fields are available: - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. - **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. -- **appEdgePreviewDisenrollReason** No content is currently available. -- **appEdgePreviewPreviousValuesV2** No content is currently available. -- **appEdgePreviewState** No content is currently available. +- **appEdgePreviewDisenrollReason** Reason why Preview was unenrolled. +- **appEdgePreviewPreviousValuesV2** Previous values of the Edge Preview. +- **appEdgePreviewState** Specifies if Edge is in the preview state. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. -- **appFirstFRESeenTime** No content is currently available. -- **appFirstFRESeenVersion** No content is currently available. -- **appInactivityBadgeApplied** No content is currently available. -- **appInactivityBadgeCleared** No content is currently available. -- **appInactivityBadgeDuration** No content is currently available. +- **appFirstFRESeenTime** The earliest time the Edge First Run Experience was seen by any user on the device in Windows FILETIME units / 10. Default: undefined. +- **appFirstFRESeenVersion** The earliest Edge First Run Experience version that was seen by any user on the device (e.g. '1.2.3.4'). Default: undefined. +- **appInactivityBadgeApplied** Specifies that the inactivity badge has been applied. +- **appInactivityBadgeCleared** Specifies that the inactivity badge has been cleared. +- **appInactivityBadgeDuration** The duration of the inactivity badge. - **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. -- **appIsPinnedSystem** No content is currently available. +- **appIsPinnedSystem** Specifies is the app is pinned. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. -- **appLastLaunchCount** No content is currently available. +- **appLastLaunchCount** Number of times the app launched last. - **appLastLaunchTime** The time when browser was last launched. - **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. -- **appOOBEInstallTime** No content is currently available. +- **appOOBEInstallTime** The time of first recorded successful OOBE Edge install in Windows FILETIME units / 10 (i.e. the install time of any fully completed OOBE install achieved before OOBE finishes), as recorded by setup.exe. Default: undefined. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply. - **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z. @@ -1719,7 +1719,7 @@ The following fields are available: - **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply. - **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. - **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. -- **appPingEventSystemUptimeTicks** No content is currently available. +- **appPingEventSystemUptimeTicks** Number of ticks that the system has been up. - **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'. - **appUpdateCheckIsRollbackAllowed** Check for status showing whether or not rollback is allowed. @@ -1727,8 +1727,8 @@ The following fields are available: - **appUpdateCheckTargetChannel** Check for status showing the target release channel. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appUpdateCount** No content is currently available. -- **appUpdatesAllowedForMeteredNetworks** No content is currently available. +- **appUpdateCount** A running total of successful updates recorded by setup.exe. This is used for continuity checking of the Ping data spanning consecutive updates. +- **appUpdatesAllowedForMeteredNetworks** Specifies if the device can receive updates with on a metered network. - **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **eventType** A string indicating the type of the event. Please see the wiki for additional information. @@ -1743,19 +1743,19 @@ The following fields are available: - **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. - **hwLogicalCpus** Number of logical CPUs of the device. - **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. -- **isCTADevice** No content is currently available. +- **isCTADevice** Specifies if the device is CTA. - **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. - **oemProductManufacturer** The device manufacturer name. - **oemProductName** The product name of the device defined by device manufacturer. - **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. -- **osIsDefaultNetworkConnectionMetered** No content is currently available. -- **osIsInLockdownMode** No content is currently available. -- **osIsWIP** No content is currently available. +- **osIsDefaultNetworkConnectionMetered** States if the default network connection is metered. +- **osIsInLockdownMode** Is the OS in lockdown mode. +- **osIsWIP** Whether the OS is in preview. - **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. -- **osProductType** No content is currently available. +- **osProductType** Type associated with the operating system. - **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. - **osVersion** The primary version of the operating system. '' if unknown. Default: ''. -- **osWIPBranch** No content is currently available. +- **osWIPBranch** WIP branch of the operating system. - **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. - **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. - **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. @@ -1791,7 +1791,7 @@ The following fields are available: - **migDiagSession->CString** Indicates the phase of the update. - **objectCount** Number of files being tracked for the corresponding phase of the update. -- **sfInfo.Name** No content is currently available. +- **sfInfo.Name** This indicates well know folder location path (Ex: PUBLIC_downloads etc.) ### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr @@ -1907,27 +1907,27 @@ The following fields are available: ### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered -No content is currently available. +This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **SessionID** No content is currently available. -- **TargetAsId** No content is currently available. -- **windowInstanceId** No content is currently available. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. ### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave -No content is currently available. +This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **EventHistory** No content is currently available. -- **ExternalComponentState** No content is currently available. -- **LastEvent** No content is currently available. -- **SessionID** No content is currently available. -- **TargetAsId** No content is currently available. -- **windowInstanceId** No content is currently available. +- **EventHistory** Unique number of event history. +- **ExternalComponentState** State of external component. +- **LastEvent** Unique number of last event. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. ### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeyFinalize @@ -1986,28 +1986,28 @@ The following fields are available: ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateFailed -No content is currently available. +Event that indicates that an attempt to apply secure boot updates failed The following fields are available: -- **Action** No content is currently available. -- **hr** No content is currently available. -- **IsRejectedByFirmware** No content is currently available. -- **IsResealNeeded** No content is currently available. -- **RevokedBootmanager** No content is currently available. -- **SecureBootUpdateCaller** No content is currently available. -- **UpdateType** No content is currently available. -- **WillResealSucceed** No content is currently available. +- **Action** Action string when error occured +- **hr** Error code in HRESULT +- **IsRejectedByFirmware** Bool value to indicate if firmware has rejected the update. +- **IsResealNeeded** BOOL value to indicate if TPM Reseal was needed +- **RevokedBootmanager** BOOL value to indicate if current bootmgr is revoked. +- **SecureBootUpdateCaller** Scenario in which function was called. Could be Update or Upgrade +- **UpdateType** Indicates if it's DB or DBX update +- **WillResealSucceed** Indicates if TPM reseal operation is expected to succeed ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted -No content is currently available. +Event that indicates secure boot update has started. The following fields are available: -- **AvailableUpdates** No content is currently available. -- **SecureBootUpdateCaller** No content is currently available. +- **AvailableUpdates** Number of available secure boot updates. +- **SecureBootUpdateCaller** Enum value indicating if this is a servicing or an upgrade. ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateSucceeded @@ -2164,34 +2164,34 @@ This event provides information about move or deletion of a file or a directory The following fields are available: -- **Mode** No content is currently available. +- **Mode** The kind of monitoring mode enforced for the given path (this is one of a fixed set of strings). - **Path** Path to the file or the directory which is being moved or deleted. - **Process** Path to the process which is requesting the move or the deletion. -- **SessionId** No content is currently available. +- **SessionId** Identifier to correlate this component's telemetry with that of others. - **TargetPath** (Optional) If the operation is a move, the target path to which the file or directory is being moved. ### Microsoft.Windows.Setup.WinSetupMon.TraceError -No content is currently available. +Provides details about error in the functioning of upgrade data safety monitoring filter driver. The following fields are available: -- **Message** No content is currently available. -- **SessionId** No content is currently available. -- **Status** No content is currently available. +- **Message** Text string describing the error condition. +- **SessionId** Identifier to correlate this component's telemetry with that of others. +- **Status** NTSTATUS code related to the error. ### Microsoft.Windows.Setup.WinSetupMon.TraceErrorVolume -No content is currently available. +Provides details about error in the functioning of upgrade data safety monitoring filter driver, related to a specific volume (drive). The following fields are available: -- **Message** No content is currently available. -- **SessionId** No content is currently available. -- **Status** No content is currently available. -- **Volume** No content is currently available. +- **Message** Text string describing the error condition. +- **SessionId** Identifier to correlate this component's telemetry with that of others. +- **Status** NTSTATUS code related to the error. +- **Volume** Path of the volume on which the error occurs ## Surface events @@ -2226,16 +2226,16 @@ The following fields are available: - **BPMRsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. - **BPMTotalEngagedMinutes** Total time that BPM was engaged. - **BPMTotalEntryEvents** Total number of times entering BPM. -- **BPMv4CurrentlyEngaged** No content is currently available. -- **BPMv4ExitCriteria** No content is currently available. -- **BPMv4HvtCountA** No content is currently available. -- **BPMv4HvtCountB** No content is currently available. -- **BPMv4RsocBucketsHighTemp_Values** No content is currently available. -- **BPMv4RsocBucketsLowTemp_Values** No content is currently available. -- **BPMv4RsocBucketsMediumHighTemp_Values** No content is currently available. -- **BPMv4RsocBucketsMediumLowTemp_Values** No content is currently available. -- **BPMv4TotalEngagedMinutes** No content is currently available. -- **BPMv4TotalEntryEvents** No content is currently available. +- **BPMv4CurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device. +- **BPMv4ExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC?. +- **BPMv4HvtCountA** Current HVT count for BPM counter A. +- **BPMv4HvtCountB** Current HVT count for BPM counter B. +- **BPMv4RsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4RsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4RsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4RsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4TotalEngagedMinutes** Total time that BPM was engaged. +- **BPMv4TotalEntryEvents** Total number of times entering BPM. - **ComponentId** Component ID. - **FwVersion** FW version that created this log. - **LogClass** Log Class. @@ -2254,7 +2254,7 @@ This event includes the hardware level data about battery performance. The data The following fields are available: -- **batteryPresent** No content is currently available. +- **batteryPresent** Battery present on device. - **BPMKioskModeStartDateInSeconds** First time Battery Limit was turned on. - **BPMKioskModeTotalEngagedMinutes** Total time Battery Limit was on (SOC value at 50%). - **ComponentId** Component ID. @@ -2264,7 +2264,7 @@ The following fields are available: - **CTTMinSOC28day** Rolling 28 day minimum SOC. Value set to 0 initially. - **CTTMinSOC3day** Rolling 3 day minimum SOC. Value set to 0 initially. - **CTTMinSOC7day** Rolling 7 day minimum SOC. Value set to 0 initially. -- **CTTReduction** No content is currently available. +- **CTTReduction** Current CTT reduction in mV - **CTTStartDateInSeconds** Start date from when device was starting to be used. - **currentAuthenticationState** Current Authentication State. - **FwVersion** FW version that created this log. @@ -2470,18 +2470,18 @@ The following fields are available: ### Update360Telemetry.FellBackToDownloadingAllPackageFiles -No content is currently available. +This event indicates whether a failure occurred during Missing File List generation and is applicable to Quality Update downloads. The following fields are available: -- **ErrorCode** No content is currently available. -- **FlightId** No content is currently available. -- **ObjectId** No content is currently available. -- **Package** No content is currently available. -- **RelatedCV** No content is currently available. -- **ScenarioId** No content is currently available. -- **SessionId** No content is currently available. -- **UpdateId** No content is currently available. +- **ErrorCode** Error code returned during Missing File List generation. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique ID for each flight. +- **Package** Name of the package for which Missing File List generation failed and we fell back to downloading all package files. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases). +- **UpdateId** Unique ID for each Update. ### Update360Telemetry.UpdateAgentCommit @@ -2649,13 +2649,13 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.BeginGetFreeEntitlement -No content is currently available. +Tracks the beginning of the call to get a free app entitlement. The following fields are available: -- **CampaignId** No content is currently available. -- **StoreId** No content is currently available. -- **UseDeviceId** No content is currently available. +- **CampaignId** Marketing Campaign Identifier. +- **StoreId** App Store Catalog Id. +- **UseDeviceId** Boolean value to select whether the entitlement should be a device versus a user entitlement. ### Microsoft.Windows.StoreAgent.Telemetry.BeginInstall @@ -2809,14 +2809,14 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndGetFreeEntitlement -No content is currently available. +Telemetry is fired at the end of the call to request an free app entitlement, which will make a server call to get the entitlement. The following fields are available: -- **CampaignId** No content is currently available. -- **HResult** No content is currently available. -- **StoreId** No content is currently available. -- **UseDeviceId** No content is currently available. +- **CampaignId** Campaign marketing Id. +- **HResult** Error result. +- **StoreId** Store Catalog Id of item requesting ownership. +- **UseDeviceId** Boolean value to select whether the entitlement should be a device versus a user entitlement. ### Microsoft.Windows.StoreAgent.Telemetry.EndInstall @@ -2934,12 +2934,12 @@ This event is sent at the beginning of an app install or update to help keep Win The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. -- **ClientAppId** No content is currently available. +- **ClientAppId** The identity of the app that initiated this operation. - **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. -- **InstalledPFuN** No content is currently available. +- **InstalledPFuN** Package Full Name of the app that is installed and will be updated. - **PFN** The Package Family Name of the app that is being installed or updated. - **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. -- **PluginWorkCreationHr** No content is currently available. +- **PluginWorkCreationHr** Resulting HResult error/success code from plugin work creation. - **ProductId** The product ID of the app that is being updated or installed. @@ -3254,7 +3254,7 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. -- **callerAppPackageName** No content is currently available. +- **callerAppPackageName** The caller app package name. - **cdnUrl** The URL of the source Content Distribution Network (CDN). - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). @@ -3280,7 +3280,7 @@ The following fields are available: - **sessionID** The ID for the file download session. - **setConfigs** A JSON representation of the configurations that have been set, and their sources. - **updateID** The ID of the update being downloaded. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the undocked update stack. ### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication @@ -3376,8 +3376,8 @@ The following fields are available: - **AppInstallState** The application installation state. - **HRESULT** The result code (HResult) of the install. - **PFN** The package family name of the package being installed. -- **updaterId** No content is currently available. -- **UusVersion** No content is currently available. +- **updaterId** The Id of the updater. +- **UusVersion** The version of the UUS stack currently active. ### Microsoft.Windows.Update.Orchestrator.Client.EdgeUpdateResult @@ -3388,7 +3388,7 @@ The following fields are available: - **ExitCode** The exit code that was returned. - **HRESULT** The result code (HResult) of the operation. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the UUS stack currently active. - **VelocityEnabled** A flag that indicates if velocity is enabled. - **WorkCompleted** A flag that indicates if work is completed. @@ -3420,7 +3420,7 @@ The following fields are available: - **configuredPoliciescount** Number of policies on the device. - **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight). - **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. -- **UusVersion** No content is currently available. +- **UusVersion** Active version of UUS. ### Microsoft.Windows.Update.Orchestrator.Worker.EulaAccepted @@ -3429,11 +3429,11 @@ Indicates that EULA for an update has been accepted. The following fields are available: -- **HRESULT** No content is currently available. +- **HRESULT** Was the EULA acceptance successful. - **publisherIntent** Publisher Intent id associated with the update. - **reason** Reason for EULA acceptance. - **update** Update for which EULA has been accepted. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the UUS stack currently active. ### Microsoft.Windows.Update.Orchestrator.Worker.OobeUpdateApproved @@ -3446,7 +3446,7 @@ The following fields are available: - **provider** The provider related to which the update is approved. - **publisherIntent** The publisher intent of the Update. - **update** Additional information about the Update. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the UUS Stack currently active. ### Microsoft.Windows.Update.Orchestrator.Worker.SetIpuMode @@ -3472,17 +3472,17 @@ The following fields are available: - **action** The type of action being performed (Install or download etc.). - **connectivity** Informs if the device is connected to network while this action is performed. - **freeDiskSpaceInMB** Amount of free disk space. -- **freeDiskSpaceInMBDelta** No content is currently available. +- **freeDiskSpaceInMBDelta** Amount of free disk space. - **interactive** Informs if this action is caused due to user interaction. -- **nextAction** No content is currently available. +- **nextAction** Next action to be performed. - **priority** The CPU and IO priority this action is being performed on. - **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.). -- **publisherIntent** No content is currently available. -- **scenario** No content is currently available. +- **publisherIntent** ID for the metadata associated with the update. +- **scenario** The result of the action being performed. - **update** Update related metadata including UpdateId. - **uptimeMinutes** Duration USO for up for in the current boot session. -- **uptimeMinutesDelta** No content is currently available. -- **UusVersion** No content is currently available. +- **uptimeMinutesDelta** The change in device uptime while this action was performed. +- **UusVersion** The version of the UUS stack currently active. - **wilActivity** Wil Activity related information. ### Microsoft.Windows.Update.SIHClient.CheckForUpdatesStarted @@ -3916,24 +3916,24 @@ The following fields are available: ### Microsoft.Windows.Update.WUClient.DownloadPaused -No content is currently available. +This event is fired when the Download stage is paused. The following fields are available: -- **BundleId** No content is currently available. -- **CallerName** No content is currently available. -- **ClassificationId** No content is currently available. -- **DownloadPriority** No content is currently available. -- **EventType** No content is currently available. -- **FlightId** No content is currently available. -- **HandlerInfo** No content is currently available. -- **HandlerType** No content is currently available. -- **Props** No content is currently available. -- **RegulationResult** No content is currently available. -- **RelatedCV** No content is currently available. -- **ServiceGuid** No content is currently available. -- **UpdateId** No content is currently available. -- **UusVersion** No content is currently available. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **DownloadPriority** Indicates the priority of the download activity. +- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props {MergedUpdate} +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. ### Microsoft.Windows.Update.WUClient.DownloadQueued @@ -4214,19 +4214,19 @@ The following fields are available: ### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityGeneral -No content is currently available. +Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The following fields are available: -- **CallerName** No content is currently available. -- **EndpointUrl** No content is currently available. -- **ExtendedStatusCode** No content is currently available. -- **MetadataIntegrityMode** No content is currently available. -- **RawMode** No content is currently available. -- **ServiceGuid** No content is currently available. -- **SLSPrograms** No content is currently available. -- **StatusCode** No content is currently available. -- **UusVersion** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EndpointUrl** Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult) +- **UusVersion** The version of the Update Undocked Stack ### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegritySignature @@ -4282,10 +4282,10 @@ The following fields are available: - **ModulePath** Path of the undocked module. - **ModuleVersion** Version of the undocked module. -- **Props** No content is currently available. +- **Props** A bitmask for flags associated with loading the undocked module. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **StatusCode** Result of the undocked module loading operation. -- **UusSessionId** No content is currently available. +- **UusSessionID** Unique ID used to create the UUS session. - **UusVersion** Active UUS version. From c243cb7f2356ffeca00344c66e160bd90ab1235f Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 11 Sep 2024 10:20:16 -0700 Subject: [PATCH 038/164] Remove 2 events (Ms.Support.*) --- ...iagnostic-events-fields-windows-11-24H2.md | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index e22f9d4875..61f57e297e 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -722,26 +722,6 @@ The following fields are available: - **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. - -### Ms.Support.HttpEvent - -No content is currently available. - -The following fields are available: - -- **Common** No content is currently available. -- **EventData** No content is currently available. - - -### Ms.Support.Info - -No content is currently available. - -The following fields are available: - -- **Common** No content is currently available. -- **EventData** No content is currently available. - - ## Component-based servicing events ### CbsServicingProvider.CbsCapabilityEnumeration From b70c53d6e06b9067b0ac1cdd74efd843788f2666 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 11 Sep 2024 10:42:00 -0700 Subject: [PATCH 039/164] Add missing field description --- .../required-diagnostic-events-fields-windows-11-24H2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index 61f57e297e..96a6f7e399 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -441,7 +441,7 @@ The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. - **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement) -- **Scenario** No content is currently available. +- **Scenario** Denotes whether SysPrep is attempting to enable HVCI and VBS (0) or just VBS (1). ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled From ac54ee657a201f2b7a619ba21b5c7501c4a2d7a4 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 11 Sep 2024 10:58:52 -0700 Subject: [PATCH 040/164] Update "scenario" field description --- .../required-diagnostic-events-fields-windows-11-24H2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index 96a6f7e399..3d2bbbf7a2 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -441,7 +441,7 @@ The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. - **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement) -- **Scenario** Denotes whether SysPrep is attempting to enable HVCI and VBS (0) or just VBS (1). +- **Scenario** Denotes whether SysPrep is attempting to enable HVCI (0) or VBS (1). ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled From ce67c73e1fa2cf4ace841ca69ec8773012fbdef0 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 11 Sep 2024 13:08:45 -0600 Subject: [PATCH 041/164] Update App Control for Business redirect links --- .../appcontrol-appid-tagging-guide.md | 13 +- ...perational-guide-appid-tagging-policies.md | 7 +- .../deploy-appid-tagging-policies.md | 21 ++-- .../design-create-appid-tagging-policies.md | 102 ++++++++------- .../app-control-for-business/TOC.yml | 92 +++++++------- .../appcontrol-and-applocker-overview.md | 31 +++-- .../app-control-for-business/appcontrol.md | 17 ++- .../applocker/applocker-overview.md | 6 +- .../applocker-policies-design-guide.md | 2 +- .../applocker-processes-and-interactions.md | 3 +- ...r-policies-by-using-set-applockerpolicy.md | 2 +- .../merge-applocker-policies-manually.md | 2 +- .../applocker/rule-collection-extensions.md | 2 +- ...ent-setting-inheritance-in-group-policy.md | 2 +- .../applocker/what-is-applocker.md | 2 +- .../deployment/appcontrol-deployment-guide.md | 37 +++--- .../deployment/audit-appcontrol-policies.md | 39 +++--- ...create-code-signing-cert-for-appcontrol.md | 19 ++- ...-appcontrol-policies-using-group-policy.md | 39 +++--- ...deploy-appcontrol-policies-using-intune.md | 39 +++--- .../deploy-appcontrol-policies-with-memcm.md | 41 +++--- .../deploy-appcontrol-policies-with-script.md | 31 +++-- ...loy-catalog-files-to-support-appcontrol.md | 25 ++-- .../deployment/disable-appcontrol-policies.md | 55 ++++---- .../deployment/enforce-appcontrol-policies.md | 31 +++-- .../deployment/merge-appcontrol-policies.md | 39 +++--- ...gning-for-better-control-and-protection.md | 21 ++-- ...to-protect-appcontrol-against-tampering.md | 33 +++-- ...bject-registration-in-appcontrol-policy.md | 21 ++-- .../design/appcontrol-and-dotnet.md | 28 ++--- .../design/appcontrol-design-guide.md | 25 ++-- .../appcontrol-wizard-create-base-policy.md | 39 +++--- ...ntrol-wizard-create-supplemental-policy.md | 23 ++-- .../appcontrol-wizard-editing-policy.md | 23 ++-- .../appcontrol-wizard-merging-policies.md | 16 +-- .../appcontrol-wizard-parsing-event-logs.md | 73 ++++++----- .../design/appcontrol-wizard.md | 13 +- ...applications-that-can-bypass-appcontrol.md | 21 ++-- .../design/common-appcontrol-use-cases.md | 23 ++-- ...-apps-deployed-with-a-managed-installer.md | 33 +++-- .../design/create-appcontrol-deny-policy.md | 22 ++-- ...ontrol-policy-for-fully-managed-devices.md | 39 +++--- ...trol-policy-for-lightly-managed-devices.md | 39 +++--- ...control-policy-using-reference-computer.md | 37 +++--- .../deploy-multiple-appcontrol-policies.md | 21 ++-- .../example-appcontrol-base-policies.md | 29 +++-- .../manage-packaged-apps-with-appcontrol.md | 37 +++--- ...icrosoft-recommended-driver-block-rules.md | 23 ++-- .../design/plan-appcontrol-management.md | 51 ++++---- .../design/script-enforcement.md | 39 +++--- .../design/select-types-of-rules-to-create.md | 99 ++++++++------- ...tand-appcontrol-policy-design-decisions.md | 39 +++--- ...nderstanding-appcontrol-policy-settings.md | 14 +-- ...l-specific-plug-ins-add-ins-and-modules.md | 15 ++- ...control-with-intelligent-security-graph.md | 39 +++--- .../feature-availability.md | 32 ++--- .../includes/feature-availability-note.md | 9 ++ .../app-control-for-business/index.yml | 32 ++--- ...ppcontrol-debugging-and-troubleshooting.md | 117 +++++++++--------- .../appcontrol-operational-guide.md | 27 ++-- .../operations/citool-commands.md | 12 +- .../configure-appcontrol-managed-installer.md | 9 +- .../operations/event-id-explanations.md | 36 +++--- .../operations/event-tag-explanations.md | 14 +-- .../operations/inbox-appcontrol-policies.md | 15 ++- .../operations/known-issues.md | 51 ++++---- ...events-centrally-using-advanced-hunting.md | 16 +-- ...nd-windows-defender-application-control.md | 43 ------- ...alization-based-security-and-appcontrol.md | 43 +++++++ .../application-control/toc.yml | 2 +- ...-guard-secure-launch-and-smm-protection.md | 2 +- windows/security/threat-protection/index.md | 2 +- 72 files changed, 1028 insertions(+), 1068 deletions(-) create mode 100644 windows/security/application-security/application-control/app-control-for-business/includes/feature-availability-note.md delete mode 100644 windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md create mode 100644 windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md index 4dc0da5aba..c43cf2dd90 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md @@ -1,23 +1,22 @@ --- -title: Designing, creating, managing, and troubleshooting Windows Defender Application Control AppId Tagging policies -description: How to design, create, manage, and troubleshoot your WDAC AppId Tagging policies +title: Designing, creating, managing, and troubleshooting App Control for Business AppId Tagging policies +description: How to design, create, manage, and troubleshoot your App Control AppId Tagging policies ms.localizationpriority: medium ms.date: 04/27/2022 ms.topic: conceptual --- -# WDAC Application ID (AppId) Tagging guide +# App Control Application ID (AppId) Tagging guide -> [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] ## AppId Tagging Feature Overview -The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), doesn't control whether applications run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy receive the tag while failing applications don't. +The Application ID (AppId) Tagging Policy feature, while based off App Control for Business, doesn't control whether applications run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy receive the tag while failing applications don't. ## AppId Tagging Feature Availability -The WDAC AppId Tagging feature is available on the following versions of the Windows platform: +The App Control AppId Tagging feature is available on the following versions of the Windows platform: Client: - Windows 10 20H1, 20H2, and 21H1 versions only diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index 1507fc348c..454998fcc3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -8,14 +8,13 @@ ms.topic: troubleshooting # Testing and Debugging AppId Tagging Policies -> [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. +After deployment of the App Control AppId Tagging policy, App Control will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. ## Verifying Tags on Running Processes -After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed. +After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since App Control for Business can only tag processes created after the policy has been deployed. 1. Download and Install the Windows Debugger diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md index df92759921..0c63966c1e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md @@ -1,17 +1,16 @@ --- -title: Deploying Windows Defender Application Control AppId tagging policies -description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment. +title: Deploying App Control for Business AppId tagging policies +description: How to deploy your App Control AppId tagging policies locally and globally within your managed environment. ms.localizationpriority: medium ms.date: 04/29/2022 ms.topic: conceptual --- -# Deploying Windows Defender Application Control AppId tagging policies +# Deploying App Control for Business AppId tagging policies -> [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId tagging policy, use one of the following methods to deploy: +Similar to App Control for Business policies, App Control AppId tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId tagging policy, use one of the following methods to deploy: 1. [Deploy AppId tagging policies with MDM](#deploy-appid-tagging-policies-with-mdm) 1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-configuration-manager) @@ -20,23 +19,23 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg ## Deploy AppId tagging policies with MDM -Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-app-control-policies-with-custom-oma-uri). ## Deploy AppId tagging policies with Configuration Manager -Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-appcontrol-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. +Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-appcontrol-policies-with-memcm.md#deploy-custom-app-control-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users. ### Deploy AppId tagging Policies via Scripting -Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy WDAC AppId tagging policies via scripting, see [Deploy WDAC policies using script](../deployment/deploy-appcontrol-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later. +Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy App Control AppId tagging policies via scripting, see [Deploy App Control policies using script](../deployment/deploy-appcontrol-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later. ### Deploying policies via the ApplicationControl CSP -Multiple WDAC policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment. +Multiple App Control policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment. However, when policies are unenrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP. For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use Microsoft Intune's Custom OMA-URI capability. > [!NOTE] -> WMI and GP don't currently support multiple policies. If you can't directly access the MDM stack, use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage multiple policy format Windows Defender Application Control policies. +> WMI and GP don't currently support multiple policies. If you can't directly access the MDM stack, use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage multiple policy format App Control for Business policies. diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index ea51fb388c..6de85994c9 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -1,85 +1,83 @@ --- -title: Create your Windows Defender Application Control AppId Tagging Policies -description: Create your Windows Defender Application Control AppId tagging policies for Windows devices. +title: Create your App Control for Business AppId Tagging Policies +description: Create your App Control for Business AppId tagging policies for Windows devices. ms.localizationpriority: medium ms.date: 04/29/2022 ms.topic: conceptual --- -# Creating your WDAC AppId Tagging Policies +# Creating your App Control AppId Tagging Policies -> [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -## Create the policy using the WDAC Wizard +## Create the policy using the App Control Wizard -You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). +You can use the App Control for Business Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The App Control Wizard is available for download at the [App Control Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). 1. Create a new base policy using the templates: - Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/appcontrol-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. + Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/appcontrol-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. - ![Configuring the policy base and template.](../images/appid-appcontrol-wizard-1.png) + ![Configuring the policy base and template.](../images/appid-appcontrol-wizard-1.png) - > [!NOTE] - > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. - For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies). + > [!NOTE] + > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies). -2. Set the following rule-options using the Wizard toggles: +2. Set the following rule-options using the Wizard toggles: - ![Configuring the policy rule-options.](../images/appid-appcontrol-wizard-2.png) + ![Configuring the policy rule-options.](../images/appid-appcontrol-wizard-2.png) 3. Create custom rules: - Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules: + Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules: - - Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security. - - Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards. - - File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name. - - Package app name rules: Create a rule based off the package family name of an appx/msix. - - Hash rules: Create a rule based off the PE Authenticode hash of a file. + - Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security. + - Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards. + - File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name. + - Package app name rules: Create a rule based off the package family name of an appx/msix. + - Hash rules: Create a rule based off the PE Authenticode hash of a file. - For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/appcontrol-wizard-create-base-policy.md#creating-custom-file-rules). + For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/appcontrol-wizard-create-base-policy.md#creating-custom-file-rules). 4. Convert to AppId Tagging Policy: - After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the user mode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario: + After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the user mode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario: - ```powershell - Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue" - ``` - The policyID GUID is returned by the PowerShell command if successful. + ```powershell + Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue" + ``` + The policyID GUID is returned by the PowerShell command if successful. ## Create the policy using PowerShell -Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). In an elevate PowerShell instance: +Using this method, you create an AppId Tagging policy directly using the App Control PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). In an elevate PowerShell instance: -1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: +1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [App Control File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-app-control-for-business-policy---file-rule-levels) can be used in AppId rules: - ```powershell - $rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath - ``` + ```powershell + $rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath + ``` 2. Create the AppId Tagging Policy. Replace the AppIdTagging Key-Value pair for your scenario: - ```powershell - New-CIPolicy -rules $rule -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue" - ``` + ```powershell + New-CIPolicy -rules $rule -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue" + ``` 3. Set the rule-options for the policy: - ```powershell - Set-RuleOption -Option 0 .\AppIdPolicy.xml # Usermode Code Integrity (UMCI) - Set-RuleOption -Option 16 .\AppIdPolicy.xml # Refresh Policy no Reboot - Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection - ``` + ```powershell + Set-RuleOption -Option 0 .\AppIdPolicy.xml # Usermode Code Integrity (UMCI) + Set-RuleOption -Option 16 .\AppIdPolicy.xml # Refresh Policy no Reboot + Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection + ``` - If you're using filepath rules, you may want to set option 18. Otherwise, there's no need. + If you're using filepath rules, you may want to set option 18. Otherwise, there's no need. 4. Set the name and ID on the policy, which is helpful for future debugging: - ```powershell - Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml" - ``` - The policyID GUID is returned by the PowerShell command if successful. + ```powershell + Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml" + ``` + The policyID GUID is returned by the PowerShell command if successful. ## Deploy for Local Testing @@ -87,18 +85,18 @@ After creating your AppId Tagging policy in the above steps, you can deploy the 1. Depending on your deployment method, convert the xml to binary: - ```powershell - Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip" - ``` + ```powershell + Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip" + ``` 2. Optionally, deploy it for local testing: - ```powershell - copy ".\{Policy ID}.cip" c:\windows\system32\codeintegrity\CiPolicies\Active\ - ./RefreshPolicy.exe - ``` + ```powershell + copy ".\{Policy ID}.cip" c:\windows\system32\codeintegrity\CiPolicies\Active\ + ./RefreshPolicy.exe + ``` - RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925). + RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925). ## Next Steps For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). diff --git a/windows/security/application-security/application-control/app-control-for-business/TOC.yml b/windows/security/application-security/application-control/app-control-for-business/TOC.yml index c24abf5f4e..d7bad29ee6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/TOC.yml +++ b/windows/security/application-security/application-control/app-control-for-business/TOC.yml @@ -4,22 +4,22 @@ href: appcontrol.md expanded: true items: - - name: WDAC and AppLocker Overview + - name: App Control and AppLocker Overview href: appcontrol-and-applocker-overview.md - - name: WDAC and AppLocker Feature Availability + - name: App Control and AppLocker Feature Availability href: feature-availability.md - name: Virtualization-based protection of code integrity - href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md -- name: WDAC design guide + href: ../introduction-to-virtualization-based-security-and-appcontrol.md +- name: App Control design guide href: design/appcontrol-design-guide.md items: - - name: Plan for WDAC policy lifecycle management + - name: Plan for App Control policy lifecycle management href: design/plan-appcontrol-management.md - - name: Design your WDAC policy + - name: Design your App Control policy items: - - name: Understand WDAC policy design decisions + - name: Understand App Control policy design decisions href: design/understand-appcontrol-policy-design-decisions.md - - name: Understand WDAC policy rules and file rules + - name: Understand App Control policy rules and file rules href: design/select-types-of-rules-to-create.md items: - name: Allow apps installed by a managed installer @@ -28,88 +28,88 @@ href: design/use-appcontrol-with-intelligent-security-graph.md - name: Allow COM object registration href: design/allow-com-object-registration-in-appcontrol-policy.md - - name: Use WDAC with .NET hardening + - name: Use App Control with .NET hardening href: design/appcontrol-and-dotnet.md - - name: Script enforcement with Windows Defender Application Control + - name: Script enforcement with App Control for Business href: design/script-enforcement.md - - name: Manage packaged apps with WDAC + - name: Manage packaged apps with App Control href: design/manage-packaged-apps-with-appcontrol.md - - name: Use WDAC to control specific plug-ins, add-ins, and modules + - name: Use App Control to control specific plug-ins, add-ins, and modules href: design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md - - name: Understand WDAC policy settings + - name: Understand App Control policy settings href: design/understanding-appcontrol-policy-settings.md - - name: Use multiple WDAC policies + - name: Use multiple App Control policies href: design/deploy-multiple-appcontrol-policies.md - - name: Create your WDAC policy + - name: Create your App Control policy items: - - name: Example WDAC base policies + - name: Example App Control base policies href: design/example-appcontrol-base-policies.md - - name: Policy creation for common WDAC usage scenarios + - name: Policy creation for common App Control usage scenarios href: design/common-appcontrol-use-cases.md items: - - name: Create a WDAC policy for lightly managed devices + - name: Create a App Control policy for lightly managed devices href: design/create-appcontrol-policy-for-lightly-managed-devices.md - - name: Create a WDAC policy for fully managed devices + - name: Create a App Control policy for fully managed devices href: design/create-appcontrol-policy-for-fully-managed-devices.md - - name: Create a WDAC policy for fixed-workload devices + - name: Create a App Control policy for fixed-workload devices href: design/create-appcontrol-policy-using-reference-computer.md - - name: Create a WDAC deny list policy + - name: Create a App Control deny list policy href: design/create-appcontrol-deny-policy.md - - name: Applications that can bypass WDAC and how to block them + - name: Applications that can bypass App Control and how to block them href: design/applications-that-can-bypass-appcontrol.md - name: Microsoft recommended driver block rules href: design/microsoft-recommended-driver-block-rules.md - - name: Use the WDAC Wizard tool + - name: Use the App Control Wizard tool href: design/appcontrol-wizard.md items: - - name: Create a base WDAC policy with the Wizard + - name: Create a base App Control policy with the Wizard href: design/appcontrol-wizard-create-base-policy.md - - name: Create a supplemental WDAC policy with the Wizard + - name: Create a supplemental App Control policy with the Wizard href: design/appcontrol-wizard-create-supplemental-policy.md - - name: Editing a WDAC policy with the Wizard + - name: Editing a App Control policy with the Wizard href: design/appcontrol-wizard-editing-policy.md - - name: Creating WDAC Policy Rules from WDAC Events + - name: Creating App Control Policy Rules from App Control Events href: design/appcontrol-wizard-parsing-event-logs.md - - name: Merging multiple WDAC policies with the Wizard + - name: Merging multiple App Control policies with the Wizard href: design/appcontrol-wizard-merging-policies.md -- name: WDAC deployment guide +- name: App Control deployment guide href: deployment/appcontrol-deployment-guide.md items: - - name: Deploy WDAC policies with MDM + - name: Deploy App Control policies with MDM href: deployment/deploy-appcontrol-policies-using-intune.md - - name: Deploy WDAC policies with Configuration Manager + - name: Deploy App Control policies with Configuration Manager href: deployment/deploy-appcontrol-policies-with-memcm.md - - name: Deploy WDAC policies with script + - name: Deploy App Control policies with script href: deployment/deploy-appcontrol-policies-with-script.md - - name: Deploy WDAC policies with group policy + - name: Deploy App Control policies with group policy href: deployment/deploy-appcontrol-policies-using-group-policy.md - - name: Audit WDAC policies + - name: Audit App Control policies href: deployment/audit-appcontrol-policies.md - - name: Merge WDAC policies + - name: Merge App Control policies href: deployment/merge-appcontrol-policies.md - - name: Enforce WDAC policies + - name: Enforce App Control policies href: deployment/enforce-appcontrol-policies.md - - name: Use code signing for added control and protection with WDAC + - name: Use code signing for added control and protection with App Control href: deployment/use-code-signing-for-better-control-and-protection.md items: - - name: Deploy catalog files to support WDAC + - name: Deploy catalog files to support App Control href: deployment/deploy-catalog-files-to-support-appcontrol.md - - name: Use signed policies to protect Windows Defender Application Control against tampering + - name: Use signed policies to protect App Control for Business against tampering href: deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md - - name: "Optional: Create a code signing cert for WDAC" + - name: "Optional: Create a code signing cert for App Control" href: deployment/create-code-signing-cert-for-appcontrol.md - - name: Disable WDAC policies + - name: Disable App Control policies href: deployment/disable-appcontrol-policies.md -- name: WDAC operational guide +- name: App Control operational guide href: operations/appcontrol-operational-guide.md items: - - name: WDAC debugging and troubleshooting + - name: App Control debugging and troubleshooting href: operations/appcontrol-debugging-and-troubleshooting.md - name: Understanding Application Control event IDs href: operations/event-id-explanations.md - name: Understanding Application Control event tags href: operations/event-tag-explanations.md - - name: Query WDAC events with Advanced hunting + - name: Query App Control events with Advanced hunting href: operations/querying-application-control-events-centrally-using-advanced-hunting.md - name: Known Issues href: operations/known-issues.md @@ -117,9 +117,9 @@ href: operations/configure-appcontrol-managed-installer.md - name: CITool.exe technical reference href: operations/citool-commands.md - - name: Inbox WDAC policies + - name: Inbox App Control policies href: operations/inbox-appcontrol-policies.md -- name: WDAC AppId Tagging guide +- name: App Control AppId Tagging guide href: AppIdTagging/appcontrol-appid-tagging-guide.md items: - name: Creating AppId Tagging Policies diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md index 1e2654111c..b73b5fd915 100644 --- a/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md @@ -1,23 +1,22 @@ --- -title: WDAC and AppLocker Overview +title: App Control and AppLocker Overview description: Compare Windows application control technologies. ms.localizationpriority: medium ms.date: 01/03/2024 ms.topic: conceptual --- -# Windows Defender Application Control and AppLocker Overview +# App Control for Business and AppLocker Overview -> [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +[!INCLUDE [Feature availability note](includes/feature-availability-note.md)] -Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker. +Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: App Control for Business and AppLocker. -## Windows Defender Application Control +## App Control for Business -WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC). +App Control was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC). -WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on: +App Control policies apply to the managed computer as a whole and affects all users of the device. App Control rules can be defined based on: - Attributes of the codesigning certificate(s) used to sign an app and its binaries - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file @@ -27,13 +26,13 @@ WDAC policies apply to the managed computer as a whole and affects all users of - The process that launched the app or binary > [!NOTE] -> WDAC was originally released as part of Device Guard and called configurable code integrity. Device Guard and configurable code integrity are no longer used except to find where to deploy WDAC policy via Group Policy. +> App Control was originally released as part of Device Guard and called configurable code integrity. Device Guard and configurable code integrity are no longer used except to find where to deploy App Control policy via Group Policy. -### WDAC System Requirements +### App Control System Requirements -WDAC policies can be created and applied on any client edition of Windows 10 or Windows 11, or on Windows Server 2016 and higher. WDAC policies can be deployed via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies, but is limited to single-policy format policies that work on Windows Server 2016 and 2019. +App Control policies can be created and applied on any client edition of Windows 10 or Windows 11, or on Windows Server 2016 and higher. App Control policies can be deployed via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy App Control policies, but is limited to single-policy format policies that work on Windows Server 2016 and 2019. -For more information on which individual WDAC features are available on specific WDAC builds, see [WDAC feature availability](feature-availability.md). +For more information on which individual App Control features are available on specific App Control builds, see [App Control feature availability](feature-availability.md). ## AppLocker @@ -45,16 +44,16 @@ AppLocker policies can apply to all users on a computer, or to individual users - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file. - The path from which the app or file is launched. -AppLocker is also used by some features of WDAC, including [managed installer](/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer) and the [Intelligent Security Graph](/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph). +AppLocker is also used by some features of App Control, including [managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md) and the [Intelligent Security Graph](design/use-appcontrol-with-intelligent-security-graph.md). ### AppLocker System Requirements AppLocker policies can only be configured on and applied to devices that are running on the supported versions and editions of the Windows operating system. For more info, see [Requirements to Use AppLocker](applocker/requirements-to-use-applocker.md). AppLocker policies can be deployed using Group Policy or MDM. -## Choose when to use WDAC or AppLocker +## Choose when to use App Control or AppLocker -Generally, customers who are able to implement application control using WDAC, rather than AppLocker, should do so. WDAC is undergoing continual improvements, and is getting added support from Microsoft management platforms. Although AppLocker continues to receive security fixes, it isn't getting new feature improvements. +Generally, customers who are able to implement application control using App Control, rather than AppLocker, should do so. App Control is undergoing continual improvements, and is getting added support from Microsoft management platforms. Although AppLocker continues to receive security fixes, it isn't getting new feature improvements. However, in some cases, AppLocker might be the more appropriate technology for your organization. AppLocker is best when: @@ -62,4 +61,4 @@ However, in some cases, AppLocker might be the more appropriate technology for y - You need to apply different policies for different users or groups on shared computers. - You don't want to enforce application control on application files such as DLLs or drivers. -AppLocker can also be deployed as a complement to WDAC to add user or group-specific rules for shared device scenarios, where it's important to prevent some users from running specific apps. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions. +AppLocker can also be deployed as a complement to App Control to add user or group-specific rules for shared device scenarios, where it's important to prevent some users from running specific apps. As a best practice, you should enforce App Control at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions. diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md index 88c99842d1..0a3335af15 100644 --- a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md @@ -10,8 +10,7 @@ ms.topic: overview # Application Control for Windows -> [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +[!INCLUDE [Feature availability note](includes/feature-availability-note.md)] With thousands of new malicious files created every day, using traditional methods like antivirus solutions-signature-based detection to fight against malware-provides an inadequate defense against new attacks. @@ -26,14 +25,14 @@ Application control is a crucial line of defense for protecting enterprises give Windows 10 and Windows 11 include two technologies that can be used for application control depending on your organization's specific scenarios and requirements: -- **Windows Defender Application Control (WDAC)**; and +- **App Control for Business**; and - **AppLocker** -## WDAC and Smart App Control +## App Control and Smart App Control -Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-appcontrol-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). +Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on App Control, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-appcontrol-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for App Control enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example App Control base policy](design/create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-app-control-base-policy). -Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect. +Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](operations/citool-commands.md#refresh-the-app-control-policies-on-the-system) for the change to take effect. | Value | Description | |-------|-------------| @@ -57,7 +56,7 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](design ## Related articles -- [WDAC design guide](design/appcontrol-design-guide.md) -- [WDAC deployment guide](deployment/appcontrol-deployment-guide.md) -- [WDAC operational guide](operations/appcontrol-operational-guide.md) +- [App Control design guide](design/appcontrol-design-guide.md) +- [App Control deployment guide](deployment/appcontrol-deployment-guide.md) +- [App Control operational guide](operations/appcontrol-operational-guide.md) - [AppLocker overview](applocker/applocker-overview.md) diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md index 654b172dca..045b43bc8e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md @@ -11,13 +11,13 @@ ms.date: 01/03/2024 # AppLocker -This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. AppLocker is also used by some features of Windows Defender Application Control. +This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. AppLocker is also used by some features of App Control for Business. > [!NOTE] -> AppLocker is a defense-in-depth security feature and not considered a defensible Windows [security feature](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal. +> AppLocker is a defense-in-depth security feature and not considered a defensible Windows [security feature](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [App Control for Business](../appcontrol-and-applocker-overview.md) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal. > [!NOTE] -> By default, AppLocker policy only applies to code launched in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to non-user processes, including those running as SYSTEM. For more information, see [AppLocker rule collection extensions](/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions#services-enforcement). +> By default, AppLocker policy only applies to code launched in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to non-user processes, including those running as SYSTEM. For more information, see [AppLocker rule collection extensions](rule-collection-extensions.md#services-enforcement). AppLocker can help you: diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md index a948419849..50971f323d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md @@ -12,7 +12,7 @@ This article for the IT professional introduces the design and planning steps re This guide provides important designing and planning information for deploying application control policies by using AppLocker. Through a sequential and iterative process, you can create an AppLocker policy deployment plan for your organization that addresses your specific application control requirements by department, organizational unit, or business group. -To understand if AppLocker is the correct application control solution for your organization, see [Windows Defender Application Control and AppLocker overview](/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview). +To understand if AppLocker is the correct application control solution for your organization, see [App Control for Business and AppLocker overview](../appcontrol-and-applocker-overview.md). ## In this section diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md index 81e26f0be3..15208b7d2a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md @@ -8,8 +8,7 @@ ms.date: 12/23/2023 # AppLocker processes and interactions -> [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 2489e8b738..5dcf968359 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -10,7 +10,7 @@ ms.date: 12/22/2023 This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. -The **Set-AppLockerPolicy** cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local policy is used. When the Merge parameter is used, rules in the specified AppLocker policy are merged with the AppLocker rules in the target GPO specified in the LDAP path. Merging policies removes rules with duplicate rule IDs, and the enforcement mode setting is chosen as described in [Working with AppLocker rules](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#enforcement-modes). If the Merge parameter isn't specified, then the new policy overwrites the existing policy. +The **Set-AppLockerPolicy** cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local policy is used. When the Merge parameter is used, rules in the specified AppLocker policy are merged with the AppLocker rules in the target GPO specified in the LDAP path. Merging policies removes rules with duplicate rule IDs, and the enforcement mode setting is chosen as described in [Working with AppLocker rules](working-with-applocker-rules.md#enforcement-modes). If the Merge parameter isn't specified, then the new policy overwrites the existing policy. For info about using **Set-AppLockerPolicy**, including syntax descriptions and parameters, see [Set-AppLockerPolicy](/powershell/module/applocker/set-applockerpolicy). diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md index a17f0dbc2f..36686c2fea 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md @@ -12,7 +12,7 @@ This article for IT professionals describes the steps to manually merge AppLocke If you need to merge multiple AppLocker policies into a single one, you can either manually merge the policies or use the Windows PowerShell cmdlets for AppLocker. You can't automatically merge policies by using the AppLocker console. For info about merging policies by using Windows PowerShell, see [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md). -The AppLocker policy is stored in XML format, and an exported policy can be edited with any text or XML editor. To export an AppLocker policy, see [Export an AppLocker policy to an XML file](/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file). Before making changes to an AppLocker policy manually, review [Working with AppLocker rules](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules). +The AppLocker policy is stored in XML format, and an exported policy can be edited with any text or XML editor. To export an AppLocker policy, see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md). Before making changes to an AppLocker policy manually, review [Working with AppLocker rules](working-with-applocker-rules.md). Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md index f8756d82ac..ca9f4ae325 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md @@ -29,7 +29,7 @@ This article describes the rule collection extensions added in Windows 10 and la ## Services enforcement -By default, AppLocker policy only applies to code running in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to nonuser processes, including services running as SYSTEM. You must enable services enforcement when using AppLocker with Windows Defender Application Control's (WDAC) [managed installer](/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer) feature. +By default, AppLocker policy only applies to code running in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to nonuser processes, including services running as SYSTEM. You must enable services enforcement when using AppLocker with App Control for Business's [managed installer](../design/configure-authorized-apps-deployed-with-a-managed-installer.md) feature. To apply AppLocker policy to nonuser processes, set ```` in the ```` section as shown in the preceding XML fragment. diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index e2740a5bf6..86556f815e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -10,7 +10,7 @@ ms.date: 12/22/2023 This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. -Rule enforcement is applied only to collections of rules, not individual rules. For more info on rule collections, see [AppLocker rule collections](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#rule-collections). +Rule enforcement is applied only to collections of rules, not individual rules. For more info on rule collections, see [AppLocker rule collections](working-with-applocker-rules.md#rule-collections). Group Policy merges AppLocker policy in two ways: diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md index 256c416dbf..24f7f1e8c2 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md @@ -10,7 +10,7 @@ ms.date: 12/23/2023 This article for the IT professional describes what AppLocker is. -Windows includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker. For information to help you choose when to use WDAC or AppLocker, see [WDAC and AppLocker overview](/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview). +Windows includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: App Control for Business and AppLocker. For information to help you choose when to use App Control or AppLocker, see [App Control and AppLocker overview](../appcontrol-and-applocker-overview.md). AppLocker helps you create rules to allow or deny apps from running based on information about the apps' files. You can also use AppLocker to control which users or groups can run those apps. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index 688747f887..a893114a66 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -1,29 +1,28 @@ --- -title: Deploying Windows Defender Application Control (WDAC) policies -description: Learn how to plan and implement a WDAC deployment. +title: Deploying App Control for Business policies +description: Learn how to plan and implement a App Control deployment. ms.localizationpriority: medium ms.date: 01/23/2023 ms.topic: overview --- -# Deploying Windows Defender Application Control (WDAC) policies +# Deploying App Control for Business policies -> [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/appcontrol-design-guide.md), do so now before proceeding. +You should now have one or more App Control for Business policies ready to deploy. If you haven't yet completed the steps described in the [App Control Design Guide](../design/appcontrol-design-guide.md), do so now before proceeding. -## Convert your WDAC policy XML to binary +## Convert your App Control policy XML to binary -Before you deploy your WDAC policies, you must first convert the XML to its binary form. You can do this using the following PowerShell example. You must set the $WDACPolicyXMLFile variable to point to your WDAC policy XML file. +Before you deploy your App Control policies, you must first convert the XML to its binary form. You can do this using the following PowerShell example. You must set the $AppControlPolicyXMLFile variable to point to your App Control policy XML file. ```powershell - ## Update the path to your WDAC policy XML - $WDACPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyWDACPolicy.xml" - [xml]$WDACPolicy = Get-Content -Path $WDACPolicyXMLFile - if (($WDACPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022) + ## Update the path to your App Control policy XML + $AppControlPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyAppControlPolicy.xml" + [xml]$AppControlPolicy = Get-Content -Path $AppControlPolicyXMLFile + if (($AppControlPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022) { - $PolicyID = $WDACPolicy.SiPolicy.PolicyID + $PolicyID = $AppControlPolicy.SiPolicy.PolicyID $PolicyBinary = $PolicyID+".cip" } else ## Single policy format (Windows Server 2016 and 2019, and Windows 10 1809 LTSC) @@ -32,23 +31,23 @@ Before you deploy your WDAC policies, you must first convert the XML to its bina } ## Binary file will be written to your desktop - ConvertFrom-CIPolicy -XmlFilePath $WDACPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary + ConvertFrom-CIPolicy -XmlFilePath $AppControlPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary ``` ## Plan your deployment -As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with WDAC and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. +As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with App Control and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. -All Windows Defender Application Control policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. +All App Control for Business policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor App Control-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. -## Choose how to deploy WDAC policies +## Choose how to deploy App Control policies > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case. +> Due to a known issue, you should always activate new **signed** App Control Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. -There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: +There are several options to deploy App Control for Business policies to managed endpoints, including: - [Deploy using a Mobile Device Management (MDM) solution](deploy-appcontrol-policies-using-intune.md), such as Microsoft Intune - [Deploy using Microsoft Configuration Manager](deploy-appcontrol-policies-with-memcm.md) diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md index 8e08b9a353..6c94229e73 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md @@ -1,35 +1,34 @@ --- -title: Use audit events to create WDAC policy rules -description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy. +title: Use audit events to create App Control policy rules +description: Audits allow admins to discover apps, binaries, and scripts that should be added to the App Control policy. ms.localizationpriority: medium ms.date: 05/03/2018 ms.topic: conceptual --- -# Use audit events to create WDAC policy rules +# Use audit events to create App Control policy rules ->[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. +Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your App Control policy but should be included. -While a WDAC policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new WDAC policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. +While a App Control policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new App Control policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. -## Overview of the process to create WDAC policy to allow apps using audit events +## Overview of the process to create App Control policy to allow apps using audit events > [!Note] -> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](appcontrol-deployment-guide.md). +> You must have already deployed a App Control audit mode policy to use this process. If you have not already done so, see [Deploying App Control for Business policies](appcontrol-deployment-guide.md). -To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy. +To familiarize yourself with creating App Control rules from audit events, follow these steps on a device with a App Control audit mode policy. -1. Install and run an application not allowed by the WDAC policy but that you want to allow. +1. Install and run an application not allowed by the App Control policy but that you want to allow. 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md). - **Figure 1. Exceptions to the deployed WDAC policy** - ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png) + **Figure 1. Exceptions to the deployed App Control policy** + ![Event showing exception to App Control policy.](../images/dg-fig23-exceptionstocode.png) -3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a App Control policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" @@ -38,24 +37,24 @@ To familiarize yourself with creating WDAC rules from audit events, follow these $EventsPolicyWarnings=$env:userprofile+"\Desktop\EventsPolicyWarnings.txt" ``` -4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. +4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new App Control policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. ```powershell New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash -UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings ``` > [!NOTE] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about App Control rule levels, see [Understand App Control policy rules and file rules](../design/select-types-of-rules-to-create.md). -5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/appcontrol-wizard-editing-policy.md)). +5. Find and review the App Control policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the App Control Policy Wizard tool (see [Editing existing base and supplemental App Control policies with the Wizard](../design/appcontrol-wizard-editing-policy.md)). -6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level. +6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that App Control couldn't create a rule for at either the specified rule level or fallback rule level. > [!NOTE] - > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the WDAC policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**. + > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the App Control policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**. 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy. - For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-appcontrol-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-appcontrol-policies.md). + For information on merging policies, refer to [Merge App Control for Business policies](merge-appcontrol-policies.md) and for information on supplemental policies see [Use multiple App Control for Business Policies](../design/deploy-multiple-appcontrol-policies.md). 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md index aa98aebabb..e69da9c3d9 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md @@ -1,22 +1,21 @@ --- -title: Create a code signing cert for Windows Defender Application Control -description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or WDAC policies internally. +title: Create a code signing cert for App Control for Business +description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or App Control policies internally. ms.localizationpriority: medium ms.topic: conceptual ms.date: 12/01/2022 --- -# Optional: Create a code signing cert for Windows Defender Application Control +# Optional: Create a code signing cert for App Control for Business ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](appcontrol-deployment-guide.md). +As you deploy App Control for Business, you might need to sign catalog files or App Control policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [App Control for Business Deployment Guide](appcontrol-deployment-guide.md). If you have an internal CA, complete these steps to create a code signing certificate. > [!WARNING] -> When creating signing certificates for WDAC policy signing, Boot failure (blue screen) may occur if your signing certificate does not follow these rules: +> When creating signing certificates for App Control policy signing, Boot failure (blue screen) may occur if your signing certificate does not follow these rules: > > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652). > - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported. @@ -34,7 +33,7 @@ If you have an internal CA, complete these steps to create a code signing certif 4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** from the **Certification Authority** list, and then select **Windows 8 / Windows Server 2012** from the **Certificate recipient** list. -5. On the **General** tab, specify the **Template display name** and **Template name**. This example uses the name **WDAC Catalog Signing Certificate**. +5. On the **General** tab, specify the **Template display name** and **Template name**. This example uses the name **App Control Catalog Signing Certificate**. 6. On the **Request Handling** tab, select the **Allow private key to be exported** check box. @@ -64,7 +63,7 @@ When this certificate template has been created, you must publish it to the CA p A list of available templates to issue appears, including the template you created. -2. Select the WDAC Catalog signing certificate, and then select **OK**. +2. Select the App Control Catalog signing certificate, and then select **OK**. Now that the template is available to be issued, you must request one from the computer running Windows 10 or Windows 11 on which you create and sign catalog files. To begin, open the MMC, and then complete the following steps: @@ -95,6 +94,6 @@ This certificate must be installed in the user's personal store on the computer 3. Choose the default settings, and then select **Export all extended properties**. -4. Set a password, select an export path, and then select **WDACCatSigningCert.pfx** as the file name. +4. Set a password, select an export path, and then select **AppControlCatSigningCert.pfx** as the file name. When the certificate has been exported, import it into the personal store for the user who will be signing the catalog files or code integrity policies on the specific computer that will be signing them. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md index 8b6c9f2da9..a0fcfe492a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md @@ -1,38 +1,37 @@ --- -title: Deploy WDAC policies via Group Policy -description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. +title: Deploy App Control policies via Group Policy +description: App Control for Business policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. ms.localizationpriority: medium ms.date: 01/23/2023 ms.topic: how-to --- -# Deploy Windows Defender Application Control policies by using Group Policy +# Deploy App Control for Business policies by using Group Policy -> [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** App Control Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed App Control Base policies [via script](deploy-appcontrol-policies-with-script.md#deploying-signed-policies) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. -Single-policy format Windows Defender Application Control policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. +Single-policy format App Control for Business policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy. > [!IMPORTANT] -> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment. +> Group Policy-based deployment of App Control for Business policies only supports single-policy format App Control policies. To use App Control on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment. -You should now have a WDAC policy converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). +You should now have a App Control policy converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md). -The following procedure walks you through how to deploy a WDAC policy called **SiPolicy.p7b** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**. +The following procedure walks you through how to deploy a App Control policy called **SiPolicy.p7b** to a test OU called *App Control Enabled PCs* by using a GPO called **Contoso GPO Test**. -To deploy and manage a Windows Defender Application Control policy with Group Policy: +To deploy and manage a App Control for Business policy with Group Policy: 1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**. > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-appcontrol-management.md). + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining App Control policies (or keeping them separate), as discussed in [Plan for App Control for Business lifecycle policy management](../design/plan-appcontrol-management.md). ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png) @@ -40,20 +39,20 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 4. Open the Group Policy Management Editor: right-click the new GPO, and then select **Edit**. -5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then select **Edit**. +5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy App Control for Business** and then select **Edit**. - ![Edit the Group Policy for Windows Defender Application Control.](../images/appcontrol-edit-gp.png) + ![Edit the Group Policy for App Control for Business.](../images/appcontrol-edit-gp.png) -6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the WDAC policy deployment path. +6. In the **Deploy App Control for Business** dialog box, select the **Enabled** option, and then specify the App Control policy deployment path. - In this policy setting, you specify either the local path where the policy will exist on each client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, the path to SiPolicy.p7b using the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) would be %USERPROFILE%\Desktop\SiPolicy.p7b. + In this policy setting, you specify either the local path where the policy will exist on each client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, the path to SiPolicy.p7b using the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md) would be %USERPROFILE%\Desktop\SiPolicy.p7b. > [!NOTE] - > This policy file does not need to be copied to every computer. You can instead copy the WDAC policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers. + > This policy file does not need to be copied to every computer. You can instead copy the App Control policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers. - ![Group Policy called Deploy Windows Defender Application Control.](../images/dg-fig26-enablecode.png) + ![Group Policy called Deploy App Control for Business.](../images/dg-fig26-enablecode.png) > [!NOTE] - > You may have noticed that the GPO setting references a .p7b file, but the file extension and name of the policy binary do not matter. Regardless of what you name your policy binary, they are all converted to SIPolicy.p7b when applied to the client computers running Windows 10. If you are deploying different WDAC policies to different sets of devices, you may want to give each of your WDAC policies a friendly name and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. + > You may have noticed that the GPO setting references a .p7b file, but the file extension and name of the policy binary do not matter. Regardless of what you name your policy binary, they are all converted to SIPolicy.p7b when applied to the client computers running Windows 10. If you are deploying different App Control policies to different sets of devices, you may want to give each of your App Control policies a friendly name and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. -7. Close the Group Policy Management Editor, and then restart the Windows test computer. Restarting the computer updates the WDAC policy. +7. Close the Group Policy Management Editor, and then restart the Windows test computer. Restarting the computer updates the App Control policy. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md index df6ad5fdc8..033199a9d7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md @@ -1,26 +1,25 @@ --- -title: Deploy WDAC policies using Mobile Device Management (MDM) -description: You can use an MDM like Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. +title: Deploy App Control policies using Mobile Device Management (MDM) +description: You can use an MDM like Microsoft Intune to configure App Control for Business. Learn how with this step-by-step guide. ms.localizationpriority: medium ms.date: 08/30/2023 ms.topic: how-to --- -# Deploy WDAC policies using Mobile Device Management (MDM) +# Deploy App Control policies using Mobile Device Management (MDM) -> [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. +You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure App Control for Business on client machines. Intune includes native support for App Control, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for App Control policy deployment steps. > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-appcontrol-policies-with-script.md) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** App Control Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed App Control Base policies [via script](deploy-appcontrol-policies-with-script.md) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. ## Use Intune's built-in policies -Intune's built-in Windows Defender Application Control support allows you to configure Windows client computers to only run: +Intune's built-in App Control for Business support allows you to configure Windows client computers to only run: - Windows components - Third-party hardware and software kernel drivers @@ -28,21 +27,21 @@ Intune's built-in Windows Defender Application Control support allows you to con - [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) > [!NOTE] -> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. Use the [improved Intune WDAC experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to create and deploy multiple-policy format files. Or, you can use Intune's custom OMA-URI feature to deploy your own multiple-policy format WDAC policies and leverage features available on Windows 10 1903+ or Windows 11 as described later in this topic. +> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. Use the [improved Intune App Control experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to create and deploy multiple-policy format files. Or, you can use Intune's custom OMA-URI feature to deploy your own multiple-policy format App Control policies and leverage features available on Windows 10 1903+ or Windows 11 as described later in this topic. > [!NOTE] -> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP always requests a device restart when it applies WDAC policies. Use the [improved Intune WDAC experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to deploy your own WDAC policies without a restart. Or, you can use Intune's custom OMA-URI feature with the ApplicationControl CSP. +> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP always requests a device restart when it applies App Control policies. Use the [improved Intune App Control experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to deploy your own App Control policies without a restart. Or, you can use Intune's custom OMA-URI feature with the ApplicationControl CSP. -To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windows 10 (and later)](/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json). +To use Intune's built-in App Control policies, configure [Endpoint Protection for Windows 10 (and later)](/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json). -## Deploy WDAC policies with custom OMA-URI +## Deploy App Control policies with custom OMA-URI > [!NOTE] -> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-appcontrol-policies.md) which allow more granular policy. +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create App Control for Business policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-appcontrol-policies.md) which allow more granular policy. -You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). +You should now have one or more App Control policies converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md). -### Deploy custom WDAC policies on Windows 10 1903+ +### Deploy custom App Control policies on Windows 10 1903+ Beginning with Windows 10 1903, custom OMA-URI policy deployment can use the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. @@ -58,20 +57,20 @@ The steps to use Intune's custom OMA-URI functionality are: - **Data type**: Base64 (file) - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune converts the uploaded .bin file to Base64 on your behalf. - :::image type="content" alt-text="Configure custom WDAC." source="../images/appcontrol-intune-custom-oma-uri.png" lightbox="../images/appcontrol-intune-custom-oma-uri.png"::: + :::image type="content" alt-text="Configure custom App Control." source="../images/appcontrol-intune-custom-oma-uri.png" lightbox="../images/appcontrol-intune-custom-oma-uri.png"::: > [!NOTE] > For the _Policy GUID_ value, do not include the curly brackets. -### Remove WDAC policies on Windows 10 1903+ +### Remove App Control policies on Windows 10 1903+ -Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable Windows Defender Application Control enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This deletion will prevent anything from being blocked and fully remove the WDAC policy on the next reboot. +Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable App Control for Business enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This deletion will prevent anything from being blocked and fully remove the App Control policy on the next reboot. ### For pre-1903 systems #### Deploying policies -The steps to use Intune's Custom OMA-URI functionality to apply the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are: +The steps to use Intune's Custom OMA-URI functionality to apply the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) and deploy a custom App Control policy to pre-1903 systems are: 1. Convert the policy XML to binary format using the [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet in order to be deployed. The binary policy may be signed or unsigned. @@ -87,4 +86,4 @@ The steps to use Intune's Custom OMA-URI functionality to apply the [AppLocker C #### Removing policies -Policies deployed through Intune via the AppLocker CSP can't be deleted through the Intune console. In order to disable Windows Defender Application Control policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy. +Policies deployed through Intune via the AppLocker CSP can't be deleted through the Intune console. In order to disable App Control for Business policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md index 1d1038cbee..99b78a8bdc 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md @@ -1,21 +1,20 @@ --- -title: Deploy Windows Defender Application Control policies with Configuration Manager -description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. +title: Deploy App Control for Business policies with Configuration Manager +description: You can use Microsoft Configuration Manager to configure App Control for Business. Learn how with this step-by-step guide. ms.date: 06/27/2022 ms.topic: how-to ms.localizationpriority: medium --- -# Deploy WDAC policies by using Microsoft Configuration Manager +# Deploy App Control policies by using Microsoft Configuration Manager -> [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC) on client machines. +You can use Microsoft Configuration Manager to configure App Control for Business on client machines. ## Use Configuration Manager's built-in policies -Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow: +Configuration Manager includes native support for App Control, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow: - Windows components - Microsoft Store apps @@ -23,24 +22,24 @@ Configuration Manager includes native support for WDAC, which allows you to conf - (Optional) Reputable apps as defined by the Intelligent Security Graph (ISG) - (Optional) Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints. -Configuration Manager doesn't remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. +Configuration Manager doesn't remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable App Control for Business altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. -### Create a WDAC Policy in Configuration Manager +### Create a App Control Policy in Configuration Manager -1. Select **Asset and Compliance** > **Endpoint Protection** > **Windows Defender Application Control** > **Create Application Control Policy** +1. Select **Asset and Compliance** > **Endpoint Protection** > **App Control for Business** > **Create Application Control Policy** - ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg) + ![Create a App Control policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg) 2. Enter the name of the policy > **Next** 3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes** 4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only) 5. Select **Next** - ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy-2.jpg) + ![Create an enforced App Control policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy-2.jpg) 6. Select **Add** to begin creating rules for trusted software - ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg) + ![Create a App Control path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg) 7. Select **File** or **Folder** to create a path rule > **Browse** @@ -53,13 +52,13 @@ Configuration Manager doesn't remove policies once deployed. To stop enforcement 9. Select **OK** to add the rule to the table of trusted files or folder 10. Select **Next** to navigate to the summary page > **Close** - ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-appcontrol-rule.jpg) + ![Confirm the App Control path rule in Configuration Manager.](../images/memcm/memcm-confirm-appcontrol-rule.jpg) -### Deploy the WDAC policy in Configuration Manager +### Deploy the App Control policy in Configuration Manager 1. Right-click the newly created policy > **Deploy Application Control Policy** - ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-appcontrol.jpg) + ![Deploy App Control via Configuration Manager.](../images/memcm/memcm-deploy-appcontrol.jpg) 2. Select **Browse** @@ -71,12 +70,12 @@ Configuration Manager doesn't remove policies once deployed. To stop enforcement 4. Change the schedule > **OK** - ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-appcontrol-4.jpg) + ![Change the App Control deployment schedule.](../images/memcm/memcm-deploy-appcontrol-4.jpg) -For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). +For more information on using Configuration Manager's native App Control policies, see [App Control for Business management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). -Download the entire [WDAC in Configuration Manager lab paper](https://download.microsoft.com/download/c/f/d/cfd6227c-8ec4-442d-8c50-825550d412f6/WDAC-Deploy-WDAC-using-MEMCM.pdf). +Download the entire [App Control in Configuration Manager lab paper](https://download.microsoft.com/download/c/f/d/cfd6227c-8ec4-442d-8c50-825550d412f6/App Control-Deploy-App Control-using-MEMCM.pdf). -## Deploy custom WDAC policies using Packages/Programs or Task Sequences +## Deploy custom App Control policies using Packages/Programs or Task Sequences -Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-appcontrol-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. +Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom App Control policies using [script-based deployment](deploy-appcontrol-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md index 6910b03b04..af79b9bdae 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md @@ -1,29 +1,28 @@ --- -title: Deploy Windows Defender Application Control (WDAC) policies using script -description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide. +title: Deploy App Control for Business policies using script +description: Use scripts to deploy App Control for Business policies. Learn how with this step-by-step guide. ms.manager: jsuther ms.date: 01/23/2023 ms.topic: how-to ms.localizationpriority: medium --- -# Deploy WDAC policies using script +# Deploy App Control policies using script ->[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The following instructions use PowerShell but can work with any scripting host. +This article describes how to deploy App Control for Business policies using script. The following instructions use PowerShell but can work with any scripting host. -You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). +You should now have one or more App Control policies converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** App Control Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. ## Deploying policies for Windows 11 22H2 and above -You can use the inbox [CiTool](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **<Path to policy binary file to deploy>** in the following example with the actual path to your WDAC policy binary file. +You can use the inbox [CiTool](../operations/citool-commands.md) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **<Path to policy binary file to deploy>** in the following example with the actual path to your App Control policy binary file. ```powershell # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = from the Policy XML) @@ -33,7 +32,7 @@ CiTool --update-policy $PolicyBinary [-json] ## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above -To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. +To use this procedure, download and distribute the [App Control policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your App Control policies allow the App Control policy refresh tool or use a managed installer to distribute the tool. 1. Initialize the variables to be used by the script. @@ -44,14 +43,14 @@ To use this procedure, download and distribute the [WDAC policy refresh tool](ht $RefreshPolicyTool = "" ``` -2. Copy Windows Defender Application Control (WDAC) policy binary to the destination folder. +2. Copy App Control for Business policy binary to the destination folder. ```powershell Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force ``` -3. Repeat steps 1-2 as appropriate to deploy more WDAC policies. -4. Run RefreshPolicy.exe to activate and refresh all WDAC policies on the managed endpoint. +3. Repeat steps 1-2 as appropriate to deploy more App Control policies. +4. Run RefreshPolicy.exe to activate and refresh all App Control policies on the managed endpoint. ```powershell & $RefreshPolicyTool @@ -69,13 +68,13 @@ Use WMI to apply policies on all other versions of Windows and Windows Server. $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b" ``` -2. Copy Windows Defender Application Control (WDAC) policy binary to the destination. +2. Copy App Control for Business policy binary to the destination. ```powershell Copy-Item -Path $PolicyBinary -Destination $DestinationBinary -Force ``` -3. Refresh and activate WDAC policy using WMI +3. Refresh and activate App Control policy using WMI ```powershell Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary} @@ -83,7 +82,7 @@ Use WMI to apply policies on all other versions of Windows and Windows Server. ## Deploying signed policies -If you're using [signed WDAC policies](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering), the policies must be deployed into your device's EFI partition in addition to the locations outlined in the earlier sections. Unsigned WDAC policies don't need to be present in the EFI partition. +If you're using [signed App Control policies](use-signed-policies-to-protect-appcontrol-against-tampering.md), the policies must be deployed into your device's EFI partition in addition to the locations outlined in the earlier sections. Unsigned App Control policies don't need to be present in the EFI partition. 1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt: diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md index 056e35ce3f..dc52420573 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md @@ -1,21 +1,20 @@ --- -title: Deploy catalog files to support Windows Defender Application Control -description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy. +title: Deploy catalog files to support App Control for Business +description: Catalog files simplify running unsigned applications in the presence of a App Control for Business policy. ms.localizationpriority: medium ms.topic: how-to ms.date: 11/30/2022 --- -# Deploy catalog files to support Windows Defender Application Control +# Deploy catalog files to support App Control for Business -> [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -*Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging. +*Catalog files* can be important in your deployment of App Control for Business if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your App Control-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging. You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. -Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code, because most malware is unsigned. +Finally, add a signer rule to your App Control policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a App Control policy that blocks all unsigned code, because most malware is unsigned. ## Create catalog files using Package Inspector @@ -34,7 +33,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip" ``` - Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-appcontrol-policies-with-script.md). + Then apply the policy as described in [Deploy App Control for Business policies with script](deploy-appcontrol-policies-with-script.md). 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C: @@ -123,14 +122,14 @@ For testing purposes, you can manually copy signed catalog files to this folder. To simplify the management of catalog files, you can use group policy preferences to deploy catalog files to the appropriate computers in your organization. -The following process walks you through the deployment of a signed catalog file called **LOBApp-Contoso.cat** to a test OU called **WDAC Enabled PCs** with a GPO called **Contoso Catalog File GPO Test**. +The following process walks you through the deployment of a signed catalog file called **LOBApp-Contoso.cat** to a test OU called **App Control Enabled PCs** with a GPO called **Contoso Catalog File GPO Test**. 1. From either a domain controller or a client computer that has Remote Server Administration Tools installed, open the Group Policy Management Console by running **GPMC.MSC** or by searching for Group Policy Management. -2. Create a new GPO: right-click an OU, for example, the **WDAC Enabled PCs OU**, and then select **Create a GPO in this domain, and Link it here**, as shown in Figure 2. +2. Create a new GPO: right-click an OU, for example, the **App Control Enabled PCs OU**, and then select **Create a GPO in this domain, and Link it here**, as shown in Figure 2. > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies. + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining App Control policies. ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png) @@ -299,9 +298,9 @@ At the time of the next software inventory cycle, when the targeted clients rece > [!NOTE] > If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan. -## Allow apps signed by your catalog signing certificate in your WDAC policy +## Allow apps signed by your catalog signing certificate in your App Control policy -Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/appcontrol-design-guide.md). +Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a App Control policy, see the [App Control for Business design guide](../design/appcontrol-design-guide.md). On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md index 839bf11d55..d49e753d03 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md @@ -1,24 +1,23 @@ --- -title: Remove Windows Defender Application Control policies -description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS. +title: Remove App Control for Business policies +description: Learn how to disable both signed and unsigned App Control for Business policies, within Windows and within the BIOS. ms.localizationpriority: medium ms.date: 11/04/2022 ms.topic: how-to --- -# Remove Windows Defender Application Control (WDAC) policies +# Remove App Control for Business policies ->[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). +[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -## Removing WDAC policies +## Removing App Control policies -There may come a time when you want to remove one or more WDAC policies, or remove all WDAC policies you've deployed. This article describes the various ways to remove WDAC policies. +There may come a time when you want to remove one or more App Control policies, or remove all App Control policies you've deployed. This article describes the various ways to remove App Control policies. > [!IMPORTANT] -> **Signed WDAC policy** +> **Signed App Control policy** > -> If the policy you are trying to remove is a signed WDAC policy, you must first deploy a signed replacement policy that includes option **6 Enabled:Unsigned System Integrity Policy**. +> If the policy you are trying to remove is a signed App Control policy, you must first deploy a signed replacement policy that includes option **6 Enabled:Unsigned System Integrity Policy**. > > The replacement policy must have the same PolicyId as the one it's replacing and a version that's equal to or greater than the existing policy. The replacement policy must also include \. > @@ -33,15 +32,15 @@ To make a policy effectively inactive before removing it, you can first replace 1. Replace the policy rules with "Allow *" rules; 2. Set option **3 Enabled:Audit Mode** to change the policy to audit mode only; 3. Set option **11 Disabled:Script Enforcement**; -4. Allow all COM objects. See [Allow COM object registration in a WDAC policy](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy#examples); +4. Allow all COM objects. See [Allow COM object registration in a App Control policy](../design/allow-com-object-registration-in-appcontrol-policy.md#examples); 5. If applicable, remove option **0 Enabled:UMCI** to convert the policy to kernel mode only. > [!IMPORTANT] -> After you remove a policy, restart the computer for it to take effect. You can't remove WDAC policies without restarting the device. +> After you remove a policy, restart the computer for it to take effect. You can't remove App Control policies without restarting the device. -### Remove WDAC policies using CiTool.exe +### Remove App Control policies using CiTool.exe -Beginning with the Windows 11 2022 Update, you can remove WDAC policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the WDAC policy you want to remove: +Beginning with the Windows 11 2022 Update, you can remove App Control policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the App Control policy you want to remove: ```powershell CiTool.exe -rp "{PolicyId GUID}" -json @@ -49,13 +48,13 @@ Beginning with the Windows 11 2022 Update, you can remove WDAC policies using Ci Then restart the computer. -### Remove WDAC policies using MDM solutions like Intune +### Remove App Control policies using MDM solutions like Intune -You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to remove WDAC policies from client machines using the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp). +You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to remove App Control policies from client machines using the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp). -Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. +App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. -Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. +Existing App Control for Business policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although App Control policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. @@ -861,7 +861,7 @@ The following table provides the result of this policy based on different values ## Microsoft Intune Usage Guidance -For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune). +For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy App Control for Business policies by using Microsoft Intune](/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-wdac-policies-using-intune). ## Generic MDM Server Usage Guidance @@ -1014,7 +1014,7 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Co ### Setup for using the WMI Bridge -1. Convert your WDAC policy to Base64. +1. Convert your App Control policy to Base64. 2. Open PowerShell in Local System context (through PSExec or something similar). 3. Use WMI Interface: diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 94711a96ae..9ea0e21a78 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -14,7 +14,7 @@ ms.date: 08/06/2024 > [!WARNING] -> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). +> Group Policy-based deployment of App Control for Business policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). diff --git a/windows/deployment/windows-enterprise-e3-overview.md b/windows/deployment/windows-enterprise-e3-overview.md index f4532464b5..2805f5fc8a 100644 --- a/windows/deployment/windows-enterprise-e3-overview.md +++ b/windows/deployment/windows-enterprise-e3-overview.md @@ -126,7 +126,7 @@ Now that the devices have Windows Enterprise, Device Guard can be implemented on For more information about implementing Device Guard, see: -- [Windows Defender Application Control and virtualization-based protection of code integrity](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) +- [App Control for Business and virtualization-based protection of code integrity](/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol) - [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) ### AppLocker management diff --git a/windows/security/application-security/application-control/app-control-for-business/index.yml b/windows/security/application-security/application-control/app-control-for-business/index.yml index dd89e15e9a..f90d303d42 100644 --- a/windows/security/application-security/application-control/app-control-for-business/index.yml +++ b/windows/security/application-security/application-control/app-control-for-business/index.yml @@ -20,12 +20,10 @@ landingContent: links: - text: What is Application Control? url: appcontrol.md - - text: What is App Control for Business? - url: appcontrol-and-applocker-overview.md - text: What is AppLocker? url: applocker\applocker-overview.md - - text: App Control and AppLocker feature availability - url: feature-availability.md + - text: App Control and AppLocker overview + url: appcontrol-and-applocker-overview.md # Card - title: Learn about Policy Design linkLists: diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml index 938f5e5f8b..3a7a1fa706 100644 --- a/windows/security/application-security/application-control/toc.yml +++ b/windows/security/application-security/application-control/toc.yml @@ -1,9 +1,9 @@ items: - name: Smart App Control href: app-control-for-business/appcontrol.md -- name: Windows Defender Application Control +- name: App Control for Business href: app-control-for-business/appcontrol.md -- name: Windows Defender Application Control and virtualization-based protection of code integrity +- name: App Control for Business and virtualization-based protection of code integrity href: introduction-to-virtualization-based-security-and-appcontrol.md - name: User Account Control (UAC) items: diff --git a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md index a5cd24d3c9..e6a95f4de8 100644 --- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md @@ -141,16 +141,16 @@ reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\Hyperviso reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /t REG_DWORD /d 2 /f ``` -### Enable memory integrity using Windows Defender Application Control (WDAC) +### Enable memory integrity using App Control for Business -You can use WDAC policy to turn on memory integrity using any of the following techniques: +You can use App Control policy to turn on memory integrity using any of the following techniques: -1. Use the [WDAC Wizard](https://aka.ms/wdacwizard) to create or edit your WDAC policy and select the option **Hypervisor-protected Code Integrity** on the **Policy Rules** page of the Wizard. +1. Use the [App Control Wizard](https://aka.ms/wdacwizard) to create or edit your App Control policy and select the option **Hypervisor-protected Code Integrity** on the **Policy Rules** page of the Wizard. 2. Use the [Set-HVCIOptions](/powershell/module/configci/set-hvcioptions) PowerShell cmdlet. -3. Edit your WDAC policy XML and modify the value set for the `` element. +3. Edit your App Control policy XML and modify the value set for the `` element. > [!NOTE] -> If your WDAC policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode. +> If your App Control policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode. ### Validate enabled VBS and memory integrity features diff --git a/windows/security/hardware-security/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md index ae731d1f10..ff2f368320 100644 --- a/windows/security/hardware-security/tpm/tpm-recommendations.md +++ b/windows/security/hardware-security/tpm/tpm-recommendations.md @@ -87,7 +87,7 @@ The following table defines which Windows features require TPM support. | Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm, which is being deprecated. | | BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/index.md#device-encryption) including TPM 2.0 support | | Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. | -| Windows Defender Application Control (Device Guard) | No | Yes | Yes | +| App Control for Business | No | Yes | Yes | | System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. | | Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers. | | Device Health Attestation | Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm, which is being deprecated. | diff --git a/windows/security/includes/sections/application.md b/windows/security/includes/sections/application.md index 8b6b510ef4..75e29b9470 100644 --- a/windows/security/includes/sections/application.md +++ b/windows/security/includes/sections/application.md @@ -9,8 +9,8 @@ ms.topic: include | Feature name | Description | |:---|:---| -| **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in Windows Defender Application Control (WDAC) to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. | -| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.

          Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. | +| **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in App Control for Business to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. | +| **[App Control for Business](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.

          Windows 10 and above include App Control for Business and AppLocker. App Control is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to App Control for the stronger protection. | | **[AppLocker](/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview)** | | | **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. | | **[Microsoft vulnerable driver blocklist](/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules)** | The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Microsoft works with the ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers.

          Prior to Windows 11, version 22H2, the operating system enforced a block policy when HVCI is enabled to prevent vulnerable versions of drivers from running. Starting in Windows 11, version 22H2, the block policy is enabled by default for all new Windows devices, and users can opt-in to enforce the policy from the Windows Security app. | diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md index 7a85af0543..905fb63998 100644 --- a/windows/security/includes/sections/security-foundations.md +++ b/windows/security/includes/sections/security-foundations.md @@ -25,5 +25,5 @@ ms.topic: include | Feature name | Description | |:---|:---| | **Software Bill of Materials (SBOM)** | SBOMs are leveraged to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering has not taken place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers. | -| **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | Windows Defender Application Control (WDAC) enables customers to define policies for controlling what is allowed to run on their devices. WDAC policies can be remotely applied to devices using an MDM solution like Microsoft Intune.

          To simplify WDAC enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing WDAC policies and apps.

          Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets. | +| **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | App Control for Business enables customers to define policies for controlling what is allowed to run on their devices. App Control policies can be remotely applied to devices using an MDM solution like Microsoft Intune.

          To simplify App Control enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing App Control policies and apps.

          Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets. | | **[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)** | Developers have an opportunity to design highly secure applications that benefit from the latest Windows safeguards. The Windows App SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows. To help create apps that are up-to-date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system. | diff --git a/windows/security/index.yml b/windows/security/index.yml index 9553388f93..9738ace595 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -101,7 +101,7 @@ landingContent: linkLists: - linkListType: overview links: - - text: Windows Defender Application Control (WDAC) + - text: App Control for Business url: /windows/security/application-security/application-control/windows-defender-application-control/ - text: User Account Control (UAC) url: /windows/security/application-security/application-control/user-account-control diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index d668a98028..aa8c40c267 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -46,11 +46,11 @@ In either of these scenarios, once the rules are added, they must be deleted to > [!NOTE] > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user. -### WDAC tagging policies +### App Control tagging policies -Windows Firewall supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration: +Windows Firewall supports the use of App Control for Business Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration: -1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications. +1. Deploy *App Control AppId tagging policies*: a App Control for Business policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [App Control AppId tagging guide](../../../application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications. 1. Configure firewall rules using *PolicyAppId tags* using one of the two methods: - Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting - Create local firewall rules with PowerShell: use the [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) cmdlet and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index dd250485d8..5b5fb3e06e 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -386,7 +386,7 @@ Examples: Set-ProcessMitigation -Name notepad.exe -Enable SEHOP -Disable MandatoryASLR,DEPATL ``` -- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](../application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. +- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying App Control for Business policies](../application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. - **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET "Certificate Trust" XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning). For example: From 1c3b2da0419008298553b1387efd208eb144b976 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 11 Sep 2024 14:00:18 -0600 Subject: [PATCH 045/164] Update wording in App Control for Business deployment guide --- .../client-management/mdm/applicationcontrol-csp.md | 4 ++-- .../app-control-for-business/TOC.yml | 10 +++++----- .../deployment/appcontrol-deployment-guide.md | 2 +- .../deployment/audit-appcontrol-policies.md | 8 ++++---- .../deploy-appcontrol-policies-using-group-policy.md | 6 +++--- .../deploy-appcontrol-policies-with-memcm.md | 6 +++--- .../deploy-catalog-files-to-support-appcontrol.md | 6 +++--- .../deployment/disable-appcontrol-policies.md | 6 +++--- .../deployment/enforce-appcontrol-policies.md | 2 +- ...e-code-signing-for-better-control-and-protection.md | 2 +- ...policies-to-protect-appcontrol-against-tampering.md | 2 +- ...low-com-object-registration-in-appcontrol-policy.md | 6 +++--- .../design/appcontrol-and-dotnet.md | 2 +- .../design/appcontrol-wizard-create-base-policy.md | 2 +- .../appcontrol-wizard-create-supplemental-policy.md | 2 +- .../design/appcontrol-wizard-parsing-event-logs.md | 6 +++--- .../design/common-appcontrol-use-cases.md | 2 +- ...uthorized-apps-deployed-with-a-managed-installer.md | 4 ++-- ...eate-appcontrol-policy-for-fully-managed-devices.md | 8 ++++---- ...te-appcontrol-policy-for-lightly-managed-devices.md | 8 ++++---- ...reate-appcontrol-policy-using-reference-computer.md | 8 ++++---- .../design/example-appcontrol-base-policies.md | 2 +- .../design/manage-packaged-apps-with-appcontrol.md | 2 +- .../design/microsoft-recommended-driver-block-rules.md | 2 +- .../design/script-enforcement.md | 4 ++-- .../design/select-types-of-rules-to-create.md | 6 +++--- .../design/understanding-appcontrol-policy-settings.md | 6 +++--- ...to-control-specific-plug-ins-add-ins-and-modules.md | 8 ++++---- .../use-appcontrol-with-intelligent-security-graph.md | 2 +- .../app-control-for-business/index.yml | 8 ++++---- .../appcontrol-debugging-and-troubleshooting.md | 4 ++-- .../operations/citool-commands.md | 2 +- .../operations/event-id-explanations.md | 4 ++-- ...-control-events-centrally-using-advanced-hunting.md | 2 +- .../network-security/windows-firewall/rules.md | 2 +- 35 files changed, 78 insertions(+), 78 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index ed0e0f2f94..5f26f04b42 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -11,7 +11,7 @@ ms.date: 01/31/2024 -App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. +App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. Existing App Control for Business policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although App Control policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. @@ -861,7 +861,7 @@ The following table provides the result of this policy based on different values ## Microsoft Intune Usage Guidance -For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy App Control for Business policies by using Microsoft Intune](/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-wdac-policies-using-intune). +For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy App Control for Business policies by using Microsoft Intune](/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune). ## Generic MDM Server Usage Guidance diff --git a/windows/security/application-security/application-control/app-control-for-business/TOC.yml b/windows/security/application-security/application-control/app-control-for-business/TOC.yml index d7bad29ee6..281cda06cd 100644 --- a/windows/security/application-security/application-control/app-control-for-business/TOC.yml +++ b/windows/security/application-security/application-control/app-control-for-business/TOC.yml @@ -47,13 +47,13 @@ - name: Policy creation for common App Control usage scenarios href: design/common-appcontrol-use-cases.md items: - - name: Create a App Control policy for lightly managed devices + - name: Create an App Control policy for lightly managed devices href: design/create-appcontrol-policy-for-lightly-managed-devices.md - - name: Create a App Control policy for fully managed devices + - name: Create an App Control policy for fully managed devices href: design/create-appcontrol-policy-for-fully-managed-devices.md - - name: Create a App Control policy for fixed-workload devices + - name: Create an App Control policy for fixed-workload devices href: design/create-appcontrol-policy-using-reference-computer.md - - name: Create a App Control deny list policy + - name: Create an App Control deny list policy href: design/create-appcontrol-deny-policy.md - name: Applications that can bypass App Control and how to block them href: design/applications-that-can-bypass-appcontrol.md @@ -66,7 +66,7 @@ href: design/appcontrol-wizard-create-base-policy.md - name: Create a supplemental App Control policy with the Wizard href: design/appcontrol-wizard-create-supplemental-policy.md - - name: Editing a App Control policy with the Wizard + - name: Editing an App Control policy with the Wizard href: design/appcontrol-wizard-editing-policy.md - name: Creating App Control Policy Rules from App Control Events href: design/appcontrol-wizard-parsing-event-logs.md diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index a893114a66..51bff6035e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -1,6 +1,6 @@ --- title: Deploying App Control for Business policies -description: Learn how to plan and implement a App Control deployment. +description: Learn how to plan and implement an App Control deployment. ms.localizationpriority: medium ms.date: 01/23/2023 ms.topic: overview diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md index 6c94229e73..ab70616836 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md @@ -12,14 +12,14 @@ ms.topic: conceptual Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your App Control policy but should be included. -While a App Control policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new App Control policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. +While an App Control policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new App Control policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. ## Overview of the process to create App Control policy to allow apps using audit events > [!Note] -> You must have already deployed a App Control audit mode policy to use this process. If you have not already done so, see [Deploying App Control for Business policies](appcontrol-deployment-guide.md). +> You must have already deployed an App Control audit mode policy to use this process. If you have not already done so, see [Deploying App Control for Business policies](appcontrol-deployment-guide.md). -To familiarize yourself with creating App Control rules from audit events, follow these steps on a device with a App Control audit mode policy. +To familiarize yourself with creating App Control rules from audit events, follow these steps on a device with an App Control audit mode policy. 1. Install and run an application not allowed by the App Control policy but that you want to allow. @@ -28,7 +28,7 @@ To familiarize yourself with creating App Control rules from audit events, follo **Figure 1. Exceptions to the deployed App Control policy** ![Event showing exception to App Control policy.](../images/dg-fig23-exceptionstocode.png) -3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a App Control policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create an App Control policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md index a0fcfe492a..5da05ac029 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md @@ -20,11 +20,11 @@ Single-policy format App Control for Business policies (pre-1903 policy schema) > [!IMPORTANT] > Group Policy-based deployment of App Control for Business policies only supports single-policy format App Control policies. To use App Control on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment. -You should now have a App Control policy converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md). +You should now have an App Control policy converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md). -The following procedure walks you through how to deploy a App Control policy called **SiPolicy.p7b** to a test OU called *App Control Enabled PCs* by using a GPO called **Contoso GPO Test**. +The following procedure walks you through how to deploy an App Control policy called **SiPolicy.p7b** to a test OU called *App Control Enabled PCs* by using a GPO called **Contoso GPO Test**. -To deploy and manage a App Control for Business policy with Group Policy: +To deploy and manage an App Control for Business policy with Group Policy: 1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC** diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md index b4db86498e..9f0690159b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md @@ -24,11 +24,11 @@ Configuration Manager includes native support for App Control, which allows you Configuration Manager doesn't remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable App Control for Business altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot. -### Create a App Control Policy in Configuration Manager +### Create an App Control Policy in Configuration Manager 1. Select **Asset and Compliance** > **Endpoint Protection** > **App Control for Business** > **Create Application Control Policy** - ![Create a App Control policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg) + ![Create an App Control policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg) 2. Enter the name of the policy > **Next** 3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes** @@ -39,7 +39,7 @@ Configuration Manager doesn't remove policies once deployed. To stop enforcement 6. Select **Add** to begin creating rules for trusted software - ![Create a App Control path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg) + ![Create an App Control path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg) 7. Select **File** or **Folder** to create a path rule > **Browse** diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md index dc52420573..720bd02496 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md @@ -1,6 +1,6 @@ --- title: Deploy catalog files to support App Control for Business -description: Catalog files simplify running unsigned applications in the presence of a App Control for Business policy. +description: Catalog files simplify running unsigned applications in the presence of an App Control for Business policy. ms.localizationpriority: medium ms.topic: how-to ms.date: 11/30/2022 @@ -14,7 +14,7 @@ ms.date: 11/30/2022 You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. -Finally, add a signer rule to your App Control policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a App Control policy that blocks all unsigned code, because most malware is unsigned. +Finally, add a signer rule to your App Control policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build an App Control policy that blocks all unsigned code, because most malware is unsigned. ## Create catalog files using Package Inspector @@ -300,7 +300,7 @@ At the time of the next software inventory cycle, when the targeted clients rece ## Allow apps signed by your catalog signing certificate in your App Control policy -Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a App Control policy, see the [App Control for Business design guide](../design/appcontrol-design-guide.md). +Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created an App Control policy, see the [App Control for Business design guide](../design/appcontrol-design-guide.md). On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md index d49e753d03..f1854c5256 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md @@ -32,7 +32,7 @@ To make a policy effectively inactive before removing it, you can first replace 1. Replace the policy rules with "Allow *" rules; 2. Set option **3 Enabled:Audit Mode** to change the policy to audit mode only; 3. Set option **11 Disabled:Script Enforcement**; -4. Allow all COM objects. See [Allow COM object registration in a App Control policy](../design/allow-com-object-registration-in-appcontrol-policy.md#examples); +4. Allow all COM objects. See [Allow COM object registration in an App Control policy](../design/allow-com-object-registration-in-appcontrol-policy.md#examples); 5. If applicable, remove option **0 Enabled:UMCI** to convert the policy to kernel mode only. > [!IMPORTANT] @@ -54,7 +54,7 @@ You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to -App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. +App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot. Existing App Control for Business policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although App Control policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only. diff --git a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md index 86be3d519b..ce8d6225a0 100644 --- a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md +++ b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md @@ -1,5 +1,5 @@ --- -title: App Control for Businessand virtualization-based code integrity +title: App Control for Business and virtualization-based code integrity description: Hardware and software system integrity-hardening capabilities that can be deployed separately or in combination with App Control for Business. ms.localizationpriority: medium author: vinaypamnani-msft @@ -15,7 +15,7 @@ appliesto: - ✅ Windows Server 2016 --- -# App Control for Businessand virtualization-based protection of code integrity +# App Control and virtualization-based protection of code integrity Windows includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they behave more like kiosk devices. In this configuration, [**App Control for Business**](app-control-for-business/appcontrol.md) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md). From 05dfb4e9e1836fe00a1b39b263d3625f9d5ff5bd Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 11 Sep 2024 13:47:28 -0700 Subject: [PATCH 048/164] Add missing field descriptions --- ...iagnostic-events-fields-windows-11-24H2.md | 147 +++++++++--------- 1 file changed, 73 insertions(+), 74 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index e94d192e2e..c389f453e4 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -3662,7 +3662,7 @@ The following fields are available: - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **NumFailedAudienceMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced. - **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. -- **Props** Commit Props. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **ServiceUrl** Environment URL for which a device is configured to scan. @@ -3703,7 +3703,7 @@ This event checks for update retries on the Windows Update client. The data coll The following fields are available: - **CallerName** Name of application making the Windows Update request. Used to identify context of request. -- **Props** Commit Props. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **ServiceUrl** Environment URL for which a device is configured to scan. @@ -3767,7 +3767,7 @@ The following fields are available: - **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete. - **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced. - **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. -- **Props** Commit Props. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **ServiceUrl** Environment URL for which a device is configured to scan. @@ -3789,7 +3789,7 @@ The following fields are available: - **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** Commit Props. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). @@ -3810,7 +3810,7 @@ The following fields are available: - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** Commit Props. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. @@ -3829,7 +3829,7 @@ The following fields are available: - **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc. - **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. - **HandlerType** The specific id of the flight the device is getting. -- **Props** Commit Props. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. @@ -3844,23 +3844,23 @@ This event tracks the download canceled event when the update client is trying t The following fields are available: - **BundleId** Name of application making the Windows Update request. Used to identify context of request. -- **CallerName** No content is currently available. -- **ClassificationId** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. - **DownloadPriority** Indicates the priority of the download activity. -- **DownloadStartTimeUTC** No content is currently available. +- **DownloadStartTimeUTC** Download start time to measure the length of the session. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. -- **HandlerInfo** No content is currently available. -- **HandlerType** No content is currently available. +- **HandlerInfo** HandlerInfo Blob. +- **HandlerType** HandlerType Blob. - **HostName** Identifies the hostname. - **NetworkCost** Identifies the network cost. - **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. -- **Props** No content is currently available. -- **Reason** No content is currently available. +- **Props** A bitmask for additional flags associated with the download request. +- **Reason** Cancel reason information. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.DownloadFailed @@ -3870,24 +3870,24 @@ This event tracks the download failed event when the update client is trying to The following fields are available: - **BundleId** Name of application making the Windows Update request. Used to identify context of request. -- **CallerName** No content is currently available. -- **ClassificationId** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Provides context about distribution stack for reporting. - **DownloadPriority** Indicates the priority of the download activity. -- **DownloadStartTimeUTC** No content is currently available. +- **DownloadStartTimeUTC** Start time to measure length of session. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **FlightId** The specific id of the flight the device is getting. -- **HandlerInfo** No content is currently available. -- **HandlerType** No content is currently available. +- **HandlerInfo** HandlerInfo Blob. +- **HandlerType** HandlerType Blob. - **HostName** Identifies the hostname. - **NetworkCost** Identifies the network cost. - **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. -- **Props** No content is currently available. +- **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.DownloadPaused @@ -3904,7 +3904,7 @@ The following fields are available: - **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **HandlerInfo** Blob of Handler related information. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** Commit Props {MergedUpdate} +- **Props** Commit Props (MergedUpdate) - **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). @@ -3919,20 +3919,20 @@ This event tracks the download queued event when the update client is trying to The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. -- **ClassificationId** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. - **DownloadPriority** Indicates the priority of the download activity. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. -- **HandlerInfo** No content is currently available. -- **HandlerType** No content is currently available. -- **Props** No content is currently available. -- **QueuedReason** No content is currently available. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate) +- **QueuedReason** The reason in which a download has been queued. - **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the Update Undocked Stack. ### Microsoft.Windows.Update.WUClient.DownloadResumed @@ -3964,17 +3964,17 @@ This event tracks the install canceled event when the update client is trying to The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. -- **Reason** No content is currently available. +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) +- **Reason** Install canceled reason. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.InstallFailed @@ -3984,20 +3984,20 @@ This event tracks the install failed event when the update client is trying to u The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **FlightId** The specific id of the flight the device is getting. -- **HandlerInfo** No content is currently available. +- **HandlerInfo** Handler specific information. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **UndockedComponents** No content is currently available. +- **UndockedComponents** Information about the undocked components. - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** UUS version. ### Microsoft.Windows.Update.WUClient.InstallRebootPending @@ -4007,17 +4007,16 @@ This event tracks the install reboot pending event when the update client is try The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. - +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.InstallStarted @@ -4026,16 +4025,16 @@ The event tracks the install started event when the update client is trying to u The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.InstallSucceeded @@ -4045,18 +4044,18 @@ The event tracks the successful install event when the update client is trying t The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. -- **HandlerInfo** No content is currently available. +- **HandlerInfo** Handler specific datapoints. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). -- **UndockedComponents** No content is currently available. +- **UndockedComponents** Information about the undocked components. - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.RevertFailed @@ -4066,19 +4065,19 @@ This event tracks the revert failed event when the update client is trying to up The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Commit Props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **UndockedComponents** No content is currently available. +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClient.RevertStarted @@ -4088,16 +4087,16 @@ This event tracks the revert started event when the update client is trying to u The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Revert props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the Update Undocked Stack. ### Microsoft.Windows.Update.WUClient.RevertSucceeded @@ -4107,17 +4106,17 @@ The event tracks the successful revert event when the update client is trying to The following fields are available: - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). -- **Props** No content is currently available. +- **Props** Revert props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). -- **UndockedComponents** No content is currently available. +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClientExt.DownloadCheckpoint @@ -4126,7 +4125,7 @@ This is a checkpoint event between the Windows Update download phases for UUP co The following fields are available: -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **FileId** Unique identifier for the downloaded file. @@ -4136,7 +4135,7 @@ The following fields are available: - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClientExt.DownloadHeartbeat @@ -4147,24 +4146,24 @@ The following fields are available: - **BytesTotal** Total bytes to transfer for this content. - **BytesTransferred** Total bytes transferred for this content at the time of heartbeat. -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat. - **CurrentError** Last (transient) error encountered by the active download. -- **DownloadHBFlags** No content is currently available. +- **DownloadHBFlags** Flags indicating if power state is ignored. - **DownloadState** Current state of the active download for this content (queued, suspended, progressing). - **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". - **FlightId** The specific id of the flight the device is getting. - **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any. - **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any. - **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby). -- **Props** No content is currently available. +- **Props** Commit Props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ResumeCount** Number of times this active download has resumed from a suspended state. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **SuspendCount** Number of times this active download has entered a suspended state. - **SuspendReason** Last reason for which this active download has entered suspended state. - **UpdateId** Identifier associated with the specific piece of content. -- **UusVersion** No content is currently available. +- **UusVersion** The version of the Update Undocked Stack. ### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityFragmentSigning @@ -4173,7 +4172,7 @@ This event helps to identify whether update content has been tampered with and p The following fields are available: -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. @@ -4185,7 +4184,7 @@ The following fields are available: - **SHA256OfLeafCerData** Base64 string of hash of the leaf cert data. - **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". - **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS version. ### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityGeneral @@ -4211,7 +4210,7 @@ This event helps to identify whether update content has been tampered with and p The following fields are available: -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. @@ -4226,8 +4225,8 @@ The following fields are available: - **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed. -- **UpdateID** No content is currently available. -- **UusVersion** No content is currently available. +- **UpdateID** String of update id and version number. +- **UusVersion** The version of the Update Undocked Stack. ### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityTimestamp @@ -4236,7 +4235,7 @@ This event helps to identify whether update content has been tampered with and p The following fields are available: -- **CallerName** No content is currently available. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce @@ -4246,7 +4245,7 @@ The following fields are available: - **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. -- **UusVersion** No content is currently available. +- **UusVersion** Active UUS Version. - **ValidityWindowInDays** Validity window in effect when verifying the timestamp. From f9d16c6b2ab04977aa72359624f5c7d957367a31 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 11 Sep 2024 14:51:13 -0600 Subject: [PATCH 049/164] Update dates in App Control for Business documentation --- .../AppIdTagging/appcontrol-appid-tagging-guide.md | 2 +- .../debugging-operational-guide-appid-tagging-policies.md | 2 +- .../AppIdTagging/deploy-appid-tagging-policies.md | 2 +- .../AppIdTagging/design-create-appid-tagging-policies.md | 2 +- .../appcontrol-and-applocker-overview.md | 2 +- .../app-control-for-business/appcontrol.md | 2 +- ...es-for-packaged-apps-to-existing-applocker-rule-set.md | 2 +- .../applocker/administer-applocker.md | 2 +- .../applocker/applocker-architecture-and-components.md | 2 +- .../applocker/applocker-functions.md | 2 +- .../applocker/applocker-overview.md | 2 +- .../applocker/applocker-policies-deployment-guide.md | 2 +- .../applocker/applocker-policies-design-guide.md | 2 +- .../applocker/applocker-policy-use-scenarios.md | 2 +- .../applocker/applocker-processes-and-interactions.md | 2 +- .../applocker/applocker-technical-reference.md | 2 +- .../configure-an-applocker-policy-for-audit-only.md | 2 +- .../configure-an-applocker-policy-for-enforce-rules.md | 2 +- .../configure-exceptions-for-an-applocker-rule.md | 2 +- .../applocker/configure-the-appLocker-reference-device.md | 2 +- .../configure-the-application-identity-service.md | 2 +- .../applocker/create-a-rule-for-packaged-apps.md | 2 +- .../create-a-rule-that-uses-a-file-hash-condition.md | 2 +- .../applocker/create-a-rule-that-uses-a-path-condition.md | 2 +- .../create-a-rule-that-uses-a-publisher-condition.md | 2 +- .../applocker/create-applocker-default-rules.md | 2 +- ...ist-of-applications-deployed-to-each-business-group.md | 2 +- .../applocker/create-your-applocker-policies.md | 2 +- .../applocker/create-your-applocker-rules.md | 2 +- .../applocker/delete-an-applocker-rule.md | 2 +- ...plocker-policies-by-using-the-enforce-rules-setting.md | 2 +- .../deploy-the-applocker-policy-into-production.md | 2 +- ...termine-group-policy-structure-and-rule-enforcement.md | 2 +- ...ations-are-digitally-signed-on-a-reference-computer.md | 2 +- ...message-when-users-try-to-run-a-blocked-application.md | 2 +- .../applocker/dll-rules-in-applocker.md | 2 +- ...oup-policy-structure-and-applocker-rule-enforcement.md | 2 +- .../applocker/document-your-application-list.md | 4 ++-- .../applocker/document-your-applocker-rules.md | 2 +- .../applocker/edit-an-applocker-policy.md | 2 +- .../applocker/edit-applocker-rules.md | 2 +- .../applocker/enable-the-dll-rule-collection.md | 2 +- .../applocker/enforce-applocker-rules.md | 2 +- .../applocker/executable-rules-in-applocker.md | 2 +- .../applocker/export-an-applocker-policy-from-a-gpo.md | 2 +- .../export-an-applocker-policy-to-an-xml-file.md | 2 +- .../applocker/how-applocker-works-techref.md | 2 +- .../import-an-applocker-policy-from-another-computer.md | 2 +- .../applocker/import-an-applocker-policy-into-a-gpo.md | 2 +- .../applocker/maintain-applocker-policies.md | 2 +- .../applocker/manage-packaged-apps-with-applocker.md | 2 +- ...rge-applocker-policies-by-using-set-applockerpolicy.md | 2 +- .../applocker/merge-applocker-policies-manually.md | 2 +- .../applocker/monitor-application-usage-with-applocker.md | 2 +- .../applocker/optimize-applocker-performance.md | 2 +- ...-apps-and-packaged-app-installer-rules-in-applocker.md | 2 +- .../applocker/plan-for-applocker-policy-management.md | 2 +- .../applocker/refresh-an-applocker-policy.md | 2 +- .../requirements-for-deploying-applocker-policies.md | 2 +- .../applocker/requirements-to-use-applocker.md | 2 +- .../applocker/rule-collection-extensions.md | 2 +- .../run-the-automatically-generate-rules-wizard.md | 2 +- .../applocker/script-rules-in-applocker.md | 2 +- .../applocker/security-considerations-for-applocker.md | 2 +- .../applocker/select-types-of-rules-to-create.md | 2 +- ...t-an-applocker-policy-by-using-test-applockerpolicy.md | 2 +- .../applocker/test-and-update-an-applocker-policy.md | 2 +- .../applocker/tools-to-use-with-applocker.md | 2 +- .../understand-applocker-policy-design-decisions.md | 2 +- ...and-enforcement-setting-inheritance-in-group-policy.md | 2 +- .../understand-the-applocker-policy-deployment-process.md | 2 +- ...rstanding-applocker-allow-and-deny-actions-on-rules.md | 2 +- .../applocker/understanding-applocker-default-rules.md | 8 ++++---- .../applocker/understanding-applocker-rule-behavior.md | 2 +- .../applocker/understanding-applocker-rule-collections.md | 2 +- .../understanding-applocker-rule-condition-types.md | 2 +- .../applocker/understanding-applocker-rule-exceptions.md | 6 +++--- ...rstanding-the-file-hash-rule-condition-in-applocker.md | 2 +- .../understanding-the-path-rule-condition-in-applocker.md | 2 +- ...rstanding-the-publisher-rule-condition-in-applocker.md | 2 +- ...-computer-to-create-and-maintain-applocker-policies.md | 2 +- .../use-the-applocker-windows-powershell-cmdlets.md | 2 +- .../applocker/using-event-viewer-with-applocker.md | 2 +- .../applocker/what-is-applocker.md | 2 +- .../applocker/windows-installer-rules-in-applocker.md | 2 +- .../applocker/working-with-applocker-policies.md | 2 +- .../applocker/working-with-applocker-rules.md | 2 +- .../deployment/appcontrol-deployment-guide.md | 2 +- .../deployment/audit-appcontrol-policies.md | 2 +- .../deployment/create-code-signing-cert-for-appcontrol.md | 2 +- .../deploy-appcontrol-policies-using-group-policy.md | 2 +- .../deployment/deploy-appcontrol-policies-using-intune.md | 2 +- .../deployment/deploy-appcontrol-policies-with-memcm.md | 2 +- .../deployment/deploy-appcontrol-policies-with-script.md | 2 +- .../deploy-catalog-files-to-support-appcontrol.md | 2 +- .../deployment/disable-appcontrol-policies.md | 2 +- .../deployment/enforce-appcontrol-policies.md | 2 +- .../deployment/merge-appcontrol-policies.md | 2 +- .../use-code-signing-for-better-control-and-protection.md | 2 +- ...ed-policies-to-protect-appcontrol-against-tampering.md | 2 +- .../allow-com-object-registration-in-appcontrol-policy.md | 2 +- .../design/appcontrol-and-dotnet.md | 2 +- .../design/appcontrol-design-guide.md | 2 +- .../design/appcontrol-wizard-create-base-policy.md | 2 +- .../appcontrol-wizard-create-supplemental-policy.md | 2 +- .../design/appcontrol-wizard-editing-policy.md | 2 +- .../design/appcontrol-wizard-merging-policies.md | 2 +- .../design/appcontrol-wizard-parsing-event-logs.md | 2 +- .../app-control-for-business/design/appcontrol-wizard.md | 2 +- .../design/applications-that-can-bypass-appcontrol.md | 2 +- .../design/common-appcontrol-use-cases.md | 2 +- ...e-authorized-apps-deployed-with-a-managed-installer.md | 2 +- .../design/create-appcontrol-deny-policy.md | 2 +- .../create-appcontrol-policy-for-fully-managed-devices.md | 2 +- ...reate-appcontrol-policy-for-lightly-managed-devices.md | 2 +- .../create-appcontrol-policy-using-reference-computer.md | 2 +- .../design/deploy-multiple-appcontrol-policies.md | 2 +- .../design/example-appcontrol-base-policies.md | 2 +- .../design/manage-packaged-apps-with-appcontrol.md | 2 +- .../design/microsoft-recommended-driver-block-rules.md | 2 +- .../design/plan-appcontrol-management.md | 2 +- .../app-control-for-business/design/script-enforcement.md | 2 +- .../design/select-types-of-rules-to-create.md | 2 +- .../understand-appcontrol-policy-design-decisions.md | 2 +- .../design/understanding-appcontrol-policy-settings.md | 2 +- ...cy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- .../use-appcontrol-with-intelligent-security-graph.md | 2 +- .../app-control-for-business/feature-availability.md | 2 +- .../app-control-for-business/index.yml | 2 +- .../appcontrol-debugging-and-troubleshooting.md | 2 +- .../operations/appcontrol-operational-guide.md | 2 +- .../operations/citool-commands.md | 2 +- .../operations/configure-appcontrol-managed-installer.md | 2 +- .../operations/event-id-explanations.md | 2 +- .../operations/event-tag-explanations.md | 2 +- .../operations/inbox-appcontrol-policies.md | 2 +- .../app-control-for-business/operations/known-issues.md | 2 +- ...ion-control-events-centrally-using-advanced-hunting.md | 2 +- 138 files changed, 144 insertions(+), 144 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md index c43cf2dd90..8ea04f6820 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md @@ -2,7 +2,7 @@ title: Designing, creating, managing, and troubleshooting App Control for Business AppId Tagging policies description: How to design, create, manage, and troubleshoot your App Control AppId Tagging policies ms.localizationpriority: medium -ms.date: 04/27/2022 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index 454998fcc3..e62a226d9b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -2,7 +2,7 @@ title: Testing and Debugging AppId Tagging Policies description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully. ms.localizationpriority: medium -ms.date: 04/29/2022 +ms.date: 09/11/2024 ms.topic: troubleshooting --- diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md index 0c63966c1e..82fbcd6156 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md @@ -2,7 +2,7 @@ title: Deploying App Control for Business AppId tagging policies description: How to deploy your App Control AppId tagging policies locally and globally within your managed environment. ms.localizationpriority: medium -ms.date: 04/29/2022 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index 6de85994c9..714c740613 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -2,7 +2,7 @@ title: Create your App Control for Business AppId Tagging Policies description: Create your App Control for Business AppId tagging policies for Windows devices. ms.localizationpriority: medium -ms.date: 04/29/2022 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md index b73b5fd915..5520d9161c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md @@ -2,7 +2,7 @@ title: App Control and AppLocker Overview description: Compare Windows application control technologies. ms.localizationpriority: medium -ms.date: 01/03/2024 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md index 0a3335af15..561da483b6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md @@ -4,7 +4,7 @@ description: Application Control restricts which applications users are allowed ms.localizationpriority: medium ms.collection: - tier3 -ms.date: 08/30/2023 +ms.date: 09/11/2024 ms.topic: overview --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 76569e20e6..64ec3acfbf 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -3,7 +3,7 @@ title: Add rules for packaged apps to existing AppLocker rule-set description: This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Add rules for packaged apps to existing AppLocker rule-set diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md index a095fd7246..bf972f7779 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md @@ -3,7 +3,7 @@ title: Administer AppLocker description: This article for IT professionals provides links to specific procedures to use when administering AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Administer AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md index 763fd8e86d..7314cce2f9 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md @@ -3,7 +3,7 @@ title: AppLocker architecture and components description: This article for IT professional describes AppLocker’s basic architecture and its major components. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # AppLocker architecture and components diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md index 8ab68a0205..2ce3ad5532 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md @@ -3,7 +3,7 @@ title: AppLocker functions description: This article for the IT professional lists the functions and security levels for AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # AppLocker functions diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md index 045b43bc8e..0786cd7b73 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md @@ -6,7 +6,7 @@ ms.collection: - must-keep ms.topic: conceptual ms.localizationpriority: medium -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md index cb437f92b7..8520621d36 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md @@ -3,7 +3,7 @@ title: AppLocker deployment guide description: This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # AppLocker deployment guide diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md index 50971f323d..174ed4907c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md @@ -3,7 +3,7 @@ title: AppLocker design guide description: This article for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # AppLocker design guide diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md index a2776beaac..0d11e182ca 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md @@ -3,7 +3,7 @@ title: AppLocker policy use scenarios description: This article for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # AppLocker policy use scenarios diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md index 15208b7d2a..4bc0bd0949 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md @@ -3,7 +3,7 @@ title: AppLocker processes and interactions description: This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # AppLocker processes and interactions diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md index 0952a3d433..5dd3820526 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md @@ -3,7 +3,7 @@ title: AppLocker technical reference description: This overview article for IT professionals provides links to the articles in the technical reference. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # AppLocker technical reference diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md index b6654f9688..422f3a9acd 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md @@ -3,7 +3,7 @@ title: Configure an AppLocker policy for audit only description: This article for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Configure an AppLocker policy for audit only diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md index 5762b9c128..07c51af5bb 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -3,7 +3,7 @@ title: Configure an AppLocker policy for enforce rules description: This article for IT professionals describes the steps to enable the AppLocker policy enforcement setting. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Configure an AppLocker policy for enforce rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md index 3e1a1dcca4..11900e02c0 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md @@ -3,7 +3,7 @@ title: Add exceptions for an AppLocker rule description: This article for IT professionals describes the steps to specify which apps can or can't run as exceptions to an AppLocker rule. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Add exceptions for an AppLocker rule diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md index 9ad52b4cd3..f6acca16ba 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md @@ -3,7 +3,7 @@ title: Configure the AppLocker reference device description: This article for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Configure the AppLocker reference device diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md index b31f8f059d..c4156e9b57 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md @@ -3,7 +3,7 @@ title: Configure the Application Identity service description: This article for IT professionals shows how to configure the Application Identity service to start automatically or manually. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Configure the Application Identity service diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md index 6f06404070..07fd6f2866 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md @@ -3,7 +3,7 @@ title: Create a rule for packaged apps description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Create a rule for packaged apps diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md index a486b03055..b764bb0493 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -3,7 +3,7 @@ title: Create a rule that uses a file hash condition description: This article for IT professionals shows how to create an AppLocker rule with a file hash condition. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Create a rule that uses a file hash condition diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md index c90bf8fe32..fe26c1ee6a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md @@ -3,7 +3,7 @@ title: Create a rule that uses a path condition description: This article for IT professionals shows how to create an AppLocker rule with a path condition. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Create a rule that uses a path condition diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md index 8da8f1de23..9b07438ec7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -3,7 +3,7 @@ title: Create a rule that uses a publisher condition description: This article for IT professionals shows how to create an AppLocker rule with a publisher condition. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Create a rule that uses a publisher condition diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md index b6ddfb364e..fd2aa8e292 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md @@ -3,7 +3,7 @@ title: Create AppLocker default rules description: This article for IT professionals describes the steps to create a standard set of AppLocker rules that allow Windows system files to run. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Create AppLocker default rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md index f1965e03ea..f015e79882 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -3,7 +3,7 @@ title: Create a list of apps deployed to each business group description: This article describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Gathering app usage requirements diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md index 27273e567d..69119137f4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md @@ -3,7 +3,7 @@ title: Create Your AppLocker policies description: This overview article for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Create Your AppLocker policies diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md index e04367462f..415e9582f8 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md @@ -3,7 +3,7 @@ title: Create Your AppLocker rules description: This article for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Create Your AppLocker rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md index 0c7ba5799c..95836e5b28 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md @@ -3,7 +3,7 @@ title: Delete an AppLocker rule description: This article for IT professionals describes the steps to delete an AppLocker rule. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Delete an AppLocker rule diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index 8e4845601c..83e603b364 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -3,7 +3,7 @@ title: Deploy AppLocker policies by using the enforce rules setting description: This article for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Deploy AppLocker policies by using the enforce rules setting diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md index d2ef52adad..941a047e99 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md @@ -3,7 +3,7 @@ title: Deploy the AppLocker policy into production description: This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Deploy the AppLocker policy into production diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md index 54e63c866d..29380fe1e1 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -3,7 +3,7 @@ title: Determine the Group Policy structure and rule enforcement description: This overview article describes the process to follow when you're planning to deploy AppLocker rules. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Determine the Group Policy structure and rule enforcement diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index 56fef83f74..e1c6c88c0a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -3,7 +3,7 @@ title: Find digitally signed apps on a reference device description: This article for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Determine which apps are digitally signed on a reference device diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 64307b01ba..bf1a962a76 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -3,7 +3,7 @@ title: Display a custom URL message when users try to run a blocked app description: This article for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy blocks an app. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Display a custom URL message when users try to run a blocked app diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md index 36da65e276..054c18fb61 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md @@ -3,7 +3,7 @@ title: DLL rules in AppLocker description: This article describes the file formats and available default rules for the DLL rule collection. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # DLL rules in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index b89000e34f..b440a69b68 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -3,7 +3,7 @@ title: Document Group Policy structure & AppLocker rule enforcement description: This planning article describes what you need to include in your plan when you use AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Document the Group Policy structure and AppLocker rule enforcement diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md index f42d12d410..00e357875d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md @@ -3,7 +3,7 @@ title: Document your app list description: This planning article describes the app information that you should document when you create a list of apps for AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Document your app list @@ -14,7 +14,7 @@ This planning article describes the app information that you should document whe ### Apps -Record the name of the app, its publisher information (if digitally signed), and its importance to the business. +Record the name of the app, its publisher information (if digitally signed), and its importance to the business. ### Installation path diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md index 1d5ff7d78e..efd0c0211f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md @@ -3,7 +3,7 @@ title: Document your AppLocker rules description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Document your AppLocker rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md index fe3ac2062b..3ebf404dc6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md @@ -3,7 +3,7 @@ title: Edit an AppLocker policy description: This article for IT professionals describes the steps required to modify an AppLocker policy. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Edit an AppLocker policy diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md index 111678d496..7ae6e91083 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md @@ -3,7 +3,7 @@ title: Edit AppLocker rules description: This article for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Edit AppLocker rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md index d48deeaad8..c2569a0918 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md @@ -3,7 +3,7 @@ title: Enable the DLL rule collection description: This article for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Enable the DLL rule collection diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md index 757d76eb6c..2abb621ddc 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md @@ -3,7 +3,7 @@ title: Enforce AppLocker rules description: This article for IT professionals describes how to enforce application control rules by using AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Enforce AppLocker rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md index e90dc2b98e..99ffe04a6d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md @@ -3,7 +3,7 @@ title: Executable rules in AppLocker description: This article describes the file formats and available default rules for the executable rule collection. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Executable rules in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md index b4150f2544..c9fe560838 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md @@ -3,7 +3,7 @@ title: Export an AppLocker policy from a GPO description: This article for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Export an AppLocker policy from a GPO diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md index 9612096a6e..106a4d836e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -3,7 +3,7 @@ title: Export an AppLocker policy to an XML file description: This article for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Export an AppLocker policy to an XML file diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md index b2f3e10097..c704a9e977 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md @@ -3,7 +3,7 @@ title: How AppLocker works description: This article for the IT professional provides links to articles about AppLocker architecture and components, processes and interactions, rules and policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # How AppLocker works diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md index 6998942c9b..2472b7892c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md @@ -3,7 +3,7 @@ title: Import an AppLocker policy from another computer description: This article for IT professionals describes how to import an AppLocker policy. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Import an AppLocker policy from another computer diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md index cf00b805b3..039d978649 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md @@ -3,7 +3,7 @@ title: Import an AppLocker policy into a GPO description: This article for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Import an AppLocker policy into a GPO diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md index 75f6df943a..a4926c5f73 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md @@ -3,7 +3,7 @@ title: Maintain AppLocker policies description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Maintain AppLocker policies diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md index f190ea35b7..b3e041a0f1 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md @@ -3,7 +3,7 @@ title: Manage packaged apps with AppLocker description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/20/2023 +ms.date: 09/11/2024 --- # Manage packaged apps with AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 5dcf968359..4df24222a0 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -3,7 +3,7 @@ title: Merge AppLocker policies by using Set-ApplockerPolicy description: This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Merge AppLocker policies by using Set-ApplockerPolicy diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md index 36686c2fea..324bef3248 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md @@ -3,7 +3,7 @@ title: Merge AppLocker policies manually description: This article for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Merge AppLocker policies manually diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md index 984bdf95d2..14b704afe3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md @@ -3,7 +3,7 @@ title: Monitor app usage with AppLocker description: This article for IT professionals describes how to monitor app usage when AppLocker policies are applied. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/19/2023 +ms.date: 09/11/2024 --- # Monitor app usage with AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md index 63277272b1..f160bda367 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md @@ -3,7 +3,7 @@ title: Optimize AppLocker performance description: This article for IT professionals describes how to optimize AppLocker policy enforcement. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Optimize AppLocker performance diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index d084a76681..7085567383 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -3,7 +3,7 @@ title: Packaged apps and packaged app installer rules in AppLocker description: This article explains the AppLocker rule collection for packaged app installers and packaged apps. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Packaged apps and packaged app installer rules in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md index 71910f46d2..51f30ea841 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md @@ -3,7 +3,7 @@ title: Plan for AppLocker policy management description: This article describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Plan for AppLocker policy management diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md index 4dcd7f89ab..5d2df1f250 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md @@ -3,7 +3,7 @@ title: Refresh an AppLocker policy description: This article for IT professionals describes the steps to force an update for an AppLocker policy. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Refresh an AppLocker policy diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md index eb55e89166..2caf917483 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md @@ -3,7 +3,7 @@ title: Requirements for deploying AppLocker policies description: This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Requirements for deploying AppLocker policies diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md index 3d5dcd1008..7bb94f1197 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md @@ -3,7 +3,7 @@ title: Requirements to use AppLocker description: This article for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Requirements to use AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md index ca9f4ae325..e4481ab2c7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md @@ -6,7 +6,7 @@ ms.collection: - must-keep ms.topic: conceptual ms.localizationpriority: medium -ms.date: 06/07/2024 +ms.date: 09/11/2024 --- # AppLocker rule collection extensions diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md index d4d62202c4..3108458c0f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md @@ -3,7 +3,7 @@ title: Run the Automatically Generate Rules wizard description: This article for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Run the Automatically Generate Rules wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md index 0343d4d644..bc342eba8b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md @@ -3,7 +3,7 @@ title: Script rules in AppLocker description: This article describes the file formats and available default rules for the script rule collection. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Script rules in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md index 0422c26a4d..6a11796ca7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md @@ -3,7 +3,7 @@ title: Security considerations for AppLocker description: This article for the IT professional describes the security considerations you need to address when implementing AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Security considerations for AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md index 6c5dde6cc8..8000ce41d4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md @@ -3,7 +3,7 @@ title: Select the types of rules to create description: This article lists resources you can use when selecting your application control policy rules by using AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Select the types of rules to create diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index 180145ef77..c7042db13e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -3,7 +3,7 @@ title: Test an AppLocker policy by using Test-AppLockerPolicy description: This article for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Test an AppLocker policy by using Test-AppLockerPolicy diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md index e47477a31a..00e03f5081 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md @@ -3,7 +3,7 @@ title: Test and update an AppLocker policy description: This article discusses the steps required to test an AppLocker policy prior to deployment. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Test and update an AppLocker policy diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md index 38354ddb98..5b1ed0083d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md @@ -3,7 +3,7 @@ title: Tools to use with AppLocker description: This article for the IT professional describes the tools available to create and administer AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Tools to use with AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md index 898b41da58..3cc00fdf6e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md @@ -3,7 +3,7 @@ title: Understand AppLocker policy design decisions description: Review some common considerations while you're planning to use AppLocker to deploy application control policies within a Windows environment. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Understand AppLocker policy design decisions diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index 86556f815e..89f62e0cb9 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -3,7 +3,7 @@ title: Understand AppLocker rules and enforcement setting inheritance in Group P description: This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Understand AppLocker rules and enforcement setting inheritance in Group Policy diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md index 3340e10f44..43e63220e5 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md @@ -3,7 +3,7 @@ title: Understand the AppLocker policy deployment process description: This planning and deployment article for the IT professional describes the process for using AppLocker when deploying application control policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Understand the AppLocker policy deployment process diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index bd84599f4e..86c795601f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -3,7 +3,7 @@ title: Understanding AppLocker allow and deny actions on rules description: This article explains the differences between allow and deny actions on AppLocker rules. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding AppLocker allow and deny actions on rules diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md index b70374af0f..67b52608e3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md @@ -3,7 +3,7 @@ title: Understanding AppLocker default rules description: This article for IT professional describes the set of rules that can be used to ensure that required Windows system files continue to run when the policy is applied. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding AppLocker default rules @@ -29,9 +29,9 @@ These permissions settings are applied to this folder for app compatibility. How | --- | --- | | [Executable rules in AppLocker](executable-rules-in-applocker.md) | This article describes the file formats and available default rules for the executable rule collection. | | [Windows Installer rules in AppLocker](windows-installer-rules-in-applocker.md) | This article describes the file formats and available default rules for the Windows Installer rule collection.| -| [Script rules in AppLocker](script-rules-in-applocker.md) | This article describes the file formats and available default rules for the script rule collection.| -| [DLL rules in AppLocker](dll-rules-in-applocker.md) | This article describes the file formats and available default rules for the DLL rule collection.| -| [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md) | This article explains the AppLocker rule collection for packaged app installers and packaged apps.| +| [Script rules in AppLocker](script-rules-in-applocker.md) | This article describes the file formats and available default rules for the script rule collection.| +| [DLL rules in AppLocker](dll-rules-in-applocker.md) | This article describes the file formats and available default rules for the DLL rule collection.| +| [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md) | This article explains the AppLocker rule collection for packaged app installers and packaged apps.| ## Related articles diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md index e97d2e0962..0d9b08e51c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md @@ -3,7 +3,7 @@ title: Understanding AppLocker rule behavior description: This article describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding AppLocker rule behavior diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md index bd418d4ce7..8ee9ed92d5 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md @@ -3,7 +3,7 @@ title: Understanding AppLocker rule collections description: This article explains the five different types of AppLocker rule collections used to enforce AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding AppLocker rule collections diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md index 2c4967a466..1bbbc6329c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md @@ -3,7 +3,7 @@ title: Understanding AppLocker rule condition types description: This article for the IT professional describes the three types of AppLocker rule conditions. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding AppLocker rule condition types diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md index 2df99102d0..b95fadae6e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md @@ -3,7 +3,7 @@ title: Understanding AppLocker rule exceptions description: This article describes the result of applying AppLocker rule exceptions to rule collections. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding AppLocker rule exceptions @@ -14,8 +14,8 @@ This article describes the result of applying AppLocker rule exceptions to rule You can apply AppLocker rules to individual users or a group of users. If you apply a rule to a group of users, the rule affects all users in that group. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset. -For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but doesn't allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception for the rule). -The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks. +For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but doesn't allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception for the rule). +The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor" and add %WINDIR%\regedit.exe as an allowed path. If you create a deny rule that blocks Registry Editor for all users, the deny rule overrides the second rule that allows the Helpdesk user group to run Registry Editor. ## Related articles diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 9937009a5e..b9460ff54a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -3,7 +3,7 @@ title: Understanding the file hash rule condition in AppLocker description: This article explains how to use the AppLocker file hash rule condition and its advantages and disadvantages. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding the file hash rule condition in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md index 2d1d4b9cae..4175eba0ef 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -3,7 +3,7 @@ title: Understanding the path rule condition in AppLocker description: This article explains how to apply the AppLocker path rule condition and its advantages and disadvantages. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding the path rule condition in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 171ef6e3f1..be3c3767d4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -3,7 +3,7 @@ title: Understanding the publisher rule condition in AppLocker description: This article explains how to apply the AppLocker publisher rule condition and what controls are available. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # Understanding the publisher rule condition in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 47b1b1388d..8bc76ea93a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -3,7 +3,7 @@ title: Use a reference device to create and maintain AppLocker policies description: This article for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/22/2023 +ms.date: 09/11/2024 --- # Use a reference device to create and maintain AppLocker policies diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md index 0678fb60b9..574c33a03b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -3,7 +3,7 @@ title: Use the AppLocker Windows PowerShell cmdlets description: This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/03/2024 +ms.date: 09/11/2024 --- # Use the AppLocker Windows PowerShell cmdlets diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md index 19b2256345..65fa1be015 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md @@ -3,7 +3,7 @@ title: Using Event Viewer with AppLocker description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md index 24f7f1e8c2..9fa362969d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md @@ -3,7 +3,7 @@ title: What Is AppLocker description: This article for the IT professional describes what AppLocker is. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/23/2023 +ms.date: 09/11/2024 --- # What Is AppLocker? diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md index e64e6e97ff..cfc1ce02c6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md @@ -3,7 +3,7 @@ title: Windows Installer rules in AppLocker description: This article describes the file formats and available default rules for the Windows Installer rule collection. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/24/2023 +ms.date: 09/11/2024 --- # Windows Installer rules in AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md index 189d8f1654..2a7f5153ec 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md @@ -3,7 +3,7 @@ title: Working with AppLocker policies description: This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/21/2023 +ms.date: 09/11/2024 --- # Working with AppLocker policies diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md index e06ef57ede..c827358a61 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md @@ -3,7 +3,7 @@ title: Working with AppLocker rules description: This article for IT professionals describes AppLocker rule types and how to work with them for your application control policies. ms.localizationpriority: medium msauthor: jsuther -ms.date: 12/21/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index 51bff6035e..ef04dc6447 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -2,7 +2,7 @@ title: Deploying App Control for Business policies description: Learn how to plan and implement an App Control deployment. ms.localizationpriority: medium -ms.date: 01/23/2023 +ms.date: 09/11/2024 ms.topic: overview --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md index ab70616836..d6a2075e5c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md @@ -2,7 +2,7 @@ title: Use audit events to create App Control policy rules description: Audits allow admins to discover apps, binaries, and scripts that should be added to the App Control policy. ms.localizationpriority: medium -ms.date: 05/03/2018 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md index e69da9c3d9..6da9a96b92 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md @@ -3,7 +3,7 @@ title: Create a code signing cert for App Control for Business description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or App Control policies internally. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 12/01/2022 +ms.date: 09/11/2024 --- # Optional: Create a code signing cert for App Control for Business diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md index 5da05ac029..885c8d0203 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md @@ -2,7 +2,7 @@ title: Deploy App Control policies via Group Policy description: App Control for Business policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. ms.localizationpriority: medium -ms.date: 01/23/2023 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md index 033199a9d7..472b039866 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md @@ -2,7 +2,7 @@ title: Deploy App Control policies using Mobile Device Management (MDM) description: You can use an MDM like Microsoft Intune to configure App Control for Business. Learn how with this step-by-step guide. ms.localizationpriority: medium -ms.date: 08/30/2023 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md index 9f0690159b..ae36e1b394 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md @@ -1,7 +1,7 @@ --- title: Deploy App Control for Business policies with Configuration Manager description: You can use Microsoft Configuration Manager to configure App Control for Business. Learn how with this step-by-step guide. -ms.date: 06/27/2022 +ms.date: 09/11/2024 ms.topic: how-to ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md index af79b9bdae..369252b993 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md @@ -2,7 +2,7 @@ title: Deploy App Control for Business policies using script description: Use scripts to deploy App Control for Business policies. Learn how with this step-by-step guide. ms.manager: jsuther -ms.date: 01/23/2023 +ms.date: 09/11/2024 ms.topic: how-to ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md index 720bd02496..2c21e89039 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md @@ -3,7 +3,7 @@ title: Deploy catalog files to support App Control for Business description: Catalog files simplify running unsigned applications in the presence of an App Control for Business policy. ms.localizationpriority: medium ms.topic: how-to -ms.date: 11/30/2022 +ms.date: 09/11/2024 --- # Deploy catalog files to support App Control for Business diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md index f1854c5256..a3add21030 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md @@ -2,7 +2,7 @@ title: Remove App Control for Business policies description: Learn how to disable both signed and unsigned App Control for Business policies, within Windows and within the BIOS. ms.localizationpriority: medium -ms.date: 11/04/2022 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md index 366e667360..2cdc475a62 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md @@ -2,7 +2,7 @@ title: Enforce App Control for Business policies description: Learn how to switch an App Control policy from audit to enforced mode. ms.manager: jsuther -ms.date: 04/22/2021 +ms.date: 09/11/2024 ms.topic: how-to ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md index 9b5a212b93..e17a4dfdd6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md @@ -2,7 +2,7 @@ title: Merge App Control for Business policies (App Control) description: Learn how to merge App Control policies as part of your policy lifecycle management. ms.manager: jsuther -ms.date: 04/22/2021 +ms.date: 09/11/2024 ms.topic: how-to ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md index 3ecb62b9ab..69735b11bd 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md @@ -3,7 +3,7 @@ title: Use code signing for added control and protection with App Control description: Code signing can be used to better control Win32 app authorization and add protection for your App Control for Business policies. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 11/29/2022 +ms.date: 09/11/2024 --- # Use code signing for added control and protection with App Control for Business diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md index 2efbc6006f..6aa667b28a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md @@ -3,7 +3,7 @@ title: Use signed policies to protect App Control for Business against tampering description: Signed App Control for Business policies give organizations the highest level of malware protection available in Windows 10 and Windows 11. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 11/04/2022 +ms.date: 09/11/2024 --- # Use signed policies to protect App Control for Business against tampering diff --git a/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md index 5486c2f261..7968a8fb46 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md @@ -2,7 +2,7 @@ title: Allow COM object registration in an App Control policy description: You can allow COM object registration in an App Control for Business policy. ms.localizationpriority: medium -ms.date: 04/05/2023 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md index 09dddfe111..e1c1d02183 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md @@ -2,7 +2,7 @@ title: App Control for Business and .NET description: Understand how App Control and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime. ms.localizationpriority: medium -ms.date: 11/22/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md index 3df4fc4c5e..c0f8a3ac86 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md @@ -3,7 +3,7 @@ title: App Control for Business design guide description: Microsoft App Control for Business allows organizations to control what apps and drivers will run on their managed Windows devices. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 02/20/2018 +ms.date: 09/11/2024 --- # App Control for Business design guide diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md index 4af4a5ead2..047765f59e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md @@ -3,7 +3,7 @@ title: App Control for Business Wizard Base Policy Creation description: Creating new base application control policies with the Microsoft Windows Defender Application (App Control) Wizard. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 06/07/2023 +ms.date: 09/11/2024 --- # Creating a new Base Policy with the Wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md index a69d5828bc..c9c5d9e5dd 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md @@ -3,7 +3,7 @@ title: App Control for Business Wizard Supplemental Policy Creation description: Creating supplemental application control policies with the App Control Wizard. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 06/07/2023 +ms.date: 09/11/2024 --- # Creating a new Supplemental Policy with the Wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 3888dad4ef..0386faab8c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -3,7 +3,7 @@ title: Editing App Control for Business Policies with the Wizard description: Editing existing base and supplemental policies with the Microsoft App Control Wizard. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 10/14/2020 +ms.date: 09/11/2024 --- # Editing existing base and supplemental App Control policies with the Wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md index 2c281f890c..552575d966 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md @@ -3,7 +3,7 @@ title: App Control for Business Wizard Policy Merging Operation description: Merging multiple policies into a single application control policy with the Microsoft App Control Wizard. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 10/14/2020 +ms.date: 09/11/2024 --- # Merging existing policies with the App Control Wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md index 9c845bb9be..c2cfced0cc 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md @@ -3,7 +3,7 @@ title: App Control for Business Wizard App Control Event Parsing description: Creating App Control policy rules from the App Control event logs and the MDE Advanced Hunting App Control events. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 01/24/2024 +ms.date: 09/11/2024 --- # Creating App Control Policy Rules from App Control Events in the Wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md index 9ec3be4ab8..98e2dce79c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md @@ -3,7 +3,7 @@ title: App Control for Business Wizard description: The App Control for Business policy wizard tool allows you to create, edit, and merge application control policies in a simple to use Windows application. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 05/24/2022 +ms.date: 09/11/2024 --- # App Control for Business Wizard diff --git a/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md index c90ba96a33..4c1fa978de 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md @@ -2,7 +2,7 @@ title: Applications that can bypass App Control and how to block them description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community. ms.localizationpriority: medium -ms.date: 06/14/2023 +ms.date: 09/11/2024 ms.topic: reference --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md index 5e3b54177c..47518989bc 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md @@ -2,7 +2,7 @@ title: Policy creation for common App Control usage scenarios description: Develop a plan for deploying App Control for Business in your organization based on these common scenarios. ms.localizationpriority: medium -ms.date: 04/05/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md index 6bd9d7af32..481ca558a2 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -2,7 +2,7 @@ title: Allow apps deployed with an App Control managed installer description: Explains how to configure a custom Managed Installer. ms.localizationpriority: medium -ms.date: 02/02/2023 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md index 7c79a41b6f..0e52f30f3d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md @@ -2,7 +2,7 @@ title: Create App Control Deny Policy description: Explains how to create App Control deny policies ms.localizationpriority: medium -ms.date: 12/31/2017 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md index a84c66065c..7d072cd15c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md @@ -3,7 +3,7 @@ title: Create an App Control policy for fully managed devices description: App Control for Business restricts which applications users are allowed to run and the code that runs in system core. ms.topic: conceptual ms.localizationpriority: medium -ms.date: 11/07/2022 +ms.date: 09/11/2024 --- # Create an App Control policy for fully managed devices diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md index 6b2cfab15e..462985011f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md @@ -3,7 +3,7 @@ title: Create an App Control policy for lightly managed devices description: App Control for Business restricts which applications users are allowed to run and the code that runs in the system core. ms.topic: conceptual ms.localizationpriority: medium -ms.date: 11/07/2022 +ms.date: 09/11/2024 --- # Create an App Control policy for lightly managed devices diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md index 3815ec47a9..aabf7e392f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md @@ -2,7 +2,7 @@ title: Create an App Control policy using a reference computer description: To create an App Control for Business policy that allows all code installed on a reference computer within your organization, follow this guide. ms.localizationpriority: medium -ms.date: 08/08/2022 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md index c1b95fc42b..add9351935 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md @@ -2,7 +2,7 @@ title: Use multiple App Control for Business Policies description: App Control for Business supports multiple code integrity policies for one device. ms.localizationpriority: medium -ms.date: 04/15/2024 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md index 03de231471..02073ebcb4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md @@ -3,7 +3,7 @@ title: Example App Control for Business base policies description: When creating an App Control for Business policy for an organization, start from one of the many available example base policies. ms.topic: reference ms.localizationpriority: medium -ms.date: 03/31/2023 +ms.date: 09/11/2024 --- # App Control for Business example base policies diff --git a/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md index 593f045ea8..c9bf48a7fe 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md @@ -2,7 +2,7 @@ title: Manage packaged apps with App Control description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single App Control for Business rule. ms.localizationpriority: medium -ms.date: 03/01/2023 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md index 1c8766bfd6..3ce08b2022 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md @@ -5,7 +5,7 @@ ms.localizationpriority: medium ms.collection: - tier3 - must-keep -ms.date: 01/24/2024 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md index cf4398b09c..80d643ea68 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md @@ -2,7 +2,7 @@ title: Plan for App Control policy management description: Learn about the decisions you need to make to establish the processes for managing and maintaining App Control for Business policies. ms.localizationpriority: medium -ms.date: 11/22/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md index 3dd1c5baa0..69698bb2b3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md @@ -2,7 +2,7 @@ title: Understand App Control script enforcement description: App Control script enforcement ms.manager: jsuther -ms.date: 05/26/2023 +ms.date: 09/11/2024 ms.topic: conceptual ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md index 035315a1ce..8cdfe418ba 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md @@ -2,7 +2,7 @@ title: Understand App Control for Business policy rules and file rules description: Learn how App Control policy rules and file rules can control your Windows 10 and Windows 11 computers. ms.localizationpriority: medium -ms.date: 11/22/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md index 78f52e5bb8..823efa79de 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md @@ -2,7 +2,7 @@ title: Understand App Control for Business policy design decisions description: Understand App Control for Business policy design decisions. ms.localizationpriority: medium -ms.date: 02/08/2018 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md b/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md index 7bed54d0b5..995deda446 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md @@ -2,7 +2,7 @@ title: Understanding App Control for Business secure settings description: Learn about secure settings in App Control for Business. ms.localizationpriority: medium -ms.date: 04/05/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md index fe19d14ddd..d6fdc8e670 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -2,7 +2,7 @@ title: Use an App Control for Business policy to control specific plug-ins, add-ins, and modules description: App Control policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps. ms.localizationpriority: medium -ms.date: 11/02/2022 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md index c45e0e913c..a7acc2735e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md @@ -2,7 +2,7 @@ title: Authorize reputable apps with the Intelligent Security Graph (ISG) description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation. ms.localizationpriority: medium -ms.date: 12/31/2017 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/feature-availability.md b/windows/security/application-security/application-control/app-control-for-business/feature-availability.md index 08ac47628e..378c52a9d2 100644 --- a/windows/security/application-security/application-control/app-control-for-business/feature-availability.md +++ b/windows/security/application-security/application-control/app-control-for-business/feature-availability.md @@ -2,7 +2,7 @@ title: App Control for Business feature availability description: Compare App Control for Business and AppLocker feature availability. ms.localizationpriority: medium -ms.date: 12/21/2023 +ms.date: 09/11/2024 ms.topic: overview --- diff --git a/windows/security/application-security/application-control/app-control-for-business/index.yml b/windows/security/application-security/application-control/app-control-for-business/index.yml index 2d6724de01..c9c90173d3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/index.yml +++ b/windows/security/application-security/application-control/app-control-for-business/index.yml @@ -8,7 +8,7 @@ metadata: author: vinaypamnani-msft ms.author: vinpa manager: aaroncz - ms.date: 08/14/2024 + ms.date: 09/11/2024 # linkListType: overview | how-to-guide | tutorial | video landingContent: # Cards and links should be based on top customer tasks or top subjects diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md index 9ae6380b95..d83c66d961 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md @@ -2,7 +2,7 @@ title: App Control debugging and troubleshooting guide description: Learn how to debug and troubleshoot app and script failures when using App Control ms.topic: how-to -ms.date: 04/06/2023 +ms.date: 09/11/2024 --- # App Control debugging and troubleshooting diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md index 66174cd4c2..15621fd0ff 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md @@ -2,7 +2,7 @@ title: Managing and troubleshooting App Control for Business policies description: Gather information about how your deployed App Control for Business policies are behaving. ms.localizationpriority: medium -ms.date: 03/30/2023 +ms.date: 09/11/2024 ms.topic: how-to --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md index 745b3775b8..d5dba038d4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md @@ -2,7 +2,7 @@ title: Managing CI policies and tokens with CiTool description: Learn how to use policy commands, token commands, and miscellaneous commands in CiTool ms.topic: reference -ms.date: 10/02/2023 +ms.date: 09/11/2024 appliesto: - ✅ Windows 11 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md index 617f88803b..05c8f6b852 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md @@ -2,7 +2,7 @@ title: Managed installer and ISG technical reference and troubleshooting guide description: A technical reference and troubleshooting guide for managed installer and Intelligent Security Graph (ISG). ms.localizationpriority: medium -ms.date: 11/11/2022 +ms.date: 09/11/2024 ms.topic: troubleshooting --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md index adc243adbd..862bf39d1a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md @@ -2,7 +2,7 @@ title: Understanding Application Control event IDs description: Learn what different App Control for Business event IDs signify. ms.localizationpriority: medium -ms.date: 03/24/2023 +ms.date: 09/11/2024 ms.topic: reference --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md index 53f32d71c1..42552c1b23 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md @@ -2,7 +2,7 @@ title: Understanding Application Control event tags description: Learn what different App Control for Business event tags signify. ms.localizationpriority: medium -ms.date: 05/09/2023 +ms.date: 09/11/2024 ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md index b1d1e72d45..b1a415cde3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md @@ -2,7 +2,7 @@ title: Inbox App Control policies description: This article describes the inbox App Control policies that may be active on a device. ms.manager: jsuther -ms.date: 03/10/2023 +ms.date: 09/11/2024 ms.topic: conceptual ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md index fc5418764b..5288f40a3e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md @@ -2,7 +2,7 @@ title: App Control Admin Tips & Known Issues description: App Control Known Issues ms.manager: jsuther -ms.date: 04/15/2024 +ms.date: 09/11/2024 ms.topic: troubleshooting ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md index a04cd4595e..a60c584ba9 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md @@ -2,7 +2,7 @@ title: Query Application Control events with Advanced Hunting description: Learn how to query App Control for Business events across your entire organization by using Advanced Hunting. ms.localizationpriority: medium -ms.date: 03/01/2022 +ms.date: 09/11/2024 ms.topic: troubleshooting --- From f98a26512db46dd50bef47d173a96df0f335aced Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 11 Sep 2024 14:23:49 -0700 Subject: [PATCH 050/164] edits --- .../whats-new-windows-11-version-24h2.md | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 2012837a48..ed3102ad88 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -27,24 +27,24 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have a recent monthly security update installed. Many of the new features are already enabled on Windows 11, version 23H2 clients. -Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [PLACEHOLDER- How to get the Windows 11, version 24H2 update](https://blogs.windows.com/windowsexperience/?p=178531). Review the [PLACEHOLDER- Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). +Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update]( https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/). - + + + ## Checkpoint cumulative updates Microsoft is introducing checkpoint cumulative updates, a new servicing model that enables devices running Windows 11, version 24H2 or later to save time, bandwidth and hard drive space when getting features and security enhancements via the latest cumulative update. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update. @@ -64,8 +64,9 @@ Some of the features were released within the past year's continuous innovation ### Local Security Authority (LSA) protection enablement on upgrade -[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with on upgrade, an audit occurs for incompatibilities with LSA protection for a period of time. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the Device Security > Core Isolation page. LSA protection records whether programs are blocked from loading into LSA in the event log. If you would like to check if something has been blocked, information on the logs recorded is available here:/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load +[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with this upgrade, an audit occurs for incompatibilities with LSA protection for a period of time. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. I n the event log, LSA protection records whether programs are blocked from loading into LSA. If you would like to check if something was blocked, review the [logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load). + ### Remote Mailslot protocol disabled by default [Remote Mailslot protocol](/openspecs/windows_protocols/ms-mail/47ac910f-1dec-4791-8486-9b3e8fd542da) was [deprecated](deprecated-features.md#deprecated-features) in November 2023 and is now disabled by default starting in Windows 11, version 24H2. For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots). @@ -105,10 +106,13 @@ Windows protected print mode enables devices to print using only the Windows mod - Go to **Settings** > **Bluetooth & Devices** > **Printers & scanners**, then choose **Setup** under **Windows protected print mode** - Enable the **Configure Windows protected print** policy in Group Policy under **Computer Configuration** > **Administrative Templates** > **Printers** +### App Control for Business + +Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital estate from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol). ### Wi-Fi 7 support -Support for Wi-Fi 7 was added when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/discover-wi-fi/wi-fi-7). +Support for Wi-Fi 7 was added when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-7). ## Sudo for Windows From 64a1333ad507c1e4c5e1ec2832337057a5e1cf05 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 11 Sep 2024 16:02:28 -0700 Subject: [PATCH 051/164] copilot+ --- .../whats-new-windows-11-version-24h2.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index ed3102ad88..e588bb2c6b 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -44,13 +44,21 @@ There aren't any features under temporary enterprise control between Windows 11, --> - ## Checkpoint cumulative updates Microsoft is introducing checkpoint cumulative updates, a new servicing model that enables devices running Windows 11, version 24H2 or later to save time, bandwidth and hard drive space when getting features and security enhancements via the latest cumulative update. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update. With checkpoint cumulative updates, the update file level differentials are based on a previous cumulative update instead of the RTM release. Cumulative updates that serve as a checkpoint will be released periodically. Using a checkpoint rather than RTM means the subsequent update packages are smaller, which makes downloads and installations faster. Using a checkpoint also means that in order for a device to install the latest cumulative update, the installation of a prerequisite cumulative update might be required. For more information about checkpoint cumulative updates, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). +## Features exclusive to Copilot+ PCs in 24H2 + +Copilot+ PCs are a new class of Windows 11 AI PCs that are powered by a neural processing unit (NPU) that can perform more than 40 trillion operations per second (TOPS). The following features are exclusive to Copilot+ PCs in Windows 11, version 24H2: + +- Live Captions allow you to translate audio and video content into English subtitles from 44 languages. For more information, see [Use live captions to better understand audio](https://support.microsoft.com/topic/b52da59c-14b8-4031-aeeb-f6a47e6055df). +- Windows Studio Effects is the collective name of AI-powered video call and audio effects that are available on Copilot+ PCs and select Windows 11 devices with compatible NPUs. Windows Studio Effects automatically improves lighting and cancels noises during video calls. For more information, see [Windows Studio Effects](https://support.microsoft.com/topic/273c1fa8-2b3f-41b1-a587-7cc7a24b62d8). +- Cocreator in Paint allows you to create amazing artwork with the help of AI. Enter a text prompt, start drawing in Paint, and Cocreator will generate artwork based on what you're drawing. For more information, see [Cocreator in Paint](https://support.microsoft.com/topic/53857513-e36c-472d-8d4a-adbcd14b2e54) +- Auto super resolution (Auto SR) seamlessly integrates with Windows to automatically enhance the frame rates of existing games in real-time while also providing detailed visuals on screen. For more information, see [Automatic Super Resolution](https://support.microsoft.com/topic/5d6d95fa-cc02-4673-b62c-2c50f06385aa). +- Image Creator and Restyle Image in the Microsoft Photos app lets you reimagine your photos or create new images with the assistance of AI. For more information, see [Microsoft Photos Restyle Image and Image Creator](https://support.microsoft.com/topic/6c352e99-d954-49c9-84cd-b7cacd018868). ## Features added to Windows 11 since version 23H2 @@ -64,7 +72,7 @@ Some of the features were released within the past year's continuous innovation ### Local Security Authority (LSA) protection enablement on upgrade -[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with this upgrade, an audit occurs for incompatibilities with LSA protection for a period of time. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. I n the event log, LSA protection records whether programs are blocked from loading into LSA. If you would like to check if something was blocked, review the [logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load). +[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with this upgrade, an audit occurs for incompatibilities with LSA protection for a period of time. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. I n the event log, LSA protection records whether programs are blocked from loading into LSA. If you would like to check if something was blocked, review the [logging](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load). ### Remote Mailslot protocol disabled by default @@ -114,7 +122,7 @@ Customers can now use App Control for Business (formerly called Windows Defender Support for Wi-Fi 7 was added when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-7). -## Sudo for Windows +### Sudo for Windows Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). @@ -130,7 +138,7 @@ Remote Desktop Connection has the following improvements: - Improvements to the connection bar design -## Bluetooth ® Low Energy Audio support +### Bluetooth ® Low Energy Audio support Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. @@ -144,10 +152,11 @@ Customers who use these assistive hearing devices are now able to directly pair, - Labels were added to the context menu icons for actions like copy, paste, delete, and rename - **OOBE improvement**: when you need to connect to a network and there's no Wi-Fi drivers, you're given an *Install drivers* option to install drivers that are already downloaded - **Registry Editor**: The Registry Editor supports limiting a search to the currently selected key and its descendants +- **Task Manager**: The Task Manager settings page has [Mica material](/windows/apps/design/style/mica) and a redesigned icon ## Features removed in Windows 11, version 24H2 -The following [deprecated features](deprecated-features.md) are removed in Windows 11, version 24H2: +The following [deprecated features](deprecated-features.md) are [removed](removed-features.md) in Windows 11, version 24H2: - **WordPad**: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. - **Alljoyn**: Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. From db8aacb428d4e9732c9b15448644c610dc17bb25 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 11 Sep 2024 18:06:46 -0700 Subject: [PATCH 052/164] Add missing event/field info --- ...iagnostic-events-fields-windows-11-24H2.md | 747 +++++++++--------- 1 file changed, 371 insertions(+), 376 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index c389f453e4..1bad0f3cde 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -283,31 +283,30 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreAdd -No content is currently available. +Represents the basic metadata about the interesting backed up applications to be restored on the system. This event describes whether the backed up applications are incompatible with upcoming Windows Feature updates. Microsoft uses this information to understand and address problems with computers receiving updates. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **AppraiserVersion** No content is currently available. -- **BackupLabel** No content is currently available. -- **CatalogSource** No content is currently available. -- **CreatePlaceholder** No content is currently available. -- **Name** No content is currently available. -- **ProgramId** No content is currently available. -- **SdbEntryGuid** No content is currently available. -- **SdbRestoreAction** No content is currently available. - +- **AppraiserVersion** The version of the appraiser file that is generating the events. +- **BackupLabel** Indicates compatibility information about the application found on the backup device. +- **CatalogSource** The type of application. +- **CreatePlaceholder** Represents the decision regarding if the application should be restored. +- **Name** Name of the application. +- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it. +- **SdbEntryGuid** Indicates the SDB entry that apply to this file. +- **SdbRestoreAction** NIndicates compatibility information about the application found on the backup device. ### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreStartSync -No content is currently available. +This event indicates that a new set of DatasourceBackupApplicationRestoreAdd events will be sent. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **AppraiserVersion** No content is currently available. +- **AppraiserVersion** The version of the appraiser binary generating the events. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove @@ -359,16 +358,16 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.RestoreContext -No content is currently available. +This event indicates the result of the restore appraisal. The following fields are available: -- **AppraiserBranch** No content is currently available. -- **AppraiserVersion** No content is currently available. -- **Context** No content is currently available. -- **PCFP** No content is currently available. -- **Result** No content is currently available. -- **Time** No content is currently available. +- **AppraiserBranch** The source branch in which the currently-running version of appraiser was built. +- **AppraiserVersion** The version of the appraiser binary generating the events. +- **Context** Indicates what mode appraiser is running in, this should be Restore. +- **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **Result** HRESULT indicating the result of the restore appraisal. +- **Time** The client time of the event. ### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntAdd @@ -408,18 +407,17 @@ The following fields are available: - **XboxLiveDeviceId** Retrieves the unique device ID of the console. - **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft. - ## Code Integrity events ### Microsoft.Windows.Security.CodeIntegrity.Driver.AggregatedBlock -No content is currently available. +AggregatedBlock is an event with non-PII details on drivers blocked by code integrity. Fires no more than once per 25 days per driver. The following fields are available: -- **CertificateInfo** No content is currently available. -- **DriverInfo** No content is currently available. -- **EventVersion** No content is currently available. +- **CertificateInfo** Non-PII details about the digital signature(s) and digital countersignatures on driver binary files which was blocked from loading. +- **DriverInfo** Non-PII details about the driver binary file and its digital signature(s) and digital countersignature. +- **EventVersion** The version of the schema used in the DriverInfo field. ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.AutoEnablementIsBlocked @@ -518,16 +516,16 @@ This event tracks when Defender turns off Smart App Control via the Cloud. ### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOffIgnored -No content is currently available. +This event indicates that a request to switch Smart App Control off by Defender from the cloud was ignored as the device was still within the grace period after OOBE. The following fields are available: -- **Count** No content is currently available. -- **CurrentTimeMax** No content is currently available. -- **CurrentTimeMin** No content is currently available. -- **NightsWatchDesktopIgnoreAutoOptOut** No content is currently available. -- **OOBECompleteTime** No content is currently available. -- **OOBESafetyTime** No content is currently available. +- **Count** Count of events in the aggregation window. +- **CurrentTimeMax** Time of latest event. +- **CurrentTimeMin** Time of first event. +- **NightsWatchDesktopIgnoreAutoOptOut** Value of NightsWatchDesktopIgnoreAutoOptOut in registry. +- **OOBECompleteTime** Value of OOBECompleteTime in registry. +- **OOBESafetyTime** Start of timer set by Smart App Control if OOBECompleteTime was not set. ### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWOff @@ -777,17 +775,16 @@ The following fields are available: ### CbsServicingProvider.CbsFodInventory -No content is currently available. +This event reports on the state of the current optional Windows content obtained from Windows Update. The following fields are available: -- **capabilities** No content is currently available. -- **initiatedOffline** No content is currently available. -- **stackBuild** No content is currently available. -- **stackMajorVersion** No content is currently available. -- **stackMinorVersion** No content is currently available. -- **stackRevision** No content is currently available. - +- **capabilities** A bitmask with each position indicating if each type of optional Windows content is currently enabled. +- **initiatedOffline** A true or false value indicating if the inventory describes an offline WIM file. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. ### CbsServicingProvider.CbsLateAcquisition @@ -823,15 +820,15 @@ The following fields are available: ### CbsServicingProvider.CbsPostponedReserveInstallDecision -No content is currently available. +This event reports on the scheduling of installs for Windows cumulative security updates. The following fields are available: -- **hardReserveSize** No content is currently available. -- **hardReserveUsedSpace** No content is currently available. -- **postponed** No content is currently available. -- **userFreeSpace** No content is currently available. -- **usingReserves** No content is currently available. +- **hardReserveSize** The size of the disk space reserve used to update Windows OS content. +- **hardReserveUsedSpace** The disk space currently in use in the reserve used to update Windows OS content. +- **postponed** A boolean indicating if updating processing has been delayed to shutdown due to low disk space. +- **userFreeSpace** The amount of free disk space available on the OS volume. +- **usingReserves** A boolean indicating whether disk space reserves are being used to install the update. ### CbsServicingProvider.CbsQualityUpdateInstall @@ -1074,24 +1071,24 @@ The following fields are available: ### DxgKrnlTelemetry.GPUStartAdapter -No content is currently available. +This event records information about an attempt to start a graphics adapter. The following fields are available: -- **DDIInterfaceVersion** No content is currently available. -- **DriverDate** No content is currently available. -- **DriverRank** No content is currently available. -- **DriverVersion** No content is currently available. -- **FailureReason** No content is currently available. -- **GPUDeviceID** No content is currently available. -- **GPURevisionID** No content is currently available. -- **GPUVendorID** No content is currently available. -- **IsSoftwareDevice** No content is currently available. -- **StartAdapterFailedSequenceId** No content is currently available. -- **Status** No content is currently available. -- **SubSystemID** No content is currently available. -- **SubVendorID** No content is currently available. -- **version** No content is currently available. +- **DDIInterfaceVersion** Version of the display driver interface (DDI). +- **DriverDate** Date of the display driver. +- **DriverRank** Rank for the display driver. +- **DriverVersion** Version of the display driver. +- **FailureReason** Numeric value indicating the stage in which the startup attempt failed. +- **GPUDeviceID** Device identifier for the graphics adapter. +- **GPURevisionID** Revision identifier for the graphics adapter. +- **GPUVendorID** Vendor identifier for the graphics adapter. +- **IsSoftwareDevice** Boolean value indicating whether the graphics adapter is implemented in software only. +- **StartAdapterFailedSequenceId** Numeric value indicating the graphics adapter startup attempt count. +- **Status** Numeric value indicating the status of the graphics adapter startup attempt. +- **SubSystemID** Subsystem identifier for the graphics adapter. +- **SubVendorID** Subsystem vendor identifier for the graphics identifier. +- **version** Version of the schema for the event. ## Failover Clustering events @@ -1441,13 +1438,13 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryApplicationKbStartSync -No content is currently available. +This event represents the basic metadata about an application updates (KBs) installed on the system. This event is used to understand the applications on a machine to determine if there will be compatibility issues when upgrading Windows. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **InventoryVersion** No content is currently available. +- **InventoryVersion** The version of the inventory components. ### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove @@ -1750,12 +1747,12 @@ The following fields are available: ### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.PingXml -No content is currently available. +The PingXml event sends detailed information pertaining to a specific instance of an update process in MicrosoftEdgeUpdate. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. Each PingXml event can contain update logs from multiple different applications, and each application node in the XML payload can contain multiple different ping events. This event is sent whenever an update process occurs in the MicrosoftEdgeUpdate, regardless of the exit status. This event is used to track the reliability and performance of the MicrosoftEdgeUpdate process. The payload of this event is defined in the protocol definition header file. The following fields are available: -- **EventInfo.Level** No content is currently available. -- **Xml** No content is currently available. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **Xml** XML-encoded string representing the request payload of the ping event. The request payload includes data and metadata for four nodes: the request itself, the hardware of the device, the OS of the device, and each updated application. Each application node includes additional nodes for individual ping events. ## Migration events @@ -1874,12 +1871,12 @@ The following fields are available: ### Microsoft.Windows.Analog.HolographicDriverClient.TelemetryUserPresenceChanged -No content is currently available. +This event sends data indicating the state detected by user presence sensor. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **correlationGuid** No content is currently available. -- **isPresent** No content is currently available. +- **correlationGuid** Unique correlation Guid Id. +- **isPresent** State detected by user presence sensor. ### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered @@ -1909,57 +1906,57 @@ The following fields are available: ### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeyFinalize -No content is currently available. +This event traces Windows Hello key creation finalize. + The following fields are available: -- **accountType** No content is currently available. -- **cacheType** No content is currently available. -- **finalizeStatus** No content is currently available. -- **gestureRequired** No content is currently available. -- **isIsoContainer** No content is currently available. -- **isVsm** No content is currently available. -- **keyAccountId** No content is currently available. -- **keyAlgId** No content is currently available. -- **keyDomain** No content is currently available. -- **keyImplType** No content is currently available. -- **keyTenant** No content is currently available. -- **keyType** No content is currently available. -- **signStatus** No content is currently available. -- **silentByCaller** No content is currently available. -- **silentByProperty** No content is currently available. +- **accountType** The account type of the user. +- **cacheType** The cache type of the key. +- **finalizeStatus** Returned status code after the finalize operation. +- **gestureRequired** The operation requires a gesture. +- **isIsoContainer** Indicates if it's using IsoContainer. +- **isVsm** Indicates if Container is in Vsm. +- **keyAccountId** Key account ID. +- **keyAlgId** Key Algorithm ID. +- **keyDomain** Key domain name. +- **keyImplType** Key implementation type. +- **keyTenant** Key tenant name. +- **keyType** Key type. +- **signStatus** Returned status code after the finalize operation. +- **silentByCaller** Indicates whether the caller wanted to finalize silently. +- **silentByProperty** Indicates whether the key property specified to finalize silently. ### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeySignHash -No content is currently available. +This events traces Windows Hello key signing details. The following fields are available: -- **accountType** No content is currently available. -- **cacheType** No content is currently available. -- **callerCmdLine** No content is currently available. -- **didPrompt** No content is currently available. -- **gestureRequired** No content is currently available. -- **isCacheWithTimedCounterEnabled** No content is currently available. -- **isCallerProcessQueryLimited** No content is currently available. -- **isUnlockTimeSet** No content is currently available. -- **keyAccountId** No content is currently available. -- **keyDomain** No content is currently available. -- **keyImplType** No content is currently available. -- **keyTenant** No content is currently available. -- **keyType** No content is currently available. -- **numSignatures** No content is currently available. -- **persistedInPinCache** No content is currently available. -- **protectionLevel** No content is currently available. -- **sessionGuid** No content is currently available. -- **signStatus** No content is currently available. -- **silentByCaller** No content is currently available. -- **silentByProperty** No content is currently available. -- **timeSinceUnlockMs** No content is currently available. -- **usedPinCache** No content is currently available. -- **validTicket** No content is currently available. - +- **accountType** The account type of the user. +- **cacheType** The cache type of the key. +- **callerCmdLine** Caller process command line string. +- **didPrompt** Whether a UI prompt was triggered. +- **gestureRequired** The operation requires a gesture. +- **isCacheWithTimedCounterEnabled** New caching mechanism is enabled. +- **isCallerProcessQueryLimited** Indicates if caller process failed to be opened with PROCESS_VM_READ privilege. +- **isUnlockTimeSet** We have a valid unlock time to use. +- **keyAccountId** Hashed key account ID. +- **keyDomain** Hashed key domain name. +- **keyImplType** The implementation type of the key. +- **keyTenant** Hashed key tenant name. +- **keyType** Key type. +- **numSignatures** Number of signatures made since logon or unlock. +- **persistedInPinCache** The PIN was persisted in the cache. +- **protectionLevel** Specifies whether the caller process is a PPL and at what level. +- **sessionGuid** Unique identifier for the current user session. +- **signStatus** Returned status code after the sign operation. +- **silentByCaller** Indicates whether the caller wanted to sign silently. +- **silentByProperty** Indicates whether the key property specified to sign silently. +- **timeSinceUnlockMs** Time since logon or unlock in milliseconds. +- **usedPinCache** The PIN cache was used to attempt to sign. +- **validTicket** The provided ticket does not match the default or invalid auth ticket. ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateFailed @@ -1989,70 +1986,70 @@ The following fields are available: ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateSucceeded -No content is currently available. +This event indicates if the Secure Boot Update succeded. The following fields are available: -- **Action** No content is currently available. -- **IsRebootRequiredBeforeUpdate** No content is currently available. -- **IsResealNeeded** No content is currently available. -- **RevokedBootmanager** No content is currently available. -- **SecureBootUpdateCaller** No content is currently available. -- **UpdateType** No content is currently available. -- **WillResealSucceed** No content is currently available. +- **Action** Indicates the stage for success. +- **IsRebootRequiredBeforeUpdate** Indicates if reboot is required for before re-attempting the update. +- **IsResealNeeded** Indicates if Bitlocker reseal is needed. +- **RevokedBootmanager** Indicates if there is a revoked bootmgr on the machine. +- **SecureBootUpdateCaller** Info about the caller of the update. +- **UpdateType** VariableMask like DB, DBX. +- **WillResealSucceed** Inform if reseal will succeed. ### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateCompleted -No content is currently available. +This event logs when the installer completes Secureboot update. The following fields are available: -- **Action** No content is currently available. -- **hr** No content is currently available. -- **IsResealNeeded** No content is currently available. -- **sbServicingFailureReason** No content is currently available. -- **SecureBootUpdateCaller** No content is currently available. -- **UpdateType** No content is currently available. -- **WillResealSucceed** No content is currently available. +- **Action** String that tells us the failure stage if any. +- **hr** error code. +- **IsResealNeeded** Is bitlocker reseal was needed on this machine. +- **sbServicingFailureReason** Enum containing failure details. +- **SecureBootUpdateCaller** Caller of the upate like Secureboot AI, tpmtask or dbupdater. +- **UpdateType** Update type DB or DBX. +- **WillResealSucceed** If bitlocker reseal will succeed on this machine. ### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateStarted -No content is currently available. +This events logs when Secureboot updating containing DB/DBX payload starts. The following fields are available: -- **SecureBootUpdateCaller** No content is currently available. -- **UpdateType** No content is currently available. +- **SecureBootUpdateCaller** Caller of the update like Secureboot AI, TPMTask or DBUpdater. +- **UpdateType** Update type like DB or DBX. ### Microsoft.Windows.Security.SBServicingCore.SBServicingCoreFunctionFailed -No content is currently available. +This events logs when some core function of Secureboot AI fails. The following fields are available: -- **Action** No content is currently available. -- **Function** No content is currently available. -- **hr** No content is currently available. +- **Action** stage at which the failure occured. +- **Function** name of the function where the failure occured. +- **hr** error code. ### Microsoft.Windows.Shell.CortanaSearch.WebView2ProcessFailed -No content is currently available. +This event tracks if the WebView2 process failed. The following fields are available: -- **ExitCode** No content is currently available. -- **ProcessFailedKind** No content is currently available. -- **Reason** No content is currently available. -- **SessionId** No content is currently available. +- **ExitCode** WebView2 exit code. +- **ProcessFailedKind** WebView2 process failure kind. +- **Reason** WebView2 process failure reason. +- **SessionId** WebView2 sessionId. ### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.GetUserAccountState -No content is currently available. +This event keeps track of if the user's account is in a good state upon loading the Settings Accounts L1 page. The following fields are available: @@ -2072,11 +2069,11 @@ The following fields are available: ### Microsoft.Windows.WinRE.Agent.CreateWinRePartitionFailed -No content is currently available. +This event emits failure of the Creation of the WinRE partition operation. The following fields are available: -- **ErrorCode** No content is currently available. +- **ErrorCode** Error code. ### Microsoft.Windows.WinRE.Agent.ExtendOsPartitionSucceed @@ -2084,14 +2081,13 @@ The following fields are available: This event emits success for the extending OS Partition operation. - ### Microsoft.Windows.WinRE.Agent.ShrinkOsPartitionFailed -No content is currently available. +This event captures OS partition shrink operation failures during the WinRE servicing. The following fields are available: -- **HRESULT** No content is currently available. +- **HRESULT** Error code. ### Microsoft.Windows.WinRE.Agent.WinreFormatPartition @@ -2576,52 +2572,52 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.BeginAcquireLicense -No content is currently available. +During App Installs and updates, a license is acquired to ensure the app/machine has an entitlement to the app. The following fields are available: -- **AggregatedPackageFullNames** No content is currently available. -- **AttemptNumber** The retry count for the install item. -- **BundleId** The Item bundle id. -- **CategoryId** The Item category Id. +- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. - **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). -- **IsBundle** No content is currently available. -- **IsInteractive** Was this call a result of user interaction. -- **IsMandatory** No content is currently available. -- **IsRemediation** Was the item a repair. -- **IsRestore** No content is currently available. -- **IsUpdate** Is it an update. -- **ParentBundleId** No content is currently available. -- **PFN** The Product Full Name. -- **ProductId** The Product Id. -- **SystemAttemptNumber** No content is currently available. -- **UserAttemptNumber** No content is currently available. -- **WUContentId** No content is currently available. +- **IsBundle** The identity of the app that initiated this operation. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The Product ID of the parent if this product is part of a bundle. +- **PFN** Product Family Name of this product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install before cancellation. +- **UserAttemptNumber** Total number of user attempts to install before cancellation. +- **WUContentId** Licensing identity of this package. ### Microsoft.Windows.StoreAgent.Telemetry.BeginDownload -No content is currently available. +This event is fired during the app update or install process when actual bits are being downloaded, this particular event is fired at the beginning of the process to indicate a state change to "Downloading". StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps. The following fields are available: -- **AggregatedPackageFullNames** No content is currently available. -- **AttemptNumber** Number of retry attempts before it was cancelled. -- **BundleId** The Item bundle id. -- **CategoryId** The Item category Id. -- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). -- **IsBundle** No content is currently available. -- **IsInteractive** Was this call a result of user interaction. -- **IsMandatory** No content is currently available. -- **IsRemediation** Was the item a repair. -- **IsRestore** No content is currently available. -- **IsUpdate** Is it an update. -- **ParentBundleId** No content is currently available. -- **PFN** The Product Full Name. -- **ProductId** The Product Id. -- **SystemAttemptNumber** No content is currently available. -- **UserAttemptNumber** No content is currently available. -- **WUContentId** No content is currently available. +- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** True if this is a bundle. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The product ID of the parent if this product is part of a bundle. +- **PFN** Product Family Name of app being downloaded. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install before cancellation. +- **UserAttemptNumber** Total number of user attempts to install before cancellation. +- **WUContentId** NLicensing identity of this package. ### Microsoft.Windows.StoreAgent.Telemetry.BeginGetFreeEntitlement @@ -2637,60 +2633,59 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.BeginInstall -No content is currently available. +This event is fired near the end stage of a new app install or update after the bits have been downloaded. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps. The following fields are available: -- **AggregatedPackageFullNames** No content is currently available. -- **AttemptNumber** Number of retry attempts before it was cancelled. -- **BundleId** The Item bundle id. -- **CategoryId** The Item category Id. -- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). -- **IsBundle** No content is currently available. -- **IsInteractive** Was this call a result of user interaction. -- **IsMandatory** No content is currently available. -- **IsRemediation** Was the item a repair. -- **IsRestore** No content is currently available. -- **IsUpdate** Is it an update. -- **ParentBundleId** No content is currently available. -- **PFN** The Product Full Name. -- **ProductId** The Product Id. -- **SystemAttemptNumber** No content is currently available. -- **UserAttemptNumber** No content is currently available. -- **WUContentId** No content is currently available. - +- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** True if this is a bundle. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The product ID of the parent if this product is part of a bundle. +- **PFN** The name(s) of the package(s) requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install. +- **UserAttemptNumber** Total number of user attempts to install. +- **WUContentId** Licensing identity of this package. ### Microsoft.Windows.StoreAgent.Telemetry.BeginSearchUpdatePackages -No content is currently available. +This event is fired when looking for app updates. The following fields are available: -- **AttemptNumber** No content is currently available. -- **BundleId** No content is currently available. -- **CategoryId** No content is currently available. -- **ClientAppId** No content is currently available. -- **IsBundle** No content is currently available. -- **IsInteractive** No content is currently available. -- **IsMandatory** No content is currently available. -- **IsRemediation** No content is currently available. -- **IsRestore** No content is currently available. -- **IsUpdate** No content is currently available. -- **ParentBundleId** No content is currently available. -- **PFN** No content is currently available. -- **ProductId** No content is currently available. -- **SystemAttemptNumber** No content is currently available. -- **UserAttemptNumber** No content is currently available. -- **WUContentId** No content is currently available. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** True if this is a bundle. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The product ID of the parent if this product is part of a bundle. +- **PFN** The name(s) of the package(s) requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install. +- **UserAttemptNumber** Total number of user attempts to install. +- **WUContentId** Licensing identity of this package. ### Microsoft.Windows.StoreAgent.Telemetry.BlockLowPriorityWorkItems -No content is currently available. +This event is fired when the BlockLowPriorityWorkItems method is called, stopping the queue from installing LowPriority work items. The following fields are available: -- **ClientId** No content is currently available. +- **ClientId** Client ID of the caller. ### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation @@ -2935,12 +2930,12 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.InstallRequestReceived -No content is currently available. +This event is sent when a product install request is received by AppInstallManager. The following fields are available: -- **ClientId** No content is currently available. -- **StoreId** No content is currently available. +- **ClientId** Client ID of the caller. +- **StoreId** The Store ID for the product being installed. ### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation @@ -2973,44 +2968,44 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.QueueStuckError -No content is currently available. +This event indicates that the Install Queue is in a stuck state. The following fields are available: -- **ItemLifetimeInSeconds** No content is currently available. -- **OpenSlots** No content is currently available. -- **PendingItems** No content is currently available. -- **QueueItems** No content is currently available. +- **ItemLifetimeInSeconds** The amount of time elapsed since the item had been created in seconds at the time of the error. +- **OpenSlots** The number of open slots in the queue at the time of the error. +- **PendingItems** The number of pending items in the queue at the time of the error. +- **QueueItems** The number of items in the queue at the time of the error. ### Microsoft.Windows.StoreAgent.Telemetry.RestoreDeviceMetrics -No content is currently available. +This event provides an informational summary of the apps returned from the restorable apps data store. The following fields are available: -- **DeferredAppIds** No content is currently available. -- **DelayedAppIds** No content is currently available. -- **NumBackupApps** No content is currently available. -- **NumCompatibleApps** No content is currently available. -- **NumIncompatibleApps** No content is currently available. -- **NumProcessedBackupApps** No content is currently available. +- **DeferredAppIds** The number of backed-up apps that will be auto-installed at an optimal time for the machine, determined by the policies of an Windows component called the Universal Orchestrator. +- **DelayedAppIds** The number of backed-up apps that will be auto-installed one hour after device setup. +- **NumBackupApps** The number of apps returned from the restorable apps data store. +- **NumCompatibleApps** The number of backed-up apps reported by compatibility service to be compatible. +- **NumIncompatibleApps** The number of backed-up apps reported by compatibility service to be incompatible. +- **NumProcessedBackupApps** The number of backed-up apps for which we have instructed AppRestore Service to create a placeholder. ### Microsoft.Windows.StoreAgent.Telemetry.RestoreError -No content is currently available. +This event indicates a blocking error occurred during the restore compatibility check. The following fields are available: -- **ErrorCode** No content is currently available. -- **ErrorLocation** No content is currently available. -- **ErrorMessage** No content is currently available. -- **ErrorMethod** No content is currently available. -- **ErrorName** No content is currently available. -- **ErrorType** No content is currently available. -- **LineNumber** No content is currently available. -- **Severity** No content is currently available. +- **ErrorCode** The error code associated with the error. +- **ErrorLocation** The location of the error. +- **ErrorMessage** The message associated with the error. +- **ErrorMethod** The method the error occurred in. +- **ErrorName** The name of the error. +- **ErrorType** The type of the error. +- **LineNumber** The line number the error occurred on. +- **Severity** The severity level of the error. ### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation @@ -3055,11 +3050,11 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.ScheduleWorkWithUO -No content is currently available. +This event is fired when we schedule installs and/or updates with UO. The following fields are available: -- **ClientId** No content is currently available. +- **ClientId** Client ID of the caller. ### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest @@ -3092,11 +3087,11 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.UnblockLowPriorityWorkItems -No content is currently available. +This event is fired when the UnblockLowPriorityWorkItems method is called, changing the state of all LowPriority work items to working if AutoUpdateState is enabled. The following fields are available: -- **ClientId** No content is currently available. +- **ClientId** Client ID of the caller. ### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest @@ -3286,17 +3281,17 @@ The following fields are available: ### Microsoft.Windows.Update.Aggregator.UusCoreHealth.HealthAggregatorSummary -No content is currently available. +This event is a suummary of UUS health indicators. The following fields are available: -- **Fallback** No content is currently available. -- **FlightId** No content is currently available. -- **IsStable** No content is currently available. -- **Lock** No content is currently available. -- **UpdateId** No content is currently available. -- **UusVersion** No content is currently available. -- **VersionActivationsSinceLastBoot** No content is currently available. +- **Fallback** Failover information. +- **FlightId** Payload that is being sent. +- **IsStable** Boolean if the payload is in image. +- **Lock** Lock indentifier. +- **UpdateId** Update identifier. +- **UusVersion** Version of the undocked payload. +- **VersionActivationsSinceLastBoot** Number of activations since last reboot. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize @@ -3319,29 +3314,29 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.Client.AppUpdateInstallResult -No content is currently available. +This event reports installation result details of expedited apps. The following fields are available: -- **Completed** No content is currently available. -- **DeploymentAttempted** No content is currently available. -- **DeploymentErrorCode** No content is currently available. -- **DeploymentExtendedErrorCode** No content is currently available. -- **InstallFailureReason** No content is currently available. -- **OperationStatus** No content is currently available. -- **Succeeded** No content is currently available. -- **updaterId** No content is currently available. -- **UusVersion** No content is currently available. -- **VelocityEnabled** No content is currently available. +- **Completed** Whether the installation completed. +- **DeploymentAttempted** Whether the deployment was attempted. +- **DeploymentErrorCode** The error code resulting from the deployment attempt. +- **DeploymentExtendedErrorCode** The extended error code resulting from the deployment attempt. +- **InstallFailureReason** On failure, the InstallFailureReason reported. +- **OperationStatus** OperationStatus result reported by the installation attempt. +- **Succeeded** Whether the installation succeeded. +- **updaterId** The UpdaterId associated with this expedited app. +- **UusVersion** The version of the UUS stack currently active. +- **VelocityEnabled** Whether the velocity tag for the expedited app is enabled. ### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallAlreadyRunning -No content is currently available. +This event indicates that another instance is currently attempting to install business critical store updates. The following fields are available: -- **UusVersion** No content is currently available. +- **UusVersion** The version of the UUS Stack currently active. ### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallResult @@ -3428,16 +3423,16 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.Worker.SetIpuMode -No content is currently available. +This event indicates that a provider is setting the inplace upgrade mode. The following fields are available: -- **flightId** No content is currently available. -- **mode** No content is currently available. -- **provider** No content is currently available. -- **reason** No content is currently available. -- **uniqueId** No content is currently available. -- **UusVersion** No content is currently available. +- **flightId** Flight Identifier. +- **mode** The value being set. +- **provider** The provider that is getting the value. +- **reason** The reason the value is being set. +- **uniqueId** Update Identifier. +- **UusVersion** The version of the UUS Stack currently active. ### Microsoft.Windows.Update.Orchestrator.Worker.UpdateActionCritical @@ -3464,50 +3459,50 @@ The following fields are available: ### Microsoft.Windows.Update.SIHClient.CheckForUpdatesStarted -No content is currently available. +Scan event for Server Initiated Healing client. The following fields are available: -- **CallerApplicationName** No content is currently available. -- **EventInstanceID** No content is currently available. -- **ServiceGuid** No content is currently available. -- **TargetMetadataVersion** No content is currently available. -- **UusVersion** No content is currently available. -- **WUDeviceID** No content is currently available. +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded. +- **UusVersion** UUS version. +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). ### Microsoft.Windows.Update.SIHClient.CheckForUpdatesSucceeded -No content is currently available. +Scan event for Server Initiated Healing client The following fields are available: -- **ApplicableUpdateInfo** No content is currently available. -- **CachedEngineVersion** No content is currently available. -- **CallerApplicationName** No content is currently available. -- **EventInstanceID** No content is currently available. -- **ServiceGuid** No content is currently available. -- **StatusCode** No content is currently available. -- **TargetMetadataVersion** No content is currently available. -- **UusVersion** No content is currently available. -- **WUDeviceID** No content is currently available. +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. +- **CachedEngineVersion** The engine DLL version that is being used. +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **StatusCode** Launch event for Server Initiated Healing client. +- **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded. +- **UusVersion** Active UUS Version. +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). ### Microsoft.Windows.Update.SIHClient.DownloadSucceeded -No content is currently available. +Download process event for target update on SIH Client. The following fields are available: -- **CachedEngineVersion** No content is currently available. -- **CallerApplicationName** No content is currently available. -- **DownloadType** No content is currently available. -- **EventInstanceID** No content is currently available. -- **ServiceGuid** No content is currently available. -- **TargetMetadataVersion** No content is currently available. -- **UpdateID** No content is currently available. -- **UusVersion** No content is currently available. -- **WUDeviceID** No content is currently available. +- **CachedEngineVersion** Version of the Cache Engine. +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **DownloadType** Type of Download. +- **EventInstanceID** ID of the Event Instance being fired. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **TargetMetadataVersion** Version of the Metadata which is being targeted for an update. +- **UpdateID** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. +- **WUDeviceID** Global Device ID utilized to identify Device. ### Microsoft.Windows.Update.SIHClient.TaskRunCompleted @@ -3541,113 +3536,113 @@ The following fields are available: ### Microsoft.Windows.Update.Undocked.Brain.ActiveVersionUpdated -No content is currently available. +This event gets fired when the active version of the Undocked Update Stack is being updated/ The following fields are available: -- **Fallback** No content is currently available. -- **FlightID** No content is currently available. -- **Lock** No content is currently available. -- **MinutesSinceInstall** No content is currently available. -- **Stable** No content is currently available. -- **UpdateID** No content is currently available. -- **VersionActive** No content is currently available. -- **VersionPrevious** No content is currently available. +- **Fallback** Initiated Process. +- **FlightID** FlightID associated. +- **Lock** Lock Group Name. +- **MinutesSinceInstall** Time to complete process. +- **Stable** Is VersionActive from stable. +- **UpdateID** Update identifier. +- **VersionActive** The now active version of the UUS stack. +- **VersionPrevious** The previous active version of the UUS stack. ### Microsoft.Windows.Update.Undocked.Brain.FailoverVersionExcluded -No content is currently available. +This event indicates Failover tried to exclude an UUS Version. The following fields are available: -- **AlreadyExcluded** No content is currently available. -- **Exception** No content is currently available. -- **ExclusionReason** No content is currently available. -- **Success** No content is currently available. -- **VerFailover** No content is currently available. +- **AlreadyExcluded** Boolean. +- **Exception** The exception encountered during exclusion. +- **ExclusionReason** Reason for the exclusion. +- **Success** Success or failure indicator. +- **VerFailover** The actual UUS Version that failover was running for. ### Microsoft.Windows.Update.Undocked.UpdateAgent.DownloadRequest -No content is currently available. +Download request for undocked update agent The following fields are available: -- **errorCode** No content is currently available. -- **flightId** No content is currently available. -- **rangeRequestState** No content is currently available. -- **relatedCV** No content is currently available. -- **result** No content is currently available. -- **sessionId** No content is currently available. -- **updateId** No content is currently available. -- **uusVersion** No content is currently available. +- **errorCode** Error code. +- **flightId** FlightID of the package. +- **rangeRequestState** State of request for download range. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. ### Microsoft.Windows.Update.Undocked.UpdateAgent.Initialize -No content is currently available. +Initialization event of undocked update agent. The following fields are available: -- **errorCode** No content is currently available. -- **flightId** No content is currently available. -- **flightMetadata** No content is currently available. -- **relatedCV** No content is currently available. -- **result** No content is currently available. -- **sessionData** No content is currently available. -- **sessionId** No content is currently available. -- **updateId** No content is currently available. -- **uusVersion** No content is currently available. +- **errorCode** Error code. +- **flightId** FlightID of the package. +- **flightMetadata** Metadata. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **sessionData** Additional logging. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. ### Microsoft.Windows.Update.Undocked.UpdateAgent.Install -No content is currently available. +Install event of undocked update agent. The following fields are available: -- **errorCode** No content is currently available. -- **flightId** No content is currently available. -- **folderExists** No content is currently available. -- **packageNewer** No content is currently available. -- **relatedCV** No content is currently available. -- **result** No content is currently available. -- **retryCount** No content is currently available. -- **sessionId** No content is currently available. -- **updateId** No content is currently available. -- **uusVersion** No content is currently available. +- **errorCode** Error code. +- **flightId** FlightID of the package. +- **folderExists** Boolean. +- **packageNewer** version of newer package. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **retryCount** result count. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. ### Microsoft.Windows.Update.Undocked.UpdateAgent.ModeStart -No content is currently available. +Undocked update agent mode start event. The following fields are available: -- **flightId** No content is currently available. -- **mode** No content is currently available. -- **relatedCV** No content is currently available. -- **sessionId** No content is currently available. -- **updateId** No content is currently available. -- **uusVersion** No content is currently available. +- **flightId** FlightID of the package. +- **mode** Install or Download mode. +- **relatedCV** CV for telemetry mapping. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. ### Microsoft.Windows.Update.Undocked.UpdateAgent.Payload -No content is currently available. +Payload event of undocked update agent. The following fields are available: -- **errorCode** No content is currently available. -- **fileCount** No content is currently available. -- **flightId** No content is currently available. -- **mode** No content is currently available. -- **relatedCV** No content is currently available. -- **result** No content is currently available. -- **sessionId** No content is currently available. -- **updateId** No content is currently available. -- **uusVersion** No content is currently available. +- **errorCode** Error code. +- **fileCount** Number of files to download. +- **flightId** FlightID of the package. +- **mode** Install or Download mode. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. ### Microsoft.Windows.Update.WUClient.CheckForUpdatesCanceled @@ -3937,24 +3932,24 @@ The following fields are available: ### Microsoft.Windows.Update.WUClient.DownloadResumed -No content is currently available. +This event is fired when the Download of content is continued from a pause state. The following fields are available: -- **BundleId** No content is currently available. -- **CallerName** No content is currently available. -- **ClassificationId** No content is currently available. -- **DownloadPriority** No content is currently available. -- **EventType** No content is currently available. -- **FlightId** No content is currently available. -- **HandlerInfo** No content is currently available. -- **HandlerType** No content is currently available. -- **Props** No content is currently available. -- **RegulationResult** No content is currently available. -- **RelatedCV** No content is currently available. -- **ServiceGuid** No content is currently available. -- **UpdateId** No content is currently available. -- **UusVersion** No content is currently available. +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **DownloadPriority** Indicates the priority of the download activity. +- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate) +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. ### Microsoft.Windows.Update.WUClient.InstallCanceled From ee45e064c8bb285710c7cf4be57ed783077cd074 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Wed, 11 Sep 2024 18:55:14 -0700 Subject: [PATCH 053/164] Acrolinx related fixes --- ...iagnostic-events-fields-windows-11-24H2.md | 342 +++++++++--------- 1 file changed, 171 insertions(+), 171 deletions(-) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index 1bad0f3cde..53f6093ac5 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -295,8 +295,8 @@ The following fields are available: - **CreatePlaceholder** Represents the decision regarding if the application should be restored. - **Name** Name of the application. - **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it. -- **SdbEntryGuid** Indicates the SDB entry that apply to this file. -- **SdbRestoreAction** NIndicates compatibility information about the application found on the backup device. +- **SdbEntryGuid** Indicates the SDB entry that applies to this file. +- **SdbRestoreAction** Indicates compatibility information about the application found on the backup device. ### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreStartSync @@ -333,7 +333,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd -This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. +This event sends compatibility decision data about non-blocking entries on the system that aren't keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -460,7 +460,7 @@ Fires at the beginning and end of the HVCI auto-enablement process in sysprep. The following fields are available: -- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. +- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating success or failure. ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled @@ -477,7 +477,7 @@ Fires when driver scanning fails to get results. ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverInSdbError -Fires when there is an error checking the SDB for a particular driver. +Fires when there's an error checking the SDB for a particular driver. The following fields are available: @@ -506,7 +506,7 @@ The following fields are available: ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.KcetHvciDisabled -This event indicates that kernel-mode Control-flow Enforcement Technology (CET), which is a CPU-based security feature that protects against return address hijacking attacks from malicious software, was unable to be enabled because HVCI (a dependent security feature) was not also enabled. +This event indicates that kernel-mode Control-flow Enforcement Technology (CET), which is a CPU-based security feature that protects against return address hijacking attacks from malicious software, was unable to be enabled because HVCI (a dependent security feature) wasn't also enabled. ### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOff @@ -525,7 +525,7 @@ The following fields are available: - **CurrentTimeMin** Time of first event. - **NightsWatchDesktopIgnoreAutoOptOut** Value of NightsWatchDesktopIgnoreAutoOptOut in registry. - **OOBECompleteTime** Value of OOBECompleteTime in registry. -- **OOBESafetyTime** Start of timer set by Smart App Control if OOBECompleteTime was not set. +- **OOBESafetyTime** Start of timer set by Smart App Control if OOBECompleteTime wasn't set. ### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWOff @@ -535,7 +535,7 @@ This event tracks when Smart App Control is turned off. ### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWToEnforcementMode -This events tracks when Smart App Control is changed from evaluation to enforcement mode. +This event tracks when Smart App Control is changed from evaluation to enforcement mode. @@ -577,7 +577,7 @@ Describes the device-related fields. The following fields are available: - **deviceClass** The device classification. For example, Desktop, Server, or Mobile. -- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId +- **localId** A locally-defined unique ID for the device. This isn't the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId - **make** Device manufacturer. - **model** Device model. @@ -647,7 +647,7 @@ The following fields are available: - **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. - **locale** The language and region. -- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. +- **localId** Represents a unique user identity that is created locally and added by the client. This isn't the user's account ID. ### Common Data Extensions.utc @@ -670,7 +670,7 @@ The following fields are available: - **popSample** Represents the effective sample rate for this event at the time it was generated by a client. - **providerGuid** The ETW provider ID associated with the provider name. - **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. -- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It's an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. - **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. - **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. - **wcmp** The Windows Shell Composer ID. @@ -788,11 +788,11 @@ The following fields are available: ### CbsServicingProvider.CbsLateAcquisition -This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date. +This event sends data to indicate if some Operating System packages couldn't be updated as part of an upgrade, to help keep Windows up to date. The following fields are available: -- **Features** The list of feature packages that could not be updated. +- **Features** The list of feature packages that couldn't be updated. - **RetryID** The ID identifying the retry attempt to update the listed packages. @@ -815,7 +815,7 @@ The following fields are available: - **pendingDecision** Indicates the cause of reboot, if applicable. - **primitiveExecutionContext** The state during system startup when the uninstall was completed. - **revisionVersion** The revision number of the security update being uninstalled. -- **transactionCanceled** Indicates whether the uninstall was cancelled. +- **transactionCanceled** Indicates whether the uninstall was canceled. ### CbsServicingProvider.CbsPostponedReserveInstallDecision @@ -1120,10 +1120,10 @@ The following fields are available: - **currentNodeSite** The name configured for the current site for the cluster. - **dasModeBusType** The direct storage bus type of the storage spaces. - **downLevelNodeCount** The number of nodes in the cluster that are running down-level. -- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **drainOnShutdown** Specifies whether a node should be drained when it's shut down. - **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. - **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. -- **genAppNames** The win32 service name of a clustered service. +- **genAppNames** The Win32 service name of a clustered service. - **genSvcNames** The command line of a clustered genapp. - **hangRecoveryAction** The cluster parameter: hang recovery action. - **hangTimeOut** Specifies the “hang time out” parameter for the cluster. @@ -1172,7 +1172,7 @@ The following fields are available: ### Microsoft.Windows.FaultReporting.AppCrashEvent -This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event. +This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (for example, from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (for example, from PLM) that may be considered crashes\" by a user DO NOT emit this event. The following fields are available: @@ -1182,10 +1182,10 @@ The following fields are available: - **AppVersion** The version of the app that has crashed. - **ExceptionCode** The exception code returned by the process that has crashed. - **ExceptionOffset** The address where the exception had occurred. -- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. +- **Flags** Flags indicating how reporting is done. For example, queue the report, don't offer JIT debugging, or don't terminate the process after reporting. - **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name. - **IsFatal** True/False to indicate whether the crash resulted in process termination. -- **ModName** Exception module name (e.g. bar.dll). +- **ModName** Exception module name (for example, bar.dll). - **ModTimeStamp** The date/time stamp of the module. - **ModVersion** The version of the module that has crashed. - **PackageFullName** Store application identity. @@ -1216,7 +1216,7 @@ This event indicates the change of feature state. The data collected with this e The following fields are available: -- **flightId** Flight id. +- **flightId** Flight ID. - **state** New state. @@ -1226,10 +1226,10 @@ This event indicates the feature status. The data collected with this event is u The following fields are available: -- **featureId** Feature id. -- **flightId** Flight id. +- **featureId** Feature ID. +- **flightId** Flight ID. - **time** Time of status change. -- **variantId** Variant id. +- **variantId** Variant ID. ## Feature update events @@ -1254,12 +1254,12 @@ This event indicates that the uninstall was properly configured and that a syste ### Microsoft.Windows.HangReporting.AppHangEvent -This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events. +This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (for example, PLM/RM/EM) as Watson Generics and won't produce AppHang events. The following fields are available: - **AppName** The name of the app that has hung. -- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend. +- **AppSessionGuid** GUID made up of process ID used as a correlation vector for process instances in the telemetry backend. - **AppVersion** The version of the app that has hung. - **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report. - **PackageFullName** Store application identity. @@ -1273,9 +1273,9 @@ The following fields are available: - **TargetAsId** The sequence number for the hanging process. - **TypeCode** Bitmap describing the hang type. - **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application. -- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting. -- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting. -- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. +- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it's waiting. +- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it's waiting. +- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application ID of the package. ## Holographic events @@ -1432,7 +1432,7 @@ The following fields are available: - **Source** How the program was installed (for example, ARP, MSI, Appx). - **SparkId** Unique ID that represents a Win32 app installed from the Microsoft Store. - **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. -- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. +- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it's a service. Application and BOE are the ones most likely seen. - **Version** The version number of the program. @@ -1496,7 +1496,7 @@ The following fields are available: ### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown -This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they are expected to. The data collected with this event is used to keep Windows performing properly. +This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they're expected to. The data collected with this event is used to keep Windows performing properly. The following fields are available: @@ -1515,16 +1515,16 @@ The following fields are available: - **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. - **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. - **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. - **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. - **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. - **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. @@ -1547,16 +1547,16 @@ The following fields are available: - **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. - **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. - **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. - **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. - **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. @@ -1579,16 +1579,16 @@ The following fields are available: - **account_type** Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. - **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. - **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. - **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. - **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. @@ -1611,16 +1611,16 @@ The following fields are available: - **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. - **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. -- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. -- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. - **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. - **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. - **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. - **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. -- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to 5 significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client is not on a UTC-enabled platform, then this value will not be set. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. - **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. @@ -1637,26 +1637,26 @@ The following fields are available: ### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping -This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date. +This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Microsoft Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Microsoft Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date. The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. -- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). +- **appChannel** An integer indicating the channel of the installation (that is, Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. - **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (for example, send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appEdgePreviewDisenrollReason** Reason why Preview was unenrolled. -- **appEdgePreviewPreviousValuesV2** Previous values of the Edge Preview. -- **appEdgePreviewState** Specifies if Edge is in the preview state. -- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. -- **appFirstFRESeenTime** The earliest time the Edge First Run Experience was seen by any user on the device in Windows FILETIME units / 10. Default: undefined. -- **appFirstFRESeenVersion** The earliest Edge First Run Experience version that was seen by any user on the device (e.g. '1.2.3.4'). Default: undefined. +- **appEdgePreviewPreviousValuesV2** Previous values of the Microsoft Edge Preview. +- **appEdgePreviewState** Specifies if Microsoft Edge is in the preview state. +- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. +- **appFirstFRESeenTime** The earliest time the Microsoft Edge First Run Experience was seen by any user on the device in Windows FILETIME units / 10. Default: undefined. +- **appFirstFRESeenVersion** The earliest Microsoft Edge First Run Experience version that was seen by any user on the device (for example '1.2.3.4'). Default: undefined. - **appInactivityBadgeApplied** Specifies that the inactivity badge has been applied. - **appInactivityBadgeCleared** Specifies that the inactivity badge has been cleared. - **appInactivityBadgeDuration** The duration of the inactivity badge. @@ -1666,13 +1666,13 @@ The following fields are available: - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appLastLaunchCount** Number of times the app launched last. - **appLastLaunchTime** The time when browser was last launched. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. -- **appOOBEInstallTime** The time of first recorded successful OOBE Edge install in Windows FILETIME units / 10 (i.e. the install time of any fully completed OOBE install achieved before OOBE finishes), as recorded by setup.exe. Default: undefined. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. +- **appOOBEInstallTime** The time of first recorded successful OOBE Microsoft Edge install in Windows FILETIME units / 10 (that is, the install time of any fully completed OOBE install achieved before OOBE finishes), as recorded by setup.exe. Default: undefined. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. -- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply. +- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply. - **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z. - **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) For example, HIT from proxy.domain.tld, MISS from proxy.local. -- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US. +- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. for example: US. - **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2. - **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. For example, Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z. - **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. For example, CP=\"CAO PSA OUR\". @@ -1685,47 +1685,47 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. -- **appPingEventPackageCacheResult** Whether there is an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field does not apply. -- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventPackageCacheResult** Whether there's an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field doesn't apply. +- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. - **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. - **appPingEventSystemUptimeTicks** Number of ticks that the system has been up. - **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'. - **appUpdateCheckIsRollbackAllowed** Check for status showing whether or not rollback is allowed. -- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't. - **appUpdateCheckTargetChannel** Check for status showing the target release channel. -- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it's not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. - **appUpdateCount** A running total of successful updates recorded by setup.exe. This is used for continuity checking of the Ping data spanning consecutive updates. - **appUpdatesAllowedForMeteredNetworks** Specifies if the device can receive updates with on a metered network. -- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. shouldn't Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **eventType** A string indicating the type of the event. shouldn't - **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. - **hwDiskType** Device’s hardware disk type. -- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. -- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware doesn't support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware doesn't support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware doesn't support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware doesn't support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. - **hwLogicalCpus** Number of logical CPUs of the device. - **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. - **isCTADevice** Specifies if the device is CTA. - **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. - **oemProductManufacturer** The device manufacturer name. - **oemProductName** The product name of the device defined by device manufacturer. -- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osArch** The architecture of the operating system (for example, 'x86', 'x64', 'arm'). '' if unknown. Default: ''. - **osIsDefaultNetworkConnectionMetered** States if the default network connection is metered. - **osIsInLockdownMode** Is the OS in lockdown mode. - **osIsWIP** Whether the OS is in preview. -- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (for example 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. - **osProductType** Type associated with the operating system. - **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. - **osVersion** The primary version of the operating system. '' if unknown. Default: ''. @@ -1740,8 +1740,8 @@ The following fields are available: - **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. - **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. - **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. -- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. -- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (for example, update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and shouldn't be counted toward normal metrics. Default: ''. - **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. @@ -1775,7 +1775,7 @@ This event returns data to track the count of the migration objects across vario The following fields are available: - **currentSid** Indicates the user SID for which the migration is being performed. -- **migDiagSession->CString** The phase of the upgrade where migration occurs. (E.g.: Validate tracked content) +- **migDiagSession->CString** The phase of the upgrade where migration occurs. (for example: Validate tracked content) - **objectCount** The count for the number of objects that are being transferred. - **sfInfo.Name** This event identifies the phase of the upgrade where migration happens. @@ -1930,7 +1930,7 @@ The following fields are available: ### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeySignHash -This events traces Windows Hello key signing details. +This event traces Windows Hello key signing details. The following fields are available: @@ -1956,7 +1956,7 @@ The following fields are available: - **silentByProperty** Indicates whether the key property specified to sign silently. - **timeSinceUnlockMs** Time since logon or unlock in milliseconds. - **usedPinCache** The PIN cache was used to attempt to sign. -- **validTicket** The provided ticket does not match the default or invalid auth ticket. +- **validTicket** The provided ticket doesn't match the default or invalid auth ticket. ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateFailed @@ -1964,7 +1964,7 @@ Event that indicates that an attempt to apply secure boot updates failed The following fields are available: -- **Action** Action string when error occured +- **Action** Action string when error occurred - **hr** Error code in HRESULT - **IsRejectedByFirmware** Bool value to indicate if firmware has rejected the update. - **IsResealNeeded** BOOL value to indicate if TPM Reseal was needed @@ -1992,8 +1992,8 @@ The following fields are available: - **Action** Indicates the stage for success. - **IsRebootRequiredBeforeUpdate** Indicates if reboot is required for before re-attempting the update. -- **IsResealNeeded** Indicates if Bitlocker reseal is needed. -- **RevokedBootmanager** Indicates if there is a revoked bootmgr on the machine. +- **IsResealNeeded** Indicates if BitLocker reseal is needed. +- **RevokedBootmanager** Indicates if there's a revoked bootmgr on the machine. - **SecureBootUpdateCaller** Info about the caller of the update. - **UpdateType** VariableMask like DB, DBX. - **WillResealSucceed** Inform if reseal will succeed. @@ -2007,16 +2007,16 @@ The following fields are available: - **Action** String that tells us the failure stage if any. - **hr** error code. -- **IsResealNeeded** Is bitlocker reseal was needed on this machine. +- **IsResealNeeded** Is BitLocker reseal was needed on this machine. - **sbServicingFailureReason** Enum containing failure details. -- **SecureBootUpdateCaller** Caller of the upate like Secureboot AI, tpmtask or dbupdater. +- **SecureBootUpdateCaller** Caller of the update like Secureboot AI, tpmtask or dbupdater. - **UpdateType** Update type DB or DBX. -- **WillResealSucceed** If bitlocker reseal will succeed on this machine. +- **WillResealSucceed** If BitLocker reseal will succeed on this machine. ### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateStarted -This events logs when Secureboot updating containing DB/DBX payload starts. +This event logs when Secureboot updating containing DB/DBX payload starts. The following fields are available: @@ -2026,12 +2026,12 @@ The following fields are available: ### Microsoft.Windows.Security.SBServicingCore.SBServicingCoreFunctionFailed -This events logs when some core function of Secureboot AI fails. +This event logs when some core function of Secureboot AI fails. The following fields are available: -- **Action** stage at which the failure occured. -- **Function** name of the function where the failure occured. +- **Action** stage at which the failure occurred. +- **Function** name of the function where the failure occurred. - **hr** error code. @@ -2214,7 +2214,7 @@ The following fields are available: - **LogClass** Log Class. - **LogInstance** Log instance within class (1..n). - **LogVersion** Log MGR version. -- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. - **ProductId** Product ID. - **SeqNum** Sequence Number. - **TimeStamp** UTC seconds when log was created. @@ -2244,7 +2244,7 @@ The following fields are available: - **LogClass** LOG CLASS. - **LogInstance** Log instance within class (1..n). - **LogVersion** LOG MGR VERSION. -- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. - **newSnFruUpdateCount** New Sn FRU Update Count. - **newSnUpdateCount** New Sn Update Count. - **ProductId** Product ID. @@ -2279,7 +2279,7 @@ The following fields are available: - **maxDischargeCurrent** Max discharge current. - **maxTempCell** Max temp cell. - **maxVoltage_Values** Max voltage values. -- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. - **minTempCell** Min temp cell. - **minVoltage_Values** Min voltage values. - **numberOfCovEvents** Number of Cov events. @@ -2327,7 +2327,7 @@ The following fields are available: - **LogVersion** LOG MGR VERSION. - **maxAvgCurrLastRun** Max average current last run. - **maxAvgPowLastRun** Max average power last run. -- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. - **mfgInfoBlockB01** MFG info Block B01. - **mfgInfoBlockB02** MFG info Block B02. - **mfgInfoBlockB03** MFG info Block B03. @@ -2358,7 +2358,7 @@ The following fields are available: - **LogClass** LOG CLASS. - **LogInstance** Log instance within class (1..n). - **LogVersion** LOG MGR VERSION. -- **MCUInstance** Instance id used to identify multiple MCU's in a product. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. - **ProductId** ProductId ID. - **SeqNum** Sequence Number. - **TimeStamp** UTC seconds when log was created. @@ -2369,7 +2369,7 @@ The following fields are available: ### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed -This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (i.e. reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly. +This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (that is, reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly. The following fields are available: @@ -2383,7 +2383,7 @@ The following fields are available: - **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe. - **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab. - **executionHR** HR code of the execution of the mitigation. -- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, eg when executing Critical troubleshooters, the executionPreference is set to the Silent option. +- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option. - **exitCode** Exit code of the execution of the mitigation. - **experimentFeatureId** Experiment feature ID. - **experimentFeatureState** Config state of the experiment. @@ -2425,7 +2425,7 @@ The following fields are available: - **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab. - **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option. - **exitCode** Exit code of the execution of the mitigation. -- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (i.e. ProblemNotFound). +- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (that is, ProblemNotFound). - **experimentFeatureId** Experiment feature ID. - **experimentFeatureState** Feature state for the experiment. - **mitigationId** ID value of the mitigation. @@ -2496,7 +2496,7 @@ The following fields are available: ### Microsoft.Windows.WERVertical.OSCrash -This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. +This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event. The following fields are available: @@ -2597,7 +2597,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.BeginDownload -This event is fired during the app update or install process when actual bits are being downloaded, this particular event is fired at the beginning of the process to indicate a state change to "Downloading". StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps. +This event is fired during the app update or install process when actual bits are being downloaded, this particular event is fired at the beginning of the process to indicate a state change to "Downloading". StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we won't be able to track the success/failure and fix any future vulnerabilities related to these built-in Windows Apps. The following fields are available: @@ -2633,7 +2633,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.BeginInstall -This event is fired near the end stage of a new app install or update after the bits have been downloaded. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps. +This event is fired near the end stage of a new app install or update after the bits have been downloaded. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we won't be able to track the success/failure and fix any future vulnerabilities related to these built-in Windows Apps. The following fields are available: @@ -2772,7 +2772,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate -This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure. +This event is sent when an app update requires an updated Framework package and the process starts to download it. It's used to help keep Windows up-to-date and secure. The following fields are available: @@ -2781,7 +2781,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndGetFreeEntitlement -Telemetry is fired at the end of the call to request an free app entitlement, which will make a server call to get the entitlement. +Telemetry is fired at the end of the call to request a free app entitlement, which will make a server call to get the entitlement. The following fields are available: @@ -2836,7 +2836,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages -This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure. +This event is sent after searching for update packages to install. It's used to help keep Windows up-to-date and secure. The following fields are available: @@ -2862,7 +2862,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData -This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure. +This event is sent after restoring user data (if any) that needs to be restored following a product install. It's used to keep Windows up-to-date and secure. The following fields are available: @@ -2984,7 +2984,7 @@ This event provides an informational summary of the apps returned from the resto The following fields are available: -- **DeferredAppIds** The number of backed-up apps that will be auto-installed at an optimal time for the machine, determined by the policies of an Windows component called the Universal Orchestrator. +- **DeferredAppIds** The number of backed-up apps that will be auto-installed at an optimal time for the machine, determined by the policies of a Windows component called the Universal Orchestrator. - **DelayedAppIds** The number of backed-up apps that will be auto-installed one hour after device setup. - **NumBackupApps** The number of apps returned from the restorable apps data store. - **NumCompatibleApps** The number of backed-up apps reported by compatibility service to be compatible. @@ -3065,12 +3065,12 @@ The following fields are available: - **CatalogId** The Store Catalog ID for the product being installed. - **ProductId** The Store Product ID for the product being installed. -- **SkuId** Specfic edition of the app being updated. +- **SkuId** Specific edition of the app being updated. ### Microsoft.Windows.StoreAgent.Telemetry.StateTransition -Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure. +Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there's a change in a product's fulfillment status (pending, working, paused, canceled, or complete), to help keep Windows up to date and secure. The following fields are available: @@ -3281,14 +3281,14 @@ The following fields are available: ### Microsoft.Windows.Update.Aggregator.UusCoreHealth.HealthAggregatorSummary -This event is a suummary of UUS health indicators. +This event is a summary of UUS health indicators. The following fields are available: - **Fallback** Failover information. - **FlightId** Payload that is being sent. - **IsStable** Boolean if the payload is in image. -- **Lock** Lock indentifier. +- **Lock** Lock identifier. - **UpdateId** Update identifier. - **UusVersion** Version of the undocked payload. - **VersionActivationsSinceLastBoot** Number of activations since last reboot. @@ -3390,7 +3390,7 @@ This event sends data on whether Update Management Policies were enabled on a de The following fields are available: - **configuredPoliciescount** Number of policies on the device. -- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight). +- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM, or flight). - **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. - **UusVersion** Active version of UUS. @@ -3402,7 +3402,7 @@ Indicates that EULA for an update has been accepted. The following fields are available: - **HRESULT** Was the EULA acceptance successful. -- **publisherIntent** Publisher Intent id associated with the update. +- **publisherIntent** Publisher Intent ID associated with the update. - **reason** Reason for EULA acceptance. - **update** Update for which EULA has been accepted. - **UusVersion** The version of the UUS stack currently active. @@ -3414,7 +3414,7 @@ This event signifies an update being approved around the OOBE time period. The d The following fields are available: -- **approved** Flag to determine if it is approved or not. +- **approved** Flag to determine if it's approved or not. - **provider** The provider related to which the update is approved. - **publisherIntent** The publisher intent of the Update. - **update** Additional information about the Update. @@ -3465,10 +3465,10 @@ The following fields are available: - **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EventInstanceID** A globally unique identifier for event instance. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded. - **UusVersion** UUS version. -- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). ### Microsoft.Windows.Update.SIHClient.CheckForUpdatesSucceeded @@ -3481,11 +3481,11 @@ The following fields are available: - **CachedEngineVersion** The engine DLL version that is being used. - **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EventInstanceID** A globally unique identifier for event instance. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Launch event for Server Initiated Healing client. - **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded. - **UusVersion** Active UUS Version. -- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). ### Microsoft.Windows.Update.SIHClient.DownloadSucceeded @@ -3498,7 +3498,7 @@ The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. - **DownloadType** Type of Download. - **EventInstanceID** ID of the Event Instance being fired. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **TargetMetadataVersion** Version of the Metadata which is being targeted for an update. - **UpdateID** Identifier associated with the specific piece of content. - **UusVersion** The version of the Update Undocked Stack. @@ -3514,10 +3514,10 @@ The following fields are available: - **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. - **CmdLineArgs** Command line arguments passed in by the caller. - **EventInstanceID** A globally unique identifier for event instance. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **UusVersion** The version of the Update Undocked Stack. -- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). ### Microsoft.Windows.Update.SIHClient.TaskRunStarted @@ -3529,9 +3529,9 @@ The following fields are available: - **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. - **CmdLineArgs** Command line arguments passed in by the caller. - **EventInstanceID** A globally unique identifier for event instance. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UusVersion** The version of the Update Undocked Stack. -- **WUDeviceID** Unique device id controlled by the software distribution client. +- **WUDeviceID** Unique device ID controlled by the software distribution client. ### Microsoft.Windows.Update.Undocked.Brain.ActiveVersionUpdated @@ -3653,7 +3653,7 @@ The following fields are available: - **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **NumFailedAudienceMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced. - **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. @@ -3674,7 +3674,7 @@ The following fields are available: - **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **FailedUpdateInfo** Information about the update failure. - **HandlerInfo** Blob of Handler related information. - **HandlerType** Name of Handler. @@ -3777,12 +3777,12 @@ This event checks for failed commits on the Windows Update client. The data coll The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. - **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -3799,11 +3799,11 @@ This event tracks the commit started event on the Windows Update client. The dat The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -3818,12 +3818,12 @@ This event is used to track the commit succeeded process, after the update insta The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc. -- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **HandlerType** The specific id of the flight the device is getting. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **HandlerType** The specific ID of the flight the device is getting. - **Props** Commit Props (MergedUpdate). - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). @@ -3844,7 +3844,7 @@ The following fields are available: - **DownloadPriority** Indicates the priority of the download activity. - **DownloadStartTimeUTC** Download start time to measure the length of the session. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerInfo** HandlerInfo Blob. - **HandlerType** HandlerType Blob. - **HostName** Identifies the hostname. @@ -3870,8 +3870,8 @@ The following fields are available: - **DownloadPriority** Indicates the priority of the download activity. - **DownloadStartTimeUTC** Start time to measure length of session. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **FlightId** The specific id of the flight the device is getting. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerInfo** HandlerInfo Blob. - **HandlerType** HandlerType Blob. - **HostName** Identifies the hostname. @@ -3902,7 +3902,7 @@ The following fields are available: - **Props** Commit Props (MergedUpdate) - **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. - **UusVersion** The version of the Update Undocked Stack. @@ -3913,12 +3913,12 @@ This event tracks the download queued event when the update client is trying to The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **DownloadPriority** Indicates the priority of the download activity. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerInfo** Blob of Handler related information. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Commit Props (MergedUpdate) @@ -3936,18 +3936,18 @@ This event is fired when the Download of content is continued from a pause state The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **DownloadPriority** Indicates the priority of the download activity. - **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. -- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **HandlerInfo** Blob of Handler related information. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Commit Props (MergedUpdate) - **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. - **UusVersion** The version of the Update Undocked Stack. @@ -3958,11 +3958,11 @@ This event tracks the install canceled event when the update client is trying to The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **Reason** Install canceled reason. @@ -3978,12 +3978,12 @@ This event tracks the install failed event when the update client is trying to u The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **FlightId** The specific id of the flight the device is getting. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerInfo** Handler specific information. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) @@ -4001,15 +4001,15 @@ This event tracks the install reboot pending event when the update client is try The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of application making the Windows Update request. Used to identify context of request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **UpdateId** Identifier associated with the specific piece of content. - **UusVersion** Active UUS version. @@ -4019,11 +4019,11 @@ The event tracks the install started event when the update client is trying to u The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -4038,11 +4038,11 @@ The event tracks the successful install event when the update client is trying t The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerInfo** Handler specific datapoints. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) @@ -4059,12 +4059,12 @@ This event tracks the revert failed event when the update client is trying to up The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **FlightId** The specific id of the flight the device is getting. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Commit Props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -4081,11 +4081,11 @@ This event tracks the revert started event when the update client is trying to u The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Revert props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -4100,11 +4100,11 @@ The event tracks the successful revert event when the update client is trying to The following fields are available: -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **ClassificationId** Classification identifier of the update content. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). - **Props** Revert props (MergedUpdate) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. @@ -4122,10 +4122,10 @@ The following fields are available: - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **FileId** Unique identifier for the downloaded file. - **FileName** Name of the downloaded file. -- **FlightId** The specific id of the flight the device is getting. +- **FlightId** The specific ID of the flight the device is getting. - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). @@ -4146,8 +4146,8 @@ The following fields are available: - **CurrentError** Last (transient) error encountered by the active download. - **DownloadHBFlags** Flags indicating if power state is ignored. - **DownloadState** Current state of the active download for this content (queued, suspended, progressing). -- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". -- **FlightId** The specific id of the flight the device is getting. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. - **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any. - **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any. - **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby). @@ -4169,8 +4169,8 @@ The following fields are available: - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **LeafCertId** IntegralIDfrom the FragmentSigning data for certificate which failed. - **ListOfSHA256OfIntermediateCerData** List of Base64 string of hash of intermediate cert data. - **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id). - **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. @@ -4193,7 +4193,7 @@ The following fields are available: - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.) - **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". - **StatusCode** Result code of the event (success, cancellation, failure code HResult) - **UusVersion** The version of the Update Undocked Stack @@ -4207,8 +4207,8 @@ The following fields are available: - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **LeafCertId** IntegralIDfrom the FragmentSigning data for certificate which failed. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. - **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id). - **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. @@ -4220,7 +4220,7 @@ The following fields are available: - **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed. -- **UpdateID** String of update id and version number. +- **UpdateID** String of update ID and version number. - **UusVersion** The version of the Update Undocked Stack. @@ -4232,7 +4232,7 @@ The following fields are available: - **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. - **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. - **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). From b1b03718681dd576c5c29dd187b600be216240fe Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Sep 2024 17:38:17 -0700 Subject: [PATCH 054/164] Add missing info/add links to new file --- ...ndows-diagnostic-events-and-fields-1809.md | 1 + windows/privacy/index.yml | 2 +- ...iagnostic-events-fields-windows-11-24H2.md | 24 +++++++++---------- ...windows-11-diagnostic-events-and-fields.md | 1 + ...-diagnostic-data-events-and-fields-2004.md | 1 + 5 files changed, 16 insertions(+), 13 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 92ce858c06..a3a4786147 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -27,6 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml index f06366e02f..3f854c689e 100644 --- a/windows/privacy/index.yml +++ b/windows/privacy/index.yml @@ -39,7 +39,7 @@ productDirectory: - title: Windows 11 required diagnostic data imageSrc: /media/common/i_extend.svg summary: Learn more about basic Windows diagnostic data events and fields collected. - url: required-diagnostic-events-fields-windows-11-22H2.md + url: required-diagnostic-events-fields-windows-11-24H2.md - title: Windows 10 required diagnostic data imageSrc: /media/common/i_build.svg summary: See what changes Windows is making to align to the new data collection taxonomy diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md index 53f6093ac5..cf3ffdba05 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -2053,18 +2053,18 @@ This event keeps track of if the user's account is in a good state upon loading The following fields are available: -- **CassService** No content is currently available. -- **componentName** No content is currently available. -- **correlationVector** No content is currently available. -- **currentPageGroupId** No content is currently available. -- **currentPageId** No content is currently available. -- **experienceId** No content is currently available. -- **experienceVersion** No content is currently available. -- **isExperienceInbox** No content is currently available. -- **pageId** No content is currently available. -- **pageSessionId** No content is currently available. -- **processSessionId** No content is currently available. -- **state** No content is currently available. +- **CassService** Version of the Cass service. +- **componentName** Name of the Settings component. +- **correlationVector** Identifier for correlating events. +- **currentPageGroupId** Identifier for the current page group. +- **currentPageId** Identifier for the current page. +- **experienceId** Identifier for the Settings experience. +- **experienceVersion** Version of the experience. +- **isExperienceInbox** Is the experience present by default (Comes with the system). +- **pageId** Identifier for the Setting page. +- **pageSessionId** Identifier for the page session. +- **processSessionId** Identifier for the process. +- **state** State that determines if the account has required backup proofs (eg. email and phone) ### Microsoft.Windows.WinRE.Agent.CreateWinRePartitionFailed diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 15649caaf5..f31cdf2c8d 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 4fb9beb260..d64b6fad0e 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -31,6 +31,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) From 2facab1d0cc1cbbecd6d446d738ac8834cda5f85 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Sep 2024 17:46:32 -0700 Subject: [PATCH 055/164] Add link --- .../privacy/required-diagnostic-events-fields-windows-11-22H2.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md index 97d13f6d72..23c480e164 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md @@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) From 73d24309054892a8dadcef5653313324b4d31248 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Sep 2024 18:27:05 -0700 Subject: [PATCH 056/164] update link --- .../required-windows-diagnostic-data-events-and-fields-2004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 7c1b2a2ef2..e008b7598b 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -2477,7 +2477,7 @@ Fires when the compatibility check completes. Gives the results from the check. The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. -- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement). +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement). ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled From 99eacc8ca32d35ead2bb689e19aa5b3461a78f8a Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Thu, 12 Sep 2024 18:38:04 -0700 Subject: [PATCH 057/164] fix link --- .../basic-level-windows-diagnostic-events-and-fields-1809.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 31ab151e36..da212c5802 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -2625,7 +2625,7 @@ Fires when the compatibility check completes. Gives the results from the check. The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. -- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement). +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement). ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled From e3b7b5a9241ec3a8ed4263f9b2563b6675c13b07 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 13 Sep 2024 11:44:54 -0700 Subject: [PATCH 058/164] start smb --- .../whats-new/whats-new-windows-11-version-24h2.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index e588bb2c6b..9a78fdee3f 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -69,6 +69,15 @@ Some of the features were released within the past year's continuous innovation ### Feature1 +### Server Message Block (SMB) protocol changes + +The following changes were made for the SMB protocol: + +- **SMB firewall rule changes**: The Windows Defender Firewall default behavior has changed. Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). +- + + +For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). ### Local Security Authority (LSA) protection enablement on upgrade @@ -77,7 +86,7 @@ Some of the features were released within the past year's continuous innovation ### Remote Mailslot protocol disabled by default -[Remote Mailslot protocol](/openspecs/windows_protocols/ms-mail/47ac910f-1dec-4791-8486-9b3e8fd542da) was [deprecated](deprecated-features.md#deprecated-features) in November 2023 and is now disabled by default starting in Windows 11, version 24H2. For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots). +[Remote Mailslot protocol](/openspecs/windows_protocols/ms-mail/47ac910f-1dec-4791-8486-9b3e8fd542da) was [deprecated](deprecated-features.md#deprecated-features) in November 2023 and is now disabled by default starting in Windows 11, version 24H2. For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots). ### Local Administrator Password Solution (LAPS) improvements @@ -120,7 +129,7 @@ Customers can now use App Control for Business (formerly called Windows Defender ### Wi-Fi 7 support -Support for Wi-Fi 7 was added when using capable access point and PCs. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-7). +Support for Wi-Fi 7 was added for consumer access points. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-7). ### Sudo for Windows From 5a558b65afcd9c110b2b5593baeebf6d93bc924e Mon Sep 17 00:00:00 2001 From: eccoisle <167755281+eccoisle@users.noreply.github.com> Date: Sat, 14 Sep 2024 12:09:38 +1000 Subject: [PATCH 059/164] Update usmt-recognized-environment-variables.md --- .../deployment/usmt/usmt-recognized-environment-variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index be9096cf54..0d2153bbaa 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -66,8 +66,8 @@ These variables can be used within sections in the **.xml** files with `context= |*CSIDL_DEFAULT_TEMPLATES*|Refers to the Templates folder inside `%DEFAULTUSERPROFILE%`.| |*CSIDL_DEFAULT_QUICKLAUNCH*|Refers to the Quick Launch folder inside `%DEFAULTUSERPROFILE%`.| |*CSIDL_FONTS*|A virtual folder containing fonts. A typical path is `C:\Windows\Fonts`.| -|*CSIDL_PROGRAM_FILESX86*|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files(86)`.| -|*CSIDL_PROGRAM_FILES_COMMONX86*|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files(86)\Common`.| +|*CSIDL_PROGRAM_FILESX86*|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files (x86)`.| +|*CSIDL_PROGRAM_FILES_COMMONX86*|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files (x86)\Common`.| |*CSIDL_PROGRAM_FILES*|The Program Files folder. A typical path is `C:\Program Files`.| |*CSIDL_PROGRAM_FILES_COMMON*|A folder for components that are shared across applications. A typical path is `C:\Program Files\Common`.| |*CSIDL_RESOURCES*|The file-system directory that contains resource data. A typical path is `C:\Windows\Resources`.| From 130a5b42e1934f938ec51db4822e65eeca4e5ef9 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:54:57 -0700 Subject: [PATCH 060/164] add smb info --- .../whats-new-windows-11-version-24h2.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 9a78fdee3f..e5de81e4e3 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -73,9 +73,17 @@ Some of the features were released within the past year's continuous innovation The following changes were made for the SMB protocol: -- **SMB firewall rule changes**: The Windows Defender Firewall default behavior has changed. Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). -- - +- **SMB firewall rule changes**: The Windows Defender Firewall default behavior has changed. Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). +- **SMB NTLM blocking exception list**: The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). +- **SMB alternative client and server ports**: The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). +- **SMB over QUIC client access control**: [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). +- **SMB over QUIC client disable**: Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. +- **SMB over QUIC client connection auditing**: Successful [SMB over QUIC client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) are now written to the event log to include the QUIC transport. You can view these events using Event Viewer under the following path: + - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Connectivity**; Event ID = 30832. +- **SMB dialect management**: The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it will negotiate. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). +- **SMB signing requirement changes**: In Windows 11, version 24H2 on the Pro, Education, and Enterprise editions, [SMB signing](/windows-server/storage/file-server/smb-signing) is now required by default for all connections. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). +- **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/smb-security) on all outbound SMB client connections. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). +- **SMB signing and encryption auditing**: Administrators can now enable auditing of the SMB server and client for support of SMB signing and encryption. For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). @@ -147,7 +155,7 @@ Remote Desktop Connection has the following improvements: - Improvements to the connection bar design -### Bluetooth ® Low Energy Audio support +### Bluetooth ® LE audio support for assistive devices Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. From 4398974363e97c6dcea8a2b31893e32ad628df9b Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 16 Sep 2024 12:16:49 -0700 Subject: [PATCH 061/164] add smb info --- .../whats-new-windows-11-version-24h2.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index e5de81e4e3..5860ab56ce 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -80,11 +80,25 @@ The following changes were made for the SMB protocol: - **SMB over QUIC client disable**: Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. - **SMB over QUIC client connection auditing**: Successful [SMB over QUIC client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) are now written to the event log to include the QUIC transport. You can view these events using Event Viewer under the following path: - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Connectivity**; Event ID = 30832. -- **SMB dialect management**: The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it will negotiate. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). +- **SMB dialect management**: The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). - **SMB signing requirement changes**: In Windows 11, version 24H2 on the Pro, Education, and Enterprise editions, [SMB signing](/windows-server/storage/file-server/smb-signing) is now required by default for all connections. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). - **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/smb-security) on all outbound SMB client connections. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). -- **SMB signing and encryption auditing**: Administrators can now enable auditing of the SMB server and client for support of SMB signing and encryption. +- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. To configure SMB client or server signing or encryption auditing using Group Policy, use the following policies: + - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Audit server does not support encryption** + - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Audit server does not support signing** + - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Server** > **Audit client does not support encryption** + - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Server** > **Audit client does not support signing** + To use PowerShell, run the following command in an elevated console: + - `Set-SmbClientConfiguration -AuditServerDoesNotSupportEncryption $true` + - `Set-SmbClientConfiguration -AuditServerDoesNotSupportSigning $true` + - `Set-SmbServerConfiguration -AuditClientDoesNotSupportEncryption $true` + - `Set-SmbServerConfiguration -AuditClientDoesNotSupportSigning $true` + + You can view these events using Event Viewer under: + - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Audit**; Event IDs = 31998, 31999 + - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBServer** > **Audit**; Event IDs = 3021, 3022 + For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). ### Local Security Authority (LSA) protection enablement on upgrade From 384eef01b94b158595b86343c7532e47d904150e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 16 Sep 2024 12:21:01 -0700 Subject: [PATCH 062/164] add smb info --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 5860ab56ce..a7388dca9f 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -73,7 +73,7 @@ Some of the features were released within the past year's continuous innovation The following changes were made for the SMB protocol: -- **SMB firewall rule changes**: The Windows Defender Firewall default behavior has changed. Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). +- **SMB firewall rule changes**: The Windows Defender Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). - **SMB NTLM blocking exception list**: The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). - **SMB alternative client and server ports**: The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). - **SMB over QUIC client access control**: [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). From 1ec4e085d1143bae2077f2381dadf2a359a42056 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 16 Sep 2024 15:18:36 -0700 Subject: [PATCH 063/164] pre-edit --- .../whats-new-windows-11-version-24h2.md | 41 +++++++++++++++---- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index a7388dca9f..8fd6c23796 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -66,9 +66,6 @@ New features and enhancements were introduced to Windows 11, version 23H2 period Some of the features were released within the past year's continuous innovation updates and carry forward into the 24H2 annual feature update include: - -### Feature1 - ### Server Message Block (SMB) protocol changes The following changes were made for the SMB protocol: @@ -145,6 +142,16 @@ Windows protected print mode enables devices to print using only the Windows mod - Go to **Settings** > **Bluetooth & Devices** > **Printers & scanners**, then choose **Setup** under **Windows protected print mode** - Enable the **Configure Windows protected print** policy in Group Policy under **Computer Configuration** > **Administrative Templates** > **Printers** +### SHA-3 support + +We are adding support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC). The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions has been enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. + +- **Supported SHA-3 hash functions**: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 is not supported) + +- **Supported SHA-3 HMAC algorithms**: HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 + +- **Supported SHA-3 derived algorithms**: extendable-output functions (XOF) (SHAKE128, SHAKE256), customizable XOFs (cSHAKE128, cSHAKE256), and KMAC (KMAC128, KMAC256, KMACXOF128, KMACXOF256). + ### App Control for Business Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital estate from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol). @@ -153,6 +160,20 @@ Customers can now use App Control for Business (formerly called Windows Defender Support for Wi-Fi 7 was added for consumer access points. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-7). +### Bluetooth ® LE audio support for assistive devices + +Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. + +### Windows location improvements + +New controls were added to help manage which apps have access to the list of Wi-Fi networks around you. which could be used to determine your location. +- You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**. +- A new prompt appears the first time an app attempts to access your location or Wi-Fi information. + - The prompt also notifies when an app unexpectedly requests access to location services so that you can deny it. + - If you grant permission, apps that use location or Wi-Fi information now appear in **Recent activity** on the **Location** settings page, and the location icon will show in the taskbar while the app is in-use + - To hide these prompts when location has been turned off, turn off **Notify when apps request location** on the **Location** settings page. +- Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change. + ### Sudo for Windows Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). @@ -169,11 +190,6 @@ Remote Desktop Connection has the following improvements: - Improvements to the connection bar design -### Bluetooth ® LE audio support for assistive devices - -Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. - - ### Additional features @@ -185,6 +201,15 @@ Customers who use these assistive hearing devices are now able to directly pair, - **Registry Editor**: The Registry Editor supports limiting a search to the currently selected key and its descendants - **Task Manager**: The Task Manager settings page has [Mica material](/windows/apps/design/style/mica) and a redesigned icon + +### Developer APIs + +The following developer APIs were added or updated: + +- The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data may vary by region. +- Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status by passing the appropriate GUID to the PowerSettingRegisterNotification API and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) +- Extended the [Effective Power Mode API](/windows/win32/api/powerbase/ne-powerbase-power-mode) to interpret the new energy saver levels when determining the returned effective power mode. + ## Features removed in Windows 11, version 24H2 The following [deprecated features](deprecated-features.md) are [removed](removed-features.md) in Windows 11, version 24H2: From dccde7dc44b56f36fc74b1e7b1b6797afe87fa09 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 16 Sep 2024 15:29:08 -0700 Subject: [PATCH 064/164] edits --- .../whats-new-windows-11-version-24h2.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 8fd6c23796..bf53df7eb9 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -70,10 +70,10 @@ Some of the features were released within the past year's continuous innovation The following changes were made for the SMB protocol: -- **SMB firewall rule changes**: The Windows Defender Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). +- **SMB firewall rule changes**: The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). - **SMB NTLM blocking exception list**: The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). - **SMB alternative client and server ports**: The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). -- **SMB over QUIC client access control**: [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). +- **SMB over QUIC client access control**: [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This change improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). - **SMB over QUIC client disable**: Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. - **SMB over QUIC client connection auditing**: Successful [SMB over QUIC client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) are now written to the event log to include the QUIC transport. You can view these events using Event Viewer under the following path: - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Connectivity**; Event ID = 30832. @@ -100,7 +100,7 @@ For more information about SMB network security, see [Secure SMB Traffic in Wind ### Local Security Authority (LSA) protection enablement on upgrade -[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. Starting with this upgrade, an audit occurs for incompatibilities with LSA protection for a period of time. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. I n the event log, LSA protection records whether programs are blocked from loading into LSA. If you would like to check if something was blocked, review the [logging](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load). +[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. An audit occurs for incompatibilities with LSA protection for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, LSA protection records whether programs are blocked from loading into LSA. If you would like to check if something was blocked, review the [logging](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load). ### Remote Mailslot protocol disabled by default @@ -130,7 +130,7 @@ There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win ### Personal Data Encryption (PDE) for folders -PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be [enabled from a policy in Intune](/mem/intune/protect/endpoint-security-disk-encryption-policy). IT admins can select the subset or all of the folders above and applying that policy to a group of users in their organization. +PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be [enabled from a policy in Intune](/mem/intune/protect/endpoint-security-disk-encryption-policy). IT admins can select all of the folders, or a subset, then apply the policy to a group of users in their organization. PDE for Folders settings is available on Intune under **Endpoint Security** > **Disk encryption**. For more information about PDE, see [PDE overview](/windows/security/operating-system-security/data-protection/personal-data-encryption) @@ -144,9 +144,9 @@ Windows protected print mode enables devices to print using only the Windows mod ### SHA-3 support -We are adding support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC). The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions has been enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. +We are adding support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC). The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. -- **Supported SHA-3 hash functions**: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 is not supported) +- **Supported SHA-3 hash functions**: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 isn't supported) - **Supported SHA-3 HMAC algorithms**: HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 @@ -154,7 +154,7 @@ We are adding support for the SHA-3 family of hash functions and SHA-3 derived f ### App Control for Business -Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital estate from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol). +Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital property from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol). ### Wi-Fi 7 support @@ -166,11 +166,11 @@ Customers who use these assistive hearing devices are now able to directly pair, ### Windows location improvements -New controls were added to help manage which apps have access to the list of Wi-Fi networks around you. which could be used to determine your location. +New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. - You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**. - A new prompt appears the first time an app attempts to access your location or Wi-Fi information. - The prompt also notifies when an app unexpectedly requests access to location services so that you can deny it. - - If you grant permission, apps that use location or Wi-Fi information now appear in **Recent activity** on the **Location** settings page, and the location icon will show in the taskbar while the app is in-use + - If you grant permission, apps that use location or Wi-Fi information now appear in **Recent activity** on the **Location** settings page, and the location icon is displayed in the taskbar while the app is in-use. - To hide these prompts when location has been turned off, turn off **Notify when apps request location** on the **Location** settings page. - Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change. From 243e1bce0503669af3f3d19f5116da3eeeb80331 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 16 Sep 2024 15:42:22 -0700 Subject: [PATCH 065/164] fix broken link --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index bf53df7eb9..f7c4342216 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -208,7 +208,7 @@ The following developer APIs were added or updated: - The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data may vary by region. - Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status by passing the appropriate GUID to the PowerSettingRegisterNotification API and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) -- Extended the [Effective Power Mode API](/windows/win32/api/powerbase/ne-powerbase-power-mode) to interpret the new energy saver levels when determining the returned effective power mode. +- Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode. ## Features removed in Windows 11, version 24H2 From 8089c15a953d840e6d666eee0ca95d81bf000dfc Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Sep 2024 10:37:32 -0700 Subject: [PATCH 066/164] ltsc-wn-8991336 --- windows/whats-new/TOC.yml | 2 + windows/whats-new/index.yml | 2 + windows/whats-new/ltsc/overview.md | 19 +-- .../ltsc/whats-new-windows-11-2024.md | 126 ++++++++++++++++++ 4 files changed, 141 insertions(+), 8 deletions(-) create mode 100644 windows/whats-new/ltsc/whats-new-windows-11-2024.md diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index 408873ec0b..65fdad756a 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -37,6 +37,8 @@ href: ltsc/whats-new-windows-10-2016.md - name: What's new in Windows 10 Enterprise LTSC 2015 href: ltsc/whats-new-windows-10-2015.md + - name: What's new in Windows 11 Enterprise LTSC 2024 + href: ltsc/whats-new-windows-11-2024.md - name: Windows commercial licensing overview href: windows-licensing.md - name: Deprecated and removed Windows features diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index f19e236cd4..dfba89de91 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -69,6 +69,8 @@ landingContent: url: ltsc/whats-new-windows-10-2016.md - text: What's new in Windows 10 Enterprise LTSC 2015 url: ltsc/whats-new-windows-10-2015.md + - text: What's new in Windows 11 Enterprise LTSC 2024 + url: ltsc/whats-new-windows-11-2024.md - title: Deprecated features linkLists: diff --git a/windows/whats-new/ltsc/overview.md b/windows/whats-new/ltsc/overview.md index 5fb5127bcf..c057558bb7 100644 --- a/windows/whats-new/ltsc/overview.md +++ b/windows/whats-new/ltsc/overview.md @@ -1,6 +1,6 @@ --- -title: Windows 10 Enterprise LTSC overview -description: An overview of the Windows 10 long-term servicing channel (LTSC). +title: Windows Enterprise LTSC overview +description: An overview of the Windows long-term servicing channel (LTSC). ms.service: windows-client author: mestew ms.author: mstewart @@ -8,15 +8,17 @@ manager: aaroncz ms.localizationpriority: low ms.topic: overview ms.subservice: itpro-fundamentals -ms.date: 07/09/2024 +ms.date: 10/01/2024 appliesto: - ✅ Windows 10 Enterprise LTSC + - ✅ Windows 11 Enterprise LTSC --- -# Windows 10 Enterprise LTSC +# Windows Enterprise LTSC -This article provides general information about the Windows 10 Enterprise long-term servicing channel (LTSC). For more information about the features in each available version of the Windows 10 LTSC, see the following articles: +This article provides general information about the Windows Enterprise long-term servicing channel (LTSC). For more information about the features in each available version of the Windows LTSC, see the following articles: +- [What's New in Windows 11 Enterprise LTSC 2024](whats-new-windows-11-2024.md) - [What's New in Windows 10 Enterprise LTSC 2021](whats-new-windows-10-2021.md) - [What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md) - [What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md) @@ -24,10 +26,11 @@ This article provides general information about the Windows 10 Enterprise long-t ## The long-term servicing channel (LTSC) -The following table summarizes equivalent feature update versions of Windows 10 LTSC and general availability channel (GA channel) releases: +The following table summarizes equivalent feature update versions of Windows LTSC and general availability channel (GA channel) releases: | LTSC release | Equivalent GA channel release | Availability date | | --- | --- | --- | +| Windows 11 Enterprise LTSC 2024 | Windows 11, Version 24H2 | 10/01/2024 | | Windows 10 Enterprise LTSC 2021 | Windows 10, Version 21H2 | 11/16/2021 | | Windows 10 Enterprise LTSC 2019 | Windows 10, Version 1809 | 11/13/2018 | | Windows 10 Enterprise LTSC 2016 | Windows 10, Version 1607 | 8/2/2016 | @@ -36,7 +39,7 @@ The following table summarizes equivalent feature update versions of Windows 10 > [!NOTE] > The long-term servicing channel was previously called the long-term servicing branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB. -With the LTSC servicing model, you can delay receiving *feature* updates and instead only receive monthly *quality* updates on devices. Features from Windows 10 that could be updated with new functionality, including Microsoft Edge and in-box Windows apps, are also not included. Feature updates are offered in new LTSC releases every several years instead of every few months. You can choose to install them as in-place upgrades, or even skip releases, what's best for your business requirements. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or search the [product lifecycle information](/lifecycle/products/) page. +With the LTSC servicing model, you can delay receiving *feature* updates and instead only receive monthly *quality* updates on devices. Features from Windows 10 and 11 that could be updated with new functionality, including Microsoft Edge and in-box Windows apps, are also not included. Feature updates are offered in new LTSC releases every several years instead of every few months. You can choose to install them as in-place upgrades, or even skip releases, what's best for your business requirements. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or search the [product lifecycle information](/lifecycle/products/) page. > [!IMPORTANT] > The long-term servicing channel isn't intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides a deployment option for special-purpose devices and environments. These devices typically do a single important task and don't need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC doesn't change for the lifetime of the release, over time there might be some external tools that don't continue to provide legacy support. For more information, see [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). @@ -47,4 +50,4 @@ For more information about Windows 10 servicing, see [Overview of Windows as a s - [What's new in Windows](../index.yml): See what's new in other versions of Windows. -- [Windows 10 release information](/windows/release-health/release-information): Windows 10 current versions by servicing option. +- [Windows release information](/windows/release-health/release-information): Current versions of Windows by servicing option. diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md new file mode 100644 index 0000000000..b7a91f921e --- /dev/null +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -0,0 +1,126 @@ +--- +title: What's new in Windows 11 Enterprise LTSC 2024 +manager: aaroncz +ms.author: mstewart +description: New and updated IT Pro content about new features in Windows 11 Enterprise LTSC 2024. +ms.service: windows-client +author: mestew +ms.localizationpriority: high +ms.topic: reference +ms.subservice: itpro-fundamentals +ms.date: 10/01/2024 +appliesto: + - ✅ Windows 11 Enterprise LTSC 2024 +--- + +# What's new in Windows 11 Enterprise LTSC 2024 + +This article lists new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise LTSC 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). + +> [!NOTE] +> Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are equivalent to Windows 11, version 24H2. +> +> The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the general availability channel release of Windows might be limited. + +Windows 11 Enterprise LTSC 2024 builds on Windows 10 Enterprise LTSC 2021, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. + +The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements provided in Windows 11 versions 21H2, 22H2, 23H2, and 24H2. Details about these enhancements are provided below. + +## Lifecycle + +> [!IMPORTANT] +> Windows 11 Enterprise LTSC 2024 has a 5 year lifecycle. ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-11-iot-enterprise-ltsc-2024)). Windows 11 Enterprise LTSC follows the [Fixed Lifecycle Policy](/lifecycle/policies/fixed). + + + +## Accessibility + +| Feature
          [Release] | Description | +| --- | --- | +| **Windows accessibility**
          [22H2] | Improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator.
          For more information, see:
            • [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)
            • [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554)
            • [Accessibility information for IT professionals](/windows/configuration/windows-10-accessibility-for-itpros). | +| **Braille displays**
          [23H2] | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). | +| **Narrator improvements**
          [23H2] | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1) | +| **Bluetooth ® LE audio support for assistive devices**
          [24H2] | Windows has taken a significant step forward in accessibility by supporting the use of hearing aids equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Improving accessibility with Bluetooth ® LE Audio](https://blogs.windows.com/windows-insider/2023/10/18/announcing-windows-11-insider-preview-build-25977-canary-channel/). | + +## Applications + + +| Feature
          [Release]| Description | +| --- | --- | +| **Internet Explorer** | Internet Explorer (IE) is no longer available in Windows 11 Enterprise LTSC 2024. However, you can use IE Mode if a website needs Internet Explorer. For more information, see [Internet Explorer (IE) Mode](/deployedge/edge-ie-mode) | +| **Microsoft Edge**
          [21H2] | The Microsoft Edge browser is the default browser. For information about configuring Microsoft Edge on Windows, see [Configure Microsoft Edge policy settings on Windows devices](/deployedge/configure-microsoft-edge). | + + +## Security + +The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. This section describes some of these features. Microsoft's [Edge Secured-core Program](/azure/certification/overview) provides recommended hardware with these features to ensure security out of the box. For a more comprehensive view, including zero trust, see [Windows security](/windows/security/). + +| Feature
          [Release] | Description | +| --- | --- | +| **Windows Security app**
          [21H2] | Windows Security app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more. For more information, see [the Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center). | +| **Security baselines**
          [21H2] | Security baselines include security settings that are already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines. For more information, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines). | +| **Microsoft Defender Antivirus**
          [21H2] | Microsoft Defender Antivirus helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Intune to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint. For more information, see:
            • [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
            • [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
            • [Enforce compliance for Microsoft Defender for Endpoint](/mem/intune/protect/advanced-threat-protection) | +| **Application Security**
          [21H2] | The Application Security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more. For more information, see [Windows application security](/windows/security/apps). | +| **Microsoft Pluton**
          [22H2] | Pluton, designed by Microsoft and built by silicon partners, is a secure crypto-processor built into the CPU. Pluton provides security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data, and encryption keys. Information is harder to be removed even if an attacker installed malware or has complete physical possession. For more information, see [Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor). | +| **Enhanced Phishing Protection**
          [22H2] | Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft passwords against phishing and unsafe usage. Enhanced Phishing Protection works alongside Windows security protections to help protect sign-in passwords. For more information, see:
            • [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)
            • [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog. | +| **Smart App Control**
          [22H2] | Smart App Control adds significant protection from malware, including new and emerging threats, by blocking apps that are malicious or untrusted. Smart App Control helps block unwanted apps that affect performance, display unexpected ads, offer extra software you didn't want, and other things you don't expect. For more information, see [Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control#wdac-and-smart-app-control). | +| **Credential Guard**
          [22H2] | Credential Guard, enabled by default, uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks like pass the hash and pass the ticket. For more information, see [Configure Credential Guard](/windows/security/identity-protection/credential-guard/configure).| +| **Malicious and vulnerable driver blocking**
          [22H2] | The vulnerable driver blocklist is automatically enabled on devices when Smart App Control is enabled and for clean installs of Windows. For more information, see [recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules#microsoft-vulnerable-driver-blocklist).| +| **Security hardening and threat protection**
          [22H2] | Enhanced support with Local Security Authority (LSA) to prevent code injection that could compromise credentials. For more information, see [Configuring Additional LSA Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json). | +| **Passkeys in Windows**
          [23H2] | Windows provides a native experience for passkey management. You can use the Settings app to view and manage passkeys saved for apps or websites. For more information, see [Support for passkeys in Windows](/windows/security/identity-protection/passkeys). | +| **Windows passwordless experience**
          [23H2] | Windows passwordless experience is a security policy that promotes a user experience without passwords on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices.
          When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). | +| **Web sign-in for Windows**
          [23H2] | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). | +| **Federated sign-in**
          [23H2] | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). | +| **Windows Hello for Business authentication improvement**
          [23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | +| **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| + +## Servicing + +Like Windows 10, Windows 11 Enterprise LTSC 2024 receives monthly quality updates. Some updates are large, and use bandwidth.
          + +| Feature
          [Release] | Description | +| --- | --- | +| **Windows Updates and Delivery optimization**
          [21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:
            • [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)
            • [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
            • [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)| +| **Control Windows Update notifications**
          [22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| +| **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | +| **Checkpoint cumulative updates**
          [24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | +| **Windows protected print mode**
          [24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | + +## Management + +| Feature
          [Release] | Description | +| --- | --- | +| **Microsoft Intune**
          [21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

          If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. | +| **Control Windows Update notifications**
          [22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| +| **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | +| **Start menu layout**
          [22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | +| **Declared configuration protocol**
          [23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| +| **Control File Explorer Home Recommended section**
          [23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| +| **Taskbar Button Policies**
          [23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| +| **Control Start Menu Recommended section**
          [23H2] | Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.| + +## Networking + +| Feature
          [Release] | Description | +| --- | --- | +| **Wi-Fi 7 consumer access points**
          [24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Win-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | + +## User Experience + +| Feature
          [Release] | Description | +| --- | --- | +| **Task Manager**
          [22H2]/[23H2] | A new command bar was added to each page to give access to common actions. Task Manager matches the system wide theme configured in Windows Settings. Added an efficiency mode that allows you to limit the resource usage of a process.
          Process filtering, theme settings, and the ability to opt out of efficiency mode notification were added to Task Manager. | +| **Taskbar overflow menu**
          [23H2] | The taskbar offers an entry point to a menu that shows all of your overflowed apps in one spot. | +| **Taskbar Optimize for touch**
          [23H2] | Taskbar touch optimization is available for devices that can be used as a tablet. Once enabled, the user can switch between a collapsed taskbar, saving screen space, and an expanded taskbar, optimized for touch. The taskbar changes to this optimized version when you disconnect or fold back the keyboard on a 2-in-1 device. To enable or disable this feature on a tablet capable device, go to Settings > Personalization > Taskbar > Taskbar behaviors. See also [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913) | +| **File Explorer Tabs**
          [23H2] | File Explorer includes tabs to help you organize your File Explorer sessions. | +| **Windows Ink as input**
          [23H2] | Windows Ink allows users to handwrite directly onto most editable fields | +| **Uninstall Win32 app**
          [23H2] | Selecting Uninstall for a Win32 app from the right-click menu uses the Installed Apps page in Settings rather than Programs and Features in Control Panel. For more information, see [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) | +| **Dev Drive**
          [23H2] | Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/) and [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310). | +| **High Efficiency Video Coding (HEVC) support**
          [22H2] | HEVC is designed to take advantage of hardware capabilities on some newer devices to support 4K and Ultra HD content. For devices that don't have hardware support for HEVC videos, software support is provided, but the playback experience might vary based on the video resolution and your devices performance. | +| **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | + + +## Related links + +- [Windows Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release. +- [Release History](Release-History.md) \ No newline at end of file From 522d07f018c63c7d00b45cd9bee0b50bb5547d61 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Sep 2024 10:57:45 -0700 Subject: [PATCH 067/164] ltsc-wn-8991336 --- windows/whats-new/TOC.yml | 4 ++-- windows/whats-new/index.yml | 5 +++-- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index 65fdad756a..a5cb81aae9 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -29,6 +29,8 @@ items: - name: Windows 10 Enterprise LTSC overview href: ltsc/overview.md + - name: What's new in Windows 11 Enterprise LTSC 2024 + href: ltsc/whats-new-windows-11-2024.md - name: What's new in Windows 10 Enterprise LTSC 2021 href: ltsc/whats-new-windows-10-2021.md - name: What's new in Windows 10 Enterprise LTSC 2019 @@ -37,8 +39,6 @@ href: ltsc/whats-new-windows-10-2016.md - name: What's new in Windows 10 Enterprise LTSC 2015 href: ltsc/whats-new-windows-10-2015.md - - name: What's new in Windows 11 Enterprise LTSC 2024 - href: ltsc/whats-new-windows-11-2024.md - name: Windows commercial licensing overview href: windows-licensing.md - name: Deprecated and removed Windows features diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index dfba89de91..30c08dfd93 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -61,6 +61,8 @@ landingContent: links: - text: Windows 10 Enterprise LTSC overview url: ltsc/overview.md + - text: What's new in Windows 11 Enterprise LTSC 2024 + url: ltsc/whats-new-windows-11-2024.md - text: What's new in Windows 10 Enterprise LTSC 2021 url: ltsc/whats-new-windows-10-2021.md - text: What's new in Windows 10 Enterprise LTSC 2019 @@ -69,8 +71,7 @@ landingContent: url: ltsc/whats-new-windows-10-2016.md - text: What's new in Windows 10 Enterprise LTSC 2015 url: ltsc/whats-new-windows-10-2015.md - - text: What's new in Windows 11 Enterprise LTSC 2024 - url: ltsc/whats-new-windows-11-2024.md + - title: Deprecated features linkLists: diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index b7a91f921e..484e0428b2 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -123,4 +123,4 @@ Like Windows 10, Windows 11 Enterprise LTSC 2024 receives monthly quality update ## Related links - [Windows Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release. -- [Release History](Release-History.md) \ No newline at end of file +- [Release information](/windows/release-health/windows11-release-information) \ No newline at end of file From ef06cc3c16df63af83bfb33fcdb92355be64d635 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Sep 2024 11:00:34 -0700 Subject: [PATCH 068/164] ltsc-wn-8991336 --- windows/whats-new/TOC.yml | 4 ++-- windows/whats-new/index.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index a5cb81aae9..9ea80b6ff3 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -24,10 +24,10 @@ href: extended-security-updates.md - name: What's new in Windows 10, version 22H2 href: whats-new-windows-10-version-22H2.md -- name: Windows 10 Enterprise LTSC +- name: Windows Enterprise LTSC expanded: false items: - - name: Windows 10 Enterprise LTSC overview + - name: Windows Enterprise LTSC overview href: ltsc/overview.md - name: What's new in Windows 11 Enterprise LTSC 2024 href: ltsc/whats-new-windows-11-2024.md diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index 30c08dfd93..c9c85bb199 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -55,7 +55,7 @@ landingContent: - text: What's new in Windows 10, version 22H2 url: whats-new-windows-10-version-22h2.md - - title: Windows 10 Enterprise LTSC + - title: Windows Enterprise LTSC linkLists: - linkListType: whats-new links: From 09b9e439d46c692451452fb681fb9652c9c05767 Mon Sep 17 00:00:00 2001 From: Kevin Sheehan <116211220+kbsheehan@users.noreply.github.com> Date: Tue, 17 Sep 2024 14:56:10 -0400 Subject: [PATCH 069/164] Update configuration-service-provider-ddf.md Added new DDF files, moved old download to bottom --- .../mdm/configuration-service-provider-ddf.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/configuration-service-provider-ddf.md b/windows/client-management/mdm/configuration-service-provider-ddf.md index 99b94df749..67b8fe4fa2 100644 --- a/windows/client-management/mdm/configuration-service-provider-ddf.md +++ b/windows/client-management/mdm/configuration-service-provider-ddf.md @@ -13,7 +13,7 @@ This article lists the OMA DM device description framework (DDF) files for vario As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download: -- [DDF v2 Files, May 2024](https://download.microsoft.com/download/f/6/1/f61445f7-1d38-45f7-bc8c-609b86e4aabc/DDFv2May24.zip) +- [DDF v2 Files, September 2024](https://download.microsoft.com/download/b/e/7/be7f4a26-2621-4143-b11a-12f6d0ad7413/DDFv2Sept24.zip) ## DDF v2 schema @@ -574,7 +574,7 @@ DDF v2 XML schema definition is listed below along with the schema definition fo ## Older DDF files You can download the older DDF files for various CSPs from the links below: - +- [Download all the DDF files for Windows 10 and 11 May 2024](https://download.microsoft.com/download/f/6/1/f61445f7-1d38-45f7-bc8c-609b86e4aabc/DDFv2May24.zip) - [Download all the DDF files for Windows 10 and 11 September 2023](https://download.microsoft.com/download/0/e/c/0ec027e5-8971-49a2-9230-ec9352bc3ead/DDFv2September2023.zip) - [Download all the DDF files for Windows 10 and 11 December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip) - [Download all the DDF files for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/Windows10_2004_DDF_download.zip) From 5d3b07895e8d3b4e3bb7a739932ad84df52f89ef Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Sep 2024 14:16:34 -0700 Subject: [PATCH 070/164] ltsc-wn-8991336 --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 484e0428b2..5179b2e07a 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -15,7 +15,7 @@ appliesto: # What's new in Windows 11 Enterprise LTSC 2024 -This article lists new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise LTSC 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). +This article lists some of the new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise LTSC 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). > [!NOTE] > Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are equivalent to Windows 11, version 24H2. @@ -53,7 +53,7 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements ## Security -The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. This section describes some of these features. Microsoft's [Edge Secured-core Program](/azure/certification/overview) provides recommended hardware with these features to ensure security out of the box. For a more comprehensive view, including zero trust, see [Windows security](/windows/security/). +The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. For a more comprehensive view, including zero trust, see [Windows security](/windows/security/). | Feature
          [Release] | Description | | --- | --- | @@ -76,7 +76,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur ## Servicing -Like Windows 10, Windows 11 Enterprise LTSC 2024 receives monthly quality updates. Some updates are large, and use bandwidth.
          + | Feature
          [Release] | Description | | --- | --- | From f5278d4101cc177cfec50c0e082c95f984ab8e6f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 17 Sep 2024 14:45:25 -0700 Subject: [PATCH 071/164] edits to le, index, and toc --- windows/whats-new/TOC.yml | 2 ++ windows/whats-new/index.yml | 2 ++ windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml index 408873ec0b..00f597f946 100644 --- a/windows/whats-new/TOC.yml +++ b/windows/whats-new/TOC.yml @@ -13,6 +13,8 @@ href: windows-11-prepare.md - name: Windows 11 enterprise feature control href: temporary-enterprise-feature-control.md + - name: What's new in Windows 11, version 24H2 + href: whats-new-windows-11-version-24h2.md - name: What's new in Windows 11, version 23H2 href: whats-new-windows-11-version-23h2.md - name: What's new in Windows 11, version 22H2 diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index f19e236cd4..d38e0026f0 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -41,6 +41,8 @@ landingContent: linkLists: - linkListType: whats-new links: + - text: What's new in Windows 11, version 24H2 + url: whats-new-windows-11-version-24h2.md - text: What's new in Windows 11, version 23H2 url: whats-new-windows-11-version-23h2.md - text: What's new in Windows 11, version 22H2 diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index f7c4342216..9afb533e0e 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -162,7 +162,7 @@ Support for Wi-Fi 7 was added for consumer access points. Wi-Fi 7, also known a ### Bluetooth ® LE audio support for assistive devices -Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. +Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). ### Windows location improvements From 7a3d6d27076664e52c94e9565c2a8a37c481331f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 18 Sep 2024 16:04:53 -0700 Subject: [PATCH 072/164] smb tweaks --- .../whats-new-windows-11-version-24h2.md | 36 ++++++++++++++++--- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 9afb533e0e..d68ad5b617 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -68,16 +68,42 @@ Some of the features were released within the past year's continuous innovation ### Server Message Block (SMB) protocol changes -The following changes were made for the SMB protocol: +#### SMB firewall rule changes + +The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. + +This change enforces a higher degree of default of network security as well as bringing SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. + +For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). + +#### SMB NTLM blocking exception list + +The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. + +An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and cannot brute force, crack, or pass hashes. This adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. + +For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). + +#### SMB alternative client and server ports + +The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape. +For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). + +#### SMB dialect management + +The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. + +For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). + +#### SMB over QUIC -- **SMB firewall rule changes**: The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). -- **SMB NTLM blocking exception list**: The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). -- **SMB alternative client and server ports**: The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). - **SMB over QUIC client access control**: [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This change improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). - **SMB over QUIC client disable**: Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. - **SMB over QUIC client connection auditing**: Successful [SMB over QUIC client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) are now written to the event log to include the QUIC transport. You can view these events using Event Viewer under the following path: - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Connectivity**; Event ID = 30832. -- **SMB dialect management**: The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). + +#### SMB signing and encryption + - **SMB signing requirement changes**: In Windows 11, version 24H2 on the Pro, Education, and Enterprise editions, [SMB signing](/windows-server/storage/file-server/smb-signing) is now required by default for all connections. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). - **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/smb-security) on all outbound SMB client connections. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). - **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. To configure SMB client or server signing or encryption auditing using Group Policy, use the following policies: From a8ee3ed6ea04175238b82283f28382c683c151f7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 08:28:00 -0700 Subject: [PATCH 073/164] edits and formatting --- .../whats-new-windows-11-version-24h2.md | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index d68ad5b617..531eec3094 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -25,7 +25,7 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ - **Windows 11 Pro**: Serviced for 24 months from the release date. - **Windows 11 Enterprise**: Serviced for 36 months from the release date. -Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have a recent monthly security update installed. Many of the new features are already enabled on Windows 11, version 23H2 clients. + Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update]( https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). @@ -52,12 +52,12 @@ With checkpoint cumulative updates, the update file level differentials are base ## Features exclusive to Copilot+ PCs in 24H2 -Copilot+ PCs are a new class of Windows 11 AI PCs that are powered by a neural processing unit (NPU) that can perform more than 40 trillion operations per second (TOPS). The following features are exclusive to Copilot+ PCs in Windows 11, version 24H2: +Copilot+ PCs are a new class of Windows 11 AI PCs that are powered by a neural processing unit (NPU) that can perform more than 40 trillion operations per second (TOPS). The following features are exclusive to [Copilot+ PCs](https://www.microsoft.com/windows/copilot-plus-pcs) in Windows 11, version 24H2: - Live Captions allow you to translate audio and video content into English subtitles from 44 languages. For more information, see [Use live captions to better understand audio](https://support.microsoft.com/topic/b52da59c-14b8-4031-aeeb-f6a47e6055df). - Windows Studio Effects is the collective name of AI-powered video call and audio effects that are available on Copilot+ PCs and select Windows 11 devices with compatible NPUs. Windows Studio Effects automatically improves lighting and cancels noises during video calls. For more information, see [Windows Studio Effects](https://support.microsoft.com/topic/273c1fa8-2b3f-41b1-a587-7cc7a24b62d8). - Cocreator in Paint allows you to create amazing artwork with the help of AI. Enter a text prompt, start drawing in Paint, and Cocreator will generate artwork based on what you're drawing. For more information, see [Cocreator in Paint](https://support.microsoft.com/topic/53857513-e36c-472d-8d4a-adbcd14b2e54) -- Auto super resolution (Auto SR) seamlessly integrates with Windows to automatically enhance the frame rates of existing games in real-time while also providing detailed visuals on screen. For more information, see [Automatic Super Resolution](https://support.microsoft.com/topic/5d6d95fa-cc02-4673-b62c-2c50f06385aa). +- Auto Super Resolution (Auto SR) is the first AI-powered super resolution solution built into an operating system, making games automatically play smoother with higher resolution details. For more information, see [Automatic Super Resolution](https://support.microsoft.com/topic/5d6d95fa-cc02-4673-b62c-2c50f06385aa). - Image Creator and Restyle Image in the Microsoft Photos app lets you reimagine your photos or create new images with the assistance of AI. For more information, see [Microsoft Photos Restyle Image and Image Creator](https://support.microsoft.com/topic/6c352e99-d954-49c9-84cd-b7cacd018868). ## Features added to Windows 11 since version 23H2 @@ -86,19 +86,24 @@ For more information about this change, see [https://aka.ms/SmbNtlmBlock](https: #### SMB alternative client and server ports -The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. This is part of a campaign to improve the security of Windows and Windows Server for the modern landscape. -For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). +The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). #### SMB dialect management -The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. +The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). #### SMB over QUIC -- **SMB over QUIC client access control**: [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This change improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). -- **SMB over QUIC client disable**: Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. +##### SMB over QUIC client access control + +[SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This change improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). + +##### SMB over QUIC client disable + +Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. + - **SMB over QUIC client connection auditing**: Successful [SMB over QUIC client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) are now written to the event log to include the QUIC transport. You can view these events using Event Viewer under the following path: - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Connectivity**; Event ID = 30832. From e285a11ca5a412d38e2d76b44f419a95421b5c03 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 10:53:09 -0700 Subject: [PATCH 074/164] edits and formatting --- .../whats-new-windows-11-version-24h2.md | 50 +++++++------------ 1 file changed, 19 insertions(+), 31 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 531eec3094..55951005d3 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -72,62 +72,50 @@ Some of the features were released within the past year's continuous innovation The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. -This change enforces a higher degree of default of network security as well as bringing SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. +This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. -For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). +For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). #### SMB NTLM blocking exception list -The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. - -An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and cannot brute force, crack, or pass hashes. This adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. +The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and can't brute force, crack, or pass hashes. This change adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). -#### SMB alternative client and server ports - -The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). - #### SMB dialect management The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). +#### SMB alternative client and server ports + +The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). + + #### SMB over QUIC -##### SMB over QUIC client access control +[SMB over QUIC](/windows-server/storage/file-server/smb-over-quic), which introduced an alternative to TCP and RDMA, supplies secure connectivity to edge file servers over untrusted networks like the Internet. QUIC has significant advantages, the largest being mandatory certificate-based encryption instead of relying on passwords. SMB over QUIC [client access control](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) improves the existing SMB over QUIC feature. -[SMB over QUIC](/windows-server/storage/file-server/smb-over-quic) now supports additional [access control options](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) for clients. This change improves the existing SMB over QUIC feature, which introduced an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. For more information about this change, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). +Administrators now have more options for SMB over QUIC such as: -##### SMB over QUIC client disable +- [Specifying which clients](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#grant-individual-clients) can access SMB over QUIC servers. This gives organizations more protection but doesn't change the Windows authentication used to make the SMB connection or the end user experience. +- [Disabling SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell +- [Auditing client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) for SMB over QUIC -Administrators can now [disable the SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell. To disable SMB over QUIC using PowerShell, use `Set-SmbClientConfiguration -EnableSMBQUIC $false`. To disable SMB over QUIC using Group Policy, use the **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Enable SMB over QUIC** policy. +For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). -- **SMB over QUIC client connection auditing**: Successful [SMB over QUIC client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) are now written to the event log to include the QUIC transport. You can view these events using Event Viewer under the following path: - - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Connectivity**; Event ID = 30832. #### SMB signing and encryption -- **SMB signing requirement changes**: In Windows 11, version 24H2 on the Pro, Education, and Enterprise editions, [SMB signing](/windows-server/storage/file-server/smb-signing) is now required by default for all connections. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). -- **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/smb-security) on all outbound SMB client connections. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). -- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. To configure SMB client or server signing or encryption auditing using Group Policy, use the following policies: - - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Audit server does not support encryption** - - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Workstation** > **Audit server does not support signing** - - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Server** > **Audit client does not support encryption** - - **Computer Configuration** > **Administrative Templates** > **Network** > **Lanman Server** > **Audit client does not support signing** +The following changes were made for SMB signing and encryption: - To use PowerShell, run the following command in an elevated console: - - `Set-SmbClientConfiguration -AuditServerDoesNotSupportEncryption $true` - - `Set-SmbClientConfiguration -AuditServerDoesNotSupportSigning $true` - - `Set-SmbServerConfiguration -AuditClientDoesNotSupportEncryption $true` - - `Set-SmbServerConfiguration -AuditClientDoesNotSupportSigning $true` +- **SMB signing requirement changes**: In Windows 11, version 24H2 on the Pro, Education, and Enterprise editions, [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). - You can view these events using Event Viewer under: - - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBClient** > **Audit**; Event IDs = 31998, 31999 - - **Applications and Services Logs** > **Microsoft** > **Windows** > **SMBServer** > **Audit**; Event IDs = 3021, 3022 +- **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). + +- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. You can configure these settings with PowerShell and Group Policy. -For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). ### Local Security Authority (LSA) protection enablement on upgrade From 4daf57811cb321bcce3aac1181629c41458386e7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 11:14:07 -0700 Subject: [PATCH 075/164] edits and formatting --- windows/whats-new/whats-new-windows-11-version-24h2.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 55951005d3..f83f24e361 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -114,8 +114,8 @@ The following changes were made for SMB signing and encryption: - **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). -- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. You can configure these settings with PowerShell and Group Policy. - +- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. + ### Local Security Authority (LSA) protection enablement on upgrade From bce86d0ab53468f2f74c02087a579d58997be307 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:00:43 -0700 Subject: [PATCH 076/164] edits and formatting --- windows/whats-new/whats-new-windows-11-version-24h2.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index f83f24e361..30305729d1 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -18,7 +18,9 @@ appliesto: # What's new in Windows 11, version 24H2 -Windows 11, version 24H2 is a feature update for Windows 11. It includes all features and fixes in previous cumulative updates to Windows 11, version 23H2. This article lists the new and updated features IT Pros should know. +Windows 11, version 24H2 is a feature update for Windows 11. It includes all features and fixes in previous cumulative updates to Windows 11, version 23H2. This article lists the new and updated features IT Pros should know. + +>**Looking for consumer information?** See [Windows 11 2024 update](https://support.microsoft.com/topic/93c5c27c-f96e-43c2-a08e-5812d92f220d#windowsupdate=26100). Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/faq/windows#windows-11): From eb00ca0026acf7fab1cd4da1d9b4606a3f4a8260 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 14:27:56 -0700 Subject: [PATCH 077/164] edits and formatting --- windows/whats-new/whats-new-windows-11-version-24h2.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 30305729d1..276413cae5 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -197,7 +197,13 @@ New controls were added to help manage which apps have access to the list of Wi- ### Sudo for Windows -Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). +Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. The sudo command can be configured to run in three different modes: + +- **In a new window**: The elevated command runs in a new window. This mode is similar to the behavior of the `runas /user:admin` command. +- **With input disabled**: Runs the elevated process in the current window, but with the input handle closed. This means that the elevated process won't be able to receive input from the current console window. +- **Inline**: Runs the elevated process in the current window and the process is able to receive input from the current console session. This mode is most similar to the sudo experience on other platforms. + +It is recommended that you review the security considerations for each mode here before [enabling the sudo command](/windows/sudo/#how-to-enable-sudo-for-windows) on your machine. For more information, see [Sudo for Windows](/windows/sudo/). ### Enable optional updates From dff85fa63a30f4abbbe273d020db5d73ebbb0e72 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:07:12 -0700 Subject: [PATCH 078/164] edits --- windows/whats-new/whats-new-windows-11-version-24h2.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 276413cae5..e45be6bd36 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -29,7 +29,7 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ -Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update]( https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). +Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update]( https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/). @@ -58,7 +58,7 @@ Copilot+ PCs are a new class of Windows 11 AI PCs that are powered by a neural p - Live Captions allow you to translate audio and video content into English subtitles from 44 languages. For more information, see [Use live captions to better understand audio](https://support.microsoft.com/topic/b52da59c-14b8-4031-aeeb-f6a47e6055df). - Windows Studio Effects is the collective name of AI-powered video call and audio effects that are available on Copilot+ PCs and select Windows 11 devices with compatible NPUs. Windows Studio Effects automatically improves lighting and cancels noises during video calls. For more information, see [Windows Studio Effects](https://support.microsoft.com/topic/273c1fa8-2b3f-41b1-a587-7cc7a24b62d8). -- Cocreator in Paint allows you to create amazing artwork with the help of AI. Enter a text prompt, start drawing in Paint, and Cocreator will generate artwork based on what you're drawing. For more information, see [Cocreator in Paint](https://support.microsoft.com/topic/53857513-e36c-472d-8d4a-adbcd14b2e54) +- Cocreator in Paint allows you to create amazing artwork with the help of AI. Enter a text prompt, start drawing in Paint, and Cocreator generates artwork based on what you're drawing. For more information, see [Cocreator in Paint](https://support.microsoft.com/topic/53857513-e36c-472d-8d4a-adbcd14b2e54) - Auto Super Resolution (Auto SR) is the first AI-powered super resolution solution built into an operating system, making games automatically play smoother with higher resolution details. For more information, see [Automatic Super Resolution](https://support.microsoft.com/topic/5d6d95fa-cc02-4673-b62c-2c50f06385aa). - Image Creator and Restyle Image in the Microsoft Photos app lets you reimagine your photos or create new images with the assistance of AI. For more information, see [Microsoft Photos Restyle Image and Image Creator](https://support.microsoft.com/topic/6c352e99-d954-49c9-84cd-b7cacd018868). @@ -165,7 +165,7 @@ Windows protected print mode enables devices to print using only the Windows mod ### SHA-3 support -We are adding support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC). The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. +Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. - **Supported SHA-3 hash functions**: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 isn't supported) @@ -203,7 +203,7 @@ Sudo for Windows is a new way for users to run elevated commands (as an administ - **With input disabled**: Runs the elevated process in the current window, but with the input handle closed. This means that the elevated process won't be able to receive input from the current console window. - **Inline**: Runs the elevated process in the current window and the process is able to receive input from the current console session. This mode is most similar to the sudo experience on other platforms. -It is recommended that you review the security considerations for each mode here before [enabling the sudo command](/windows/sudo/#how-to-enable-sudo-for-windows) on your machine. For more information, see [Sudo for Windows](/windows/sudo/). +It's recommended that you review the security considerations for each mode here before [enabling the sudo command](/windows/sudo/#how-to-enable-sudo-for-windows) on your machine. For more information, see [Sudo for Windows](/windows/sudo/). ### Enable optional updates @@ -233,7 +233,7 @@ Remote Desktop Connection has the following improvements: The following developer APIs were added or updated: -- The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data may vary by region. +- Introduced the [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast). App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data may vary by region. - Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status by passing the appropriate GUID to the PowerSettingRegisterNotification API and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) - Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode. From cfdf6f8e7b8d3a6bd05afa34687426bc1e2bd8a3 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:17:39 -0700 Subject: [PATCH 079/164] edit --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 5179b2e07a..0484970d3d 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -33,6 +33,8 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements + + ## Accessibility | Feature
          [Release] | Description | @@ -40,7 +42,7 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | **Windows accessibility**
          [22H2] | Improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator.
          For more information, see:
            • [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)
            • [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554)
            • [Accessibility information for IT professionals](/windows/configuration/windows-10-accessibility-for-itpros). | | **Braille displays**
          [23H2] | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). | | **Narrator improvements**
          [23H2] | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1) | -| **Bluetooth ® LE audio support for assistive devices**
          [24H2] | Windows has taken a significant step forward in accessibility by supporting the use of hearing aids equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Improving accessibility with Bluetooth ® LE Audio](https://blogs.windows.com/windows-insider/2023/10/18/announcing-windows-11-insider-preview-build-25977-canary-channel/). | +| **Bluetooth ® LE audio support for assistive devices**
          [24H2] | Windows has taken a significant step forward in accessibility by supporting the use of assistive hearing devices equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). | ## Applications @@ -77,7 +79,6 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur ## Servicing - | Feature
          [Release] | Description | | --- | --- | | **Windows Updates and Delivery optimization**
          [21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:
            • [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)
            • [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
            • [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)| @@ -94,6 +95,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Control Windows Update notifications**
          [22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| | **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | | **Start menu layout**
          [22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | +| **Restricted User Experience**
          [23H2] | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. | | **Declared configuration protocol**
          [23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| | **Control File Explorer Home Recommended section**
          [23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| | **Taskbar Button Policies**
          [23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| From 34db6b3118bd12f908e0280b90775afcdcb573b6 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 23 Sep 2024 08:04:32 -0700 Subject: [PATCH 080/164] add lsa protection enablement --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 0484970d3d..f1264f97d3 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -75,6 +75,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Federated sign-in**
          [23H2] | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). | | **Windows Hello for Business authentication improvement**
          [23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | | **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| +| **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | ## Servicing From b9a00d5337caf85e0cd787158f6f918b076af7e2 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 23 Sep 2024 08:15:32 -0700 Subject: [PATCH 081/164] add pde --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index f1264f97d3..bf1eeaddf4 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -69,6 +69,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Credential Guard**
          [22H2] | Credential Guard, enabled by default, uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks like pass the hash and pass the ticket. For more information, see [Configure Credential Guard](/windows/security/identity-protection/credential-guard/configure).| | **Malicious and vulnerable driver blocking**
          [22H2] | The vulnerable driver blocklist is automatically enabled on devices when Smart App Control is enabled and for clean installs of Windows. For more information, see [recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules#microsoft-vulnerable-driver-blocklist).| | **Security hardening and threat protection**
          [22H2] | Enhanced support with Local Security Authority (LSA) to prevent code injection that could compromise credentials. For more information, see [Configuring Additional LSA Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json). | +| **Personal Data Encryption (PDE)**
          [22H2] | [Personal Data Encryption (PDE)](/windows/security/operating-system-security/data-protection/personal-data-encryption/) is a security feature that provides file-based data encryption capabilities to Windows. PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user. | | **Passkeys in Windows**
          [23H2] | Windows provides a native experience for passkey management. You can use the Settings app to view and manage passkeys saved for apps or websites. For more information, see [Support for passkeys in Windows](/windows/security/identity-protection/passkeys). | | **Windows passwordless experience**
          [23H2] | Windows passwordless experience is a security policy that promotes a user experience without passwords on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices.
          When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). | | **Web sign-in for Windows**
          [23H2] | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). | @@ -76,6 +77,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows Hello for Business authentication improvement**
          [23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | | **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| | **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | +| **Rust in the Windows kernel**
          [24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | ## Servicing From dc1ffb96eaf604eecd00d32a6bcd48eff52e19a6 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:13:49 -0700 Subject: [PATCH 082/164] location,rust,sha3 --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index bf1eeaddf4..7b41cd5622 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -78,6 +78,8 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| | **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | | **Rust in the Windows kernel**
          [24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | +| **SHA-3 support**
          [24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | + ## Servicing @@ -123,6 +125,8 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Dev Drive**
          [23H2] | Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/) and [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310). | | **High Efficiency Video Coding (HEVC) support**
          [22H2] | HEVC is designed to take advantage of hardware capabilities on some newer devices to support 4K and Ultra HD content. For devices that don't have hardware support for HEVC videos, software support is provided, but the playback experience might vary based on the video resolution and your devices performance. | | **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | +| **Windows location improvements**
          [24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. Users can view and modify which apps can access the list of Wi-Fi networks and manage notifications from **Settings** > **Privacy & security** > **Location**. | + ## Related links From 1da4412845d8813ecedc9a9fc63fe05a46f372ad Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:17:58 -0700 Subject: [PATCH 083/164] mstsc --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 7b41cd5622..66f8e42023 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -43,6 +43,8 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | **Braille displays**
          [23H2] | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). | | **Narrator improvements**
          [23H2] | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1) | | **Bluetooth ® LE audio support for assistive devices**
          [24H2] | Windows has taken a significant step forward in accessibility by supporting the use of assistive hearing devices equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). | +| **Remote Desktop Connection improvements**
          [24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. Remote Desktop Connection supports zoom options of 350, 400, 450, and 500% | + ## Applications @@ -128,7 +130,6 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows location improvements**
          [24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. Users can view and modify which apps can access the list of Wi-Fi networks and manage notifications from **Settings** > **Privacy & security** > **Location**. | - ## Related links - [Windows Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release. From eeb9b16719121e5ca6303953172c7eeb794c7c21 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 23 Sep 2024 10:18:06 -0600 Subject: [PATCH 084/164] Update include file --- .../licensing/windows-defender-application-control-wdac.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md index 52264205ff..87446bab24 100644 --- a/includes/licensing/windows-defender-application-control-wdac.md +++ b/includes/licensing/windows-defender-application-control-wdac.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 09/18/2023 +ms.date: 09/23/2024 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Windows Defender Application Control (WDAC): +The following table lists the Windows editions that support App Control for Business: |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Windows Defender Application Control (WDAC) license entitlements are granted by the following licenses: +App Control license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| From c5b942aa4767da4f676c8a3055e0dc3e3538bb14 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:22:49 -0700 Subject: [PATCH 085/164] edits --- .../whats-new/ltsc/whats-new-windows-11-2024.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 66f8e42023..b8076ee9ce 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -1,8 +1,8 @@ --- -title: What's new in Windows 11 Enterprise LTSC 2024 +title: What's new in Windows 11 Enterprise long-term servicing channel (LTSC) 2024 manager: aaroncz ms.author: mstewart -description: New and updated IT Pro content about new features in Windows 11 Enterprise LTSC 2024. +description: New and updated IT Pro content about new features in Windows 11 Enterprise long-term servicing channel (LTSC) 2024. ms.service: windows-client author: mestew ms.localizationpriority: high @@ -15,7 +15,7 @@ appliesto: # What's new in Windows 11 Enterprise LTSC 2024 -This article lists some of the new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise LTSC 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). +This article lists some of the new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise long-term servicing channel (LTSC) 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). > [!NOTE] > Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are equivalent to Windows 11, version 24H2. @@ -57,7 +57,7 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements ## Security -The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. For a more comprehensive view, including zero trust, see [Windows security](/windows/security/). +The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. For a more comprehensive view, including Zero Trust, see [Windows security](/windows/security/). | Feature
          [Release] | Description | | --- | --- | @@ -80,7 +80,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| | **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | | **Rust in the Windows kernel**
          [24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | -| **SHA-3 support**
          [24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | +| **SHA-3 support**
          [24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms is the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | ## Servicing @@ -91,7 +91,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows Updates and Delivery optimization**
          [21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:
            • [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)
            • [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
            • [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)| | **Control Windows Update notifications**
          [22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| | **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | -| **Checkpoint cumulative updates**
          [24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | +| **Checkpoint cumulative updates**
          [24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | | **Windows protected print mode**
          [24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | ## Management @@ -112,7 +112,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | Feature
          [Release] | Description | | --- | --- | -| **Wi-Fi 7 consumer access points**
          [24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Win-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | +| **Wi-Fi 7 consumer access points**
          [24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Wi-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | ## User Experience From d01caf201f75a23a257f2e064735da5c125c5d9c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 23 Sep 2024 09:34:56 -0700 Subject: [PATCH 086/164] hub page edits --- windows/hub/index.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 6fbeb4df3b..2fc576e11b 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -25,11 +25,11 @@ highlightedContent: itemType: get-started url: /windows/whats-new/windows-11-overview - - title: Windows 11, version 23H2 + - title: Windows 11, version 24H2 itemType: whats-new - url: /windows/whats-new/whats-new-windows-11-version-23h2 + url: /windows/whats-new/whats-new-windows-11-version-24h2 - - title: Windows 11, version 23H2 group policy settings reference + - title: Windows 11, version 24H2 group policy settings reference itemType: download url: https://www.microsoft.com/download/details.aspx?id=105668 From 891705f269845eafb97aea968e94c6b8d7e225ea Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 23 Sep 2024 11:08:16 -0600 Subject: [PATCH 087/164] Minor TOC updates --- .../application-control/app-control-for-business/TOC.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/TOC.yml b/windows/security/application-security/application-control/app-control-for-business/TOC.yml index 281cda06cd..f2cf8c651c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/TOC.yml +++ b/windows/security/application-security/application-control/app-control-for-business/TOC.yml @@ -10,7 +10,7 @@ href: feature-availability.md - name: Virtualization-based protection of code integrity href: ../introduction-to-virtualization-based-security-and-appcontrol.md -- name: App Control design guide +- name: Design guide href: design/appcontrol-design-guide.md items: - name: Plan for App Control policy lifecycle management @@ -72,7 +72,7 @@ href: design/appcontrol-wizard-parsing-event-logs.md - name: Merging multiple App Control policies with the Wizard href: design/appcontrol-wizard-merging-policies.md -- name: App Control deployment guide +- name: Deployment guide href: deployment/appcontrol-deployment-guide.md items: - name: Deploy App Control policies with MDM @@ -100,7 +100,7 @@ href: deployment/create-code-signing-cert-for-appcontrol.md - name: Disable App Control policies href: deployment/disable-appcontrol-policies.md -- name: App Control operational guide +- name: Operational guide href: operations/appcontrol-operational-guide.md items: - name: App Control debugging and troubleshooting @@ -119,7 +119,7 @@ href: operations/citool-commands.md - name: Inbox App Control policies href: operations/inbox-appcontrol-policies.md -- name: App Control AppId Tagging guide +- name: AppId Tagging guide href: AppIdTagging/appcontrol-appid-tagging-guide.md items: - name: Creating AppId Tagging Policies From da01c21eae246241598ee78166db9de629419e0d Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 23 Sep 2024 12:48:34 -0600 Subject: [PATCH 088/164] Update windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md Co-authored-by: Jordan Geurten --- .../app-control-for-business/design/appcontrol-and-dotnet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md index e1c1d02183..6e31a5e523 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md @@ -25,7 +25,7 @@ To mitigate any performance impact caused when the App Control EA isn't valid or Security researchers found that some .NET capabilities that allow apps to load libraries from external sources or generate new code at runtime can be used to circumvent App Control controls. To address this potential vulnerability, App Control includes an option called *Dynamic Code Security* that works with .NET to verify code loaded at runtime. -When the Dynamic Code Security option is enabled, Application Control policy is applied to libraries that .NET loads from external sources. For example, any remote sources, such as the internet or a network share. +When the Dynamic Code Security option is enabled, the App Control policy is applied to libraries that .NET loads from external sources. For example, any remote sources, such as the internet or a network share. > [!IMPORTANT] > .Net dynamic code security hardening is *turned on and enforced* if any App Control policy with UMCI enabled has set option **19 Enabled:Dynamic Code Security**. There is no audit mode for this feature. You should test your apps with this option set before turning it on across large numbers of devices. From f1d87391beaa1719b1994ad1475321f0a81cb4e5 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Mon, 23 Sep 2024 13:32:52 -0600 Subject: [PATCH 089/164] More changes --- .../design-create-appid-tagging-policies.md | 4 +- .../app-control-for-business/TOC.yml | 4 +- .../applocker/administer-applocker.md | 4 +- .../applocker/applocker-overview.md | 4 +- .../deployment/appcontrol-deployment-guide.md | 2 +- .../deployment/audit-appcontrol-policies.md | 4 +- .../deployment/enforce-appcontrol-policies.md | 2 +- .../design/appcontrol-design-guide.md | 12 +-- .../appcontrol-wizard-create-base-policy.md | 8 +- ...ntrol-wizard-create-supplemental-policy.md | 6 +- .../appcontrol-wizard-merging-policies.md | 2 +- .../design/appcontrol-wizard.md | 8 +- ...applications-that-can-bypass-appcontrol.md | 2 +- .../design/common-appcontrol-use-cases.md | 2 +- ...-apps-deployed-with-a-managed-installer.md | 4 +- ...ontrol-policy-for-fully-managed-devices.md | 2 +- ...trol-policy-for-lightly-managed-devices.md | 6 +- ...control-policy-using-reference-computer.md | 2 +- .../manage-packaged-apps-with-appcontrol.md | 4 +- .../design/plan-appcontrol-management.md | 6 +- .../design/script-enforcement.md | 2 +- ...tand-appcontrol-policy-design-decisions.md | 14 +-- ...control-with-intelligent-security-graph.md | 6 +- .../app-control-for-business/index.yml | 2 +- .../appcontrol-operational-guide.md | 4 +- .../configure-appcontrol-managed-installer.md | 2 +- .../operations/event-id-explanations.md | 94 +++++++++---------- .../operations/event-tag-explanations.md | 6 +- ...events-centrally-using-advanced-hunting.md | 12 +-- 29 files changed, 115 insertions(+), 115 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index 714c740613..26940bd0e3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -2,7 +2,7 @@ title: Create your App Control for Business AppId Tagging Policies description: Create your App Control for Business AppId tagging policies for Windows devices. ms.localizationpriority: medium -ms.date: 09/11/2024 +ms.date: 09/23/2024 ms.topic: conceptual --- @@ -12,7 +12,7 @@ ms.topic: conceptual ## Create the policy using the App Control Wizard -You can use the App Control for Business Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The App Control Wizard is available for download at the [App Control Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). +You can use the App Control for Business Wizard and the PowerShell commands to create an App Control policy and convert it to an AppIdTagging policy. The App Control Wizard is available for download at the [App Control Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). 1. Create a new base policy using the templates: diff --git a/windows/security/application-security/application-control/app-control-for-business/TOC.yml b/windows/security/application-security/application-control/app-control-for-business/TOC.yml index f2cf8c651c..b5ff7c1588 100644 --- a/windows/security/application-security/application-control/app-control-for-business/TOC.yml +++ b/windows/security/application-security/application-control/app-control-for-business/TOC.yml @@ -105,9 +105,9 @@ items: - name: App Control debugging and troubleshooting href: operations/appcontrol-debugging-and-troubleshooting.md - - name: Understanding Application Control event IDs + - name: Understanding App Control event IDs href: operations/event-id-explanations.md - - name: Understanding Application Control event tags + - name: Understanding App Control event tags href: operations/event-tag-explanations.md - name: Query App Control events with Advanced hunting href: operations/querying-application-control-events-centrally-using-advanced-hunting.md diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md index bf972f7779..d2e0c1da1e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md @@ -27,11 +27,11 @@ AppLocker helps administrators control how users can access and use files, such | [Edit an AppLocker policy](edit-an-applocker-policy.md) | This article for IT professionals describes the steps required to modify an AppLocker policy. | | [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md) | This article discusses the steps required to test an AppLocker policy prior to deployment. | | [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md) | This article for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. | -| [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md) | This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. | +| [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md) | This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker policies. | | [Optimize AppLocker performance](optimize-applocker-performance.md) | This article for IT professionals describes how to optimize AppLocker policy enforcement. | | [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md) | This article for IT professionals describes how to monitor app usage when AppLocker policies are applied. | | [Manage packaged apps with AppLocker](manage-packaged-apps-with-applocker.md) | This article for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. | -| [Working with AppLocker rules](working-with-applocker-rules.md) | This article for IT professionals describes AppLocker rule types and how to work with them for your application control policies. | +| [Working with AppLocker rules](working-with-applocker-rules.md) | This article for IT professionals describes AppLocker rule types and how to work with them for your policies. | | [Working with AppLocker policies](working-with-applocker-policies.md) | This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies. | ## Using the MMC snap-ins to administer AppLocker diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md index 0786cd7b73..1af7a371bb 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md @@ -1,6 +1,6 @@ --- title: AppLocker -description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. +description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker policies. ms.collection: - tier3 - must-keep @@ -11,7 +11,7 @@ ms.date: 09/11/2024 # AppLocker -This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. AppLocker is also used by some features of App Control for Business. +This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. AppLocker is also used by some features of App Control for Business. > [!NOTE] > AppLocker is a defense-in-depth security feature and not considered a defensible Windows [security feature](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [App Control for Business](../appcontrol-and-applocker-overview.md) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index ef04dc6447..b3ba7121e7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -36,7 +36,7 @@ Before you deploy your App Control policies, you must first convert the XML to i ## Plan your deployment -As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with App Control and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. +As with any significant change to your environment, implementing App Control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with App Control and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next. All App Control for Business policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor App Control-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md index d6a2075e5c..59a910aa0f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md @@ -10,7 +10,7 @@ ms.topic: conceptual [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your App Control policy but should be included. +Running App Control in audit mode lets you discover applications, binaries, and scripts that are missing from your App Control policy but should be included. While an App Control policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new App Control policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed. @@ -23,7 +23,7 @@ To familiarize yourself with creating App Control rules from audit events, follo 1. Install and run an application not allowed by the App Control policy but that you want to allow. -2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md). +2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding App Control events](../operations/event-id-explanations.md). **Figure 1. Exceptions to the deployed App Control policy** ![Event showing exception to App Control policy.](../images/dg-fig23-exceptionstocode.png) diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md index 2cdc475a62..41a77beb33 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md @@ -18,7 +18,7 @@ You should now have one or more App Control for Business policies broadly deploy ## Convert App Control **base** policy from audit to enforced -As described in [common App Control for Business deployment scenarios](../design/common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common App Control for Business deployment scenarios](../design/common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's App Control rollout. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md index c0f8a3ac86..73bbde562c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md @@ -10,16 +10,16 @@ ms.date: 09/11/2024 [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -This guide covers design and planning for App Control for Business. It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization. +This guide covers design and planning for App Control for Business. It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific App Control requirements for different departments or business groups within an organization. ## Plan for success -A common refrain you may hear about application control is that it is "too hard." While it's true that application control isn't as simple as flipping a switch, organizations can be successful, if they're methodical when carefully planning their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning: +A common refrain you may hear about App Control is that it is "too hard." While it's true that App Control isn't as simple as flipping a switch, organizations can be successful, if they're methodical when carefully planning their approach. In reality, the issues that lead to failure with App Control often arise from business issues rather than technology challenges. Organizations that have successfully deployed App Control have ensured the following before starting their planning: - Executive sponsorship and organizational buy-in is in place. -- There's a clear **business** objective for using application control, and it's not being planned as a purely technical problem from IT. +- There's a clear **business** objective for using App Control, and it's not being planned as a purely technical problem from IT. - The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps. -- The organization has considered where application control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations). +- The organization has considered where App Control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations). Once these business factors are in place, you're ready to begin planning your App Control for Business deployment. The following topics can help guide you through your planning process. @@ -28,8 +28,8 @@ Once these business factors are in place, you're ready to begin planning your Ap | Topic | Description | | - | - | | [Plan for App Control policy management](plan-appcontrol-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining App Control policies. | -| [Understand App Control policy design decisions](understand-appcontrol-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | -| [Understand App Control policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using App Control. | +| [Understand App Control policy design decisions](understand-appcontrol-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of App Control policies. | +| [Understand App Control policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your policy rules by using App Control. | | [Policy creation for common App Control usage scenarios](common-appcontrol-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying App Control in your organization. | | [Policy creation using the App Control Wizard tool](appcontrol-wizard.md) | This set of topics describes how to use the App Control Wizard desktop app to easily create, edit, and merge App Control policies. | diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md index 047765f59e..5de28ef21c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md @@ -1,6 +1,6 @@ --- title: App Control for Business Wizard Base Policy Creation -description: Creating new base application control policies with the Microsoft Windows Defender Application (App Control) Wizard. +description: Creating new base App Control policies with the App Control Wizard. ms.localizationpriority: medium ms.topic: conceptual ms.date: 09/11/2024 @@ -10,7 +10,7 @@ ms.date: 09/11/2024 [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -When creating policies for use with App Control for Business, it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the App Control Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [App Control design guide](appcontrol-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. +When creating policies for use with App Control for Business, it's recommended to start with a template policy, and then add or remove rules to suit your App Control scenario. For this reason, the App Control Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about App Control can be accessed through the [App Control design guide](appcontrol-design-guide.md). This page outlines the steps to create a new App Control policy from a template, configure the policy options, and the signer and file rules. ## Template Base Policies @@ -28,7 +28,7 @@ More information about the Default Windows Mode and Allow Microsoft Mode policie ![Selecting a base template for the policy.](../images/appcontrol-wizard-template-selection.png) -Once the base template is selected, give the policy a name and choose where to save the application control policy on disk. +Once the base template is selected, give the policy a name and choose where to save the App Control policy on disk. ## Configuring Policy Rules @@ -74,7 +74,7 @@ Selecting the **+ Advanced Options** label shows another column of policy rules, ## Creating custom file rules -[File rules](select-types-of-rules-to-create.md#app-control-for-business-file-rule-levels) in an application control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create custom file rules for your policy. The Wizard supports four types of file rules: +[File rules](select-types-of-rules-to-create.md#app-control-for-business-file-rule-levels) in an App Control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the App Control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create custom file rules for your policy. The Wizard supports four types of file rules: ### Publisher Rules diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md index c9c5d9e5dd..03c7231e74 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md @@ -1,6 +1,6 @@ --- title: App Control for Business Wizard Supplemental Policy Creation -description: Creating supplemental application control policies with the App Control Wizard. +description: Creating supplemental App Control policies with the App Control Wizard. ms.localizationpriority: medium ms.topic: conceptual ms.date: 09/11/2024 @@ -12,7 +12,7 @@ ms.date: 09/11/2024 Beginning in Windows 10 version 1903, App Control for Business supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [App Control base policy](appcontrol-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run. -Prerequisite information about application control can be accessed through the [App Control design guide](appcontrol-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. +Prerequisite information about App Control can be accessed through the [App Control design guide](appcontrol-design-guide.md). This page outlines the steps to create a supplemental App Control policy, configure the policy options, and the signer and file rules. ## Expanding a Base Policy @@ -48,7 +48,7 @@ Supplemental policies can only configure three policy rules. The following table ## Creating custom file rules -File rules in an application control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create and customize targeted file rules for your policy. The Wizard supports four types of file rules: +File rules in an App Control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the App Control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create and customize targeted file rules for your policy. The Wizard supports four types of file rules: ### Publisher Rules diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md index 552575d966..a7099a7c32 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md @@ -1,6 +1,6 @@ --- title: App Control for Business Wizard Policy Merging Operation -description: Merging multiple policies into a single application control policy with the Microsoft App Control Wizard. +description: Merging multiple policies into a single App Control policy with the App Control Wizard. ms.localizationpriority: medium ms.topic: conceptual ms.date: 09/11/2024 diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md index 98e2dce79c..823095e953 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md @@ -1,6 +1,6 @@ --- title: App Control for Business Wizard -description: The App Control for Business policy wizard tool allows you to create, edit, and merge application control policies in a simple to use Windows application. +description: The App Control for Business policy wizard tool allows you to create, edit, and merge App Control policies in a simple to use Windows application. ms.localizationpriority: medium ms.topic: conceptual ms.date: 09/11/2024 @@ -10,7 +10,7 @@ ms.date: 09/11/2024 [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -The App Control for Business policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. It was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge Application Control policies. This tool uses the [ConfigCI PowerShell cmdlets](/powershell/module/configci) in the backend so the output policy of the tool and PowerShell cmdlets is identical. +The App Control for Business policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. It was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge App Control policies. This tool uses the [ConfigCI PowerShell cmdlets](/powershell/module/configci) in the backend so the output policy of the tool and PowerShell cmdlets is identical. ## Downloading the application @@ -18,7 +18,7 @@ Download the tool from the official [App Control for Business Policy Wizard webs ### Supported clients -As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [Application Control feature availability](../feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements: +As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [App Control feature availability](../feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements: - Windows 10, version 1909 or later - For pre-1909 builds, the Enterprise SKU of Windows is installed @@ -32,4 +32,4 @@ If neither requirement is satisfied, it throws an error as the cmdlets aren't av | [Creating a new base policy](appcontrol-wizard-create-base-policy.md) | This article describes how to create a new base policy using one of the supplied policy templates. | | [Creating a new supplemental policy](appcontrol-wizard-create-supplemental-policy.md) | This article describes the steps necessary to create a supplemental policy, from one of the supplied templates, for an existing base policy. | | [Editing a base or supplemental policy](appcontrol-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the tool's editing capabilities. | -| [Merging policies](appcontrol-wizard-merging-policies.md) | This article describes how to merge policies into a single application control policy. | +| [Merging policies](appcontrol-wizard-merging-policies.md) | This article describes how to merge policies into a single App Control policy. | diff --git a/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md index 4c1fa978de..23d40c8440 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md @@ -87,7 +87,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you > [!NOTE] > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. -Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your App Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential App Control bypass, add *deny* rules to your application control policies for that application's previous, less secure versions. +Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your App Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential App Control bypass, add *deny* rules to your App Control policies for that application's previous, less secure versions. Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass App Control. These modules can be blocked by their corresponding hashes. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md index 47518989bc..4ba40200b3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md @@ -29,7 +29,7 @@ Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the Lamna uses [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use Microsoft Intune to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response. -Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized many new security IT responses, including tightening policies for application use and introducing application control. +Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an App Control policy. In response, Lamna's executive board has authorized many new security IT responses, including tightening policies for application use and introducing App Control. ## Up next diff --git a/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md index 481ca558a2..4e7dac4f2e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -10,7 +10,7 @@ ms.topic: how-to [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -App Control for Business includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune. +App Control for Business includes an option called **managed installer** that helps balance security and manageability when enforcing App Control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune. ## How does a managed installer work? @@ -30,7 +30,7 @@ Some application installers may automatically run the application at the end of ## Known limitations with managed installer -- Application control, based on managed installer, doesn't support applications that self-update. If an application that was deployed by a managed installer later updates itself, the updated application files won't include the origin information from the managed installer, and they might not be able to run. When you rely on managed installers, you must deploy and install all application updates by using a managed installer, or include rules to authorize the app in the App Control policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method. +- App Control, based on managed installer, doesn't support applications that self-update. If an application that was deployed by a managed installer later updates itself, the updated application files won't include the origin information from the managed installer, and they might not be able to run. When you rely on managed installers, you must deploy and install all application updates by using a managed installer, or include rules to authorize the app in the App Control policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method. - Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md index 7d072cd15c..978a986c90 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md @@ -15,7 +15,7 @@ This section outlines the process to create an App Control for Business policy f > [!NOTE] > Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of App Control. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md index 462985011f..b7c6837954 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md @@ -10,14 +10,14 @@ ms.date: 09/11/2024 [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -This section outlines the process to create an App Control for Business policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their App Control-managed devices as described in later articles. +This section outlines the process to create an App Control for Business policy for **lightly managed devices** within an organization. Typically, organizations that are new to App Control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their App Control-managed devices as described in later articles. > [!NOTE] > Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As in [App Control for Business deployment in different scenarios: types of devices](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As in [App Control for Business deployment in different scenarios: types of devices](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices. -**Alice Pena** is the IT team lead tasked with the rollout of App Control. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads. +**Alice Pena** is the IT team lead tasked with the rollout of App Control. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to App Control and use different policies for different workloads. For most users and devices, Alice wants to create an initial policy that is as relaxed as possible in order to minimize user productivity impact, while still providing security value. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md index aabf7e392f..0b066ce364 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md @@ -15,7 +15,7 @@ This section outlines the process to create an App Control for Business policy * > [!NOTE] > Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of App Control. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md index c9bf48a7fe..ce393a2e65 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md @@ -10,11 +10,11 @@ ms.topic: how-to [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with App Control for Business as part of your overall application control strategy. +This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with App Control for Business as part of your overall App Control strategy. ## Comparing classic Windows Apps and Packaged Apps -The biggest challenge in adopting application control is the lack of a strong app identity for classic Windows apps, also known as win32 apps. A typical win32 app consists of multiple components, including the installer that is used to install the app, and one or more exes, dlls, or scripts. An app can consist of hundreds or even thousands of individual binaries that work together to deliver the functionality that your users understand as the app. Some of that code may be signed by the software publisher, some may be signed by other companies, and some of it may not be signed at all. Much of the code may be written to disk by a common set of installers, but some may already be installed and some downloaded on demand. Some of the binaries have common resource header metadata, such as product name and product version, but other files won't share that information. So while you want to be able to express rules like "allow app Foo", that isn't something Windows inherently understands for classic Windows apps. Instead, you may have to create many App Control rules to allow all the files that comprise the app. +The biggest challenge in adopting App Control is the lack of a strong app identity for classic Windows apps, also known as win32 apps. A typical win32 app consists of multiple components, including the installer that is used to install the app, and one or more exes, dlls, or scripts. An app can consist of hundreds or even thousands of individual binaries that work together to deliver the functionality that your users understand as the app. Some of that code may be signed by the software publisher, some may be signed by other companies, and some of it may not be signed at all. Much of the code may be written to disk by a common set of installers, but some may already be installed and some downloaded on demand. Some of the binaries have common resource header metadata, such as product name and product version, but other files won't share that information. So while you want to be able to express rules like "allow app Foo", that isn't something Windows inherently understands for classic Windows apps. Instead, you may have to create many App Control rules to allow all the files that comprise the app. Packaged apps on the other hand, also known as [MSIX](/windows/msix/overview), ensure that all the files that make up an app share the same identity and have a common signature. Therefore, with packaged apps, it's possible to control the entire app with a single App Control rule. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md index 80d643ea68..ff41a98da8 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md @@ -14,7 +14,7 @@ This article describes the decisions you need to make to establish the processes ## Policy XML lifecycle management -The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing App Control for Business policies helps ensure that App Control continues to effectively control how applications are allowed to run in your organization. +The first step in implementing App Control is to consider how your policies will be managed and maintained over time. Developing a process for managing App Control for Business policies helps ensure that App Control continues to effectively control how applications are allowed to run in your organization. Most App Control for Business policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: @@ -68,9 +68,9 @@ Considerations include: If your organization has an established help desk support department in place, consider the following points when deploying App Control for Business policies: - What documentation does your support department require for new policy deployments? -- What are the critical processes in each business group both in work flow and timing that will be affected by application control policies and how could they affect your support department's workload? +- What are the critical processes in each business group both in work flow and timing that will be affected by App Control policies and how could they affect your support department's workload? - Who are the contacts in the support department? -- How will the support department resolve application control issues between the end user and those resources who maintain the App Control for Business rules? +- How will the support department resolve App Control issues between the end user and those resources who maintain the App Control for Business rules? ### End-user support diff --git a/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md index 69698bb2b3..16b4739600 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md @@ -20,7 +20,7 @@ By default, script enforcement is enabled for all App Control policies unless th Validation for signed scripts is done using the [WinVerifyTrust API](/windows/win32/api/wintrust/nf-wintrust-winverifytrust). To pass validation, the signature root must be present in the trusted root store on the device and your App Control policy must allow it. This behavior is different from App Control validation for executable files, which doesn't require installation of the root certificate. -App Control shares the *AppLocker - MSI and Script* event log for all script enforcement events. Whenever a script host asks App Control if a script should be allowed, an event is logged with the answer App Control returned to the script host. For more information on App Control script enforcement events, see [Understanding Application Control events](../operations/event-id-explanations.md#app-control-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects). +App Control shares the *AppLocker - MSI and Script* event log for all script enforcement events. Whenever a script host asks App Control if a script should be allowed, an event is logged with the answer App Control returned to the script host. For more information on App Control script enforcement events, see [Understanding App Control events](../operations/event-id-explanations.md#app-control-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects). > [!NOTE] > When a script runs that is not allowed by policy, App Control raises an event indicating that the script was "blocked." However, the actual script enforcement behavior is handled by the script host and may not actually completely block the file from running. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md index 823efa79de..f808763724 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md @@ -10,11 +10,11 @@ ms.topic: conceptual [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using App Control for Business, within a Windows operating system environment. +This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning App Control policies deployment using App Control for Business, within a Windows operating system environment. -When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance. +When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent App Control policy maintenance. -You should consider using App Control for Business as part of your organization's application control policies if the following are true: +You should consider using App Control for Business as part of your organization's App Control policies if the following are true: - You have deployed or plan to deploy the supported versions of Windows in your organization. - You need improved control over the access to your organization's applications and the data your users access. @@ -43,7 +43,7 @@ Organizations with well-defined, centrally managed app management and deployment | Possible answers | Design considerations| | - | - | -| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. App Control for Business options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | +| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for App Control. App Control for Business options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | | Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-appcontrol-policies.md) can be used to allow team-specific exceptions to your core organization-wide App Control for Business policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | | Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | App Control for Business can integrate with Microsoft's [Intelligent Security Graph](use-appcontrol-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | App Control for Business policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| @@ -57,9 +57,9 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p | All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. App Control for Business rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | | Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-appcontrol.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | -### Are there specific groups in your organization that need customized application control policies? +### Are there specific groups in your organization that need customized App Control policies? -Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies. +Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy App Control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies. | Possible answers | Design considerations | | - | - | @@ -72,7 +72,7 @@ The time and resources that are available to you to perform the research and ana | Possible answers | Design considerations | | - | - | -| Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are constructed as possible.| +| Yes | Invest the time to analyze your organization's App Control requirements, and plan a complete deployment that uses rules that are constructed as possible.| | No | Consider a focused and phased deployment for specific groups by using few rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. | ### Does your organization have Help Desk support? diff --git a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md index a7acc2735e..14ebfd9259 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md @@ -10,9 +10,9 @@ ms.topic: how-to [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] -Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy. +App Control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective App Control policy. -To reduce end-user friction and helpdesk calls, you can set App Control for Business to automatically allow applications that Microsoft's Intelligent Security Graph (ISG) recognizes as having known good reputation. The ISG option helps organizations begin to implement application control even when the organization has limited control over their app ecosystem. To learn more about the ISG, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services). +To reduce end-user friction and helpdesk calls, you can set App Control for Business to automatically allow applications that Microsoft's Intelligent Security Graph (ISG) recognizes as having known good reputation. The ISG option helps organizations begin to implement App Control even when the organization has limited control over their app ecosystem. To learn more about the ISG, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services). > [!WARNING] > Binaries that are critical to boot the system must be allowed using explicit rules in your App Control policy. Do not rely on the ISG to authorize these files. @@ -93,4 +93,4 @@ Packaged apps aren't supported with the ISG and will need to be separately autho The ISG doesn't authorize kernel mode drivers. The App Control policy must have rules that allow the necessary drivers to run. > [!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in App Control support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom App Control policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-app-control-policies-with-custom-oma-uri). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in App Control support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using App Control will need to deploy a custom App Control policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-app-control-policies-with-custom-oma-uri). diff --git a/windows/security/application-security/application-control/app-control-for-business/index.yml b/windows/security/application-security/application-control/app-control-for-business/index.yml index c9c90173d3..576efefff8 100644 --- a/windows/security/application-security/application-control/app-control-for-business/index.yml +++ b/windows/security/application-security/application-control/app-control-for-business/index.yml @@ -29,7 +29,7 @@ landingContent: linkLists: - linkListType: overview links: - - text: Using code signing to simplify application control + - text: Using code signing to simplify app control url: deployment/use-code-signing-for-better-control-and-protection.md - text: Applications that can bypass App Control and how to block them url: design/applications-that-can-bypass-appcontrol.md diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md index 15621fd0ff..755488b5a3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md @@ -17,8 +17,8 @@ You now understand how to design and deploy your App Control for Business polici | Article | Description | | - | - | | [Debugging and troubleshooting](appcontrol-debugging-and-troubleshooting.md) | This article explains how to debug app and script failures with App Control. | -| [Understanding Application Control event IDs](event-id-explanations.md) | This article explains the meaning of different App Control event IDs. | -| [Understanding Application Control event tags](event-tag-explanations.md) | This article explains the meaning of different App Control event tags. | +| [Understanding App Control event IDs](event-id-explanations.md) | This article explains the meaning of different App Control event IDs. | +| [Understanding App Control event tags](event-tag-explanations.md) | This article explains the meaning of different App Control event tags. | | [Query App Control events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) | This article covers how to view App Control events centrally from all systems that are connected to Microsoft Defender for Endpoint. | | [Admin Tips & Known Issues](known-issues.md) | This article describes some App Control Admin Tips & Known Issues. | | [Managed installer and ISG technical reference and troubleshooting guide](configure-appcontrol-managed-installer.md) | This article provides technical details and debugging steps for managed installer and ISG. | diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md index 05c8f6b852..d75a2df983 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md @@ -12,7 +12,7 @@ ms.topic: troubleshooting ## Enabling managed installer and Intelligent Security Graph (ISG) logging events -Refer to [Understanding Application Control Events](event-id-explanations.md#diagnostic-events-for-intelligent-security-graph-isg-and-managed-installer-mi) for information on enabling optional managed installer diagnostic events. +Refer to [Understanding App Control Events](event-id-explanations.md#diagnostic-events-for-intelligent-security-graph-isg-and-managed-installer-mi) for information on enabling optional managed installer diagnostic events. ## Using fsutil to query extended attributes for Managed Installer (MI) diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md index 862bf39d1a..ceaac2953b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md @@ -1,12 +1,12 @@ --- -title: Understanding Application Control event IDs +title: Understanding App Control event IDs description: Learn what different App Control for Business event IDs signify. ms.localizationpriority: medium ms.date: 09/11/2024 ms.topic: reference --- -# Understanding Application Control events +# Understanding App Control events ## App Control Events Overview @@ -16,10 +16,10 @@ App Control logs events when a policy is loaded, when a file is blocked, or when App Control events are generated under two locations in the Windows Event Viewer: -- **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational** includes events about Application Control policy activation and the control of executables, dlls, and drivers. +- **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational** includes events about App Control policy activation and the control of executables, dlls, and drivers. - **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** includes events about the control of MSI installers, scripts, and COM objects. -Most app and script failures that occur when App Control is active can be diagnosed using these two event logs. This article describes in greater detail the events that exist in these logs. To understand the meaning of different data elements, or tags, found in the details of these events, see [Understanding Application Control event tags](event-tag-explanations.md). +Most app and script failures that occur when App Control is active can be diagnosed using these two event logs. This article describes in greater detail the events that exist in these logs. To understand the meaning of different data elements, or tags, found in the details of these events, see [Understanding App Control event tags](event-tag-explanations.md). > [!NOTE] > **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** events are not included on Windows Server Core edition. @@ -30,12 +30,12 @@ These events are found in the **CodeIntegrity - Operational** event log. | Event ID | Explanation | |--------|-----------| -| 3004 | This event isn't common and may occur with or without an Application Control policy present. It typically indicates a kernel driver tried to load with an invalid signature. For example, the file may not be WHQL-signed on a system where WHQL is required.

          This event is also seen for kernel- or user-mode code that the developer opted-in to [/INTEGRITYCHECK](/cpp/build/reference/integritycheck-require-signature-check) but isn't signed correctly. | -| 3033 | This event may occur with or without an Application Control policy present and should occur alongside a 3077 event if caused by App Control policy. It often means the file's signature is revoked or a signature with the Lifetime Signing EKU has expired. Presence of the Lifetime Signing EKU is the only case where App Control blocks files due to an expired signature. Try using option `20 Enabled:Revoked Expired As Unsigned` in your policy along with a rule (for example, hash) that doesn't rely on the revoked or expired cert.

          This event also occurs if code compiled with [Code Integrity Guard (CIG)](/microsoft-365/security/defender-endpoint/exploit-protection-reference#code-integrity-guard) tries to load other code that doesn't meet the CIG requirements. | +| 3004 | This event isn't common and may occur with or without an App Control policy present. It typically indicates a kernel driver tried to load with an invalid signature. For example, the file may not be WHQL-signed on a system where WHQL is required.

          This event is also seen for kernel- or user-mode code that the developer opted-in to [/INTEGRITYCHECK](/cpp/build/reference/integritycheck-require-signature-check) but isn't signed correctly. | +| 3033 | This event may occur with or without an App Control policy present and should occur alongside a 3077 event if caused by App Control policy. It often means the file's signature is revoked or a signature with the Lifetime Signing EKU has expired. Presence of the Lifetime Signing EKU is the only case where App Control blocks files due to an expired signature. Try using option `20 Enabled:Revoked Expired As Unsigned` in your policy along with a rule (for example, hash) that doesn't rely on the revoked or expired cert.

          This event also occurs if code compiled with [Code Integrity Guard (CIG)](/microsoft-365/security/defender-endpoint/exploit-protection-reference#code-integrity-guard) tries to load other code that doesn't meet the CIG requirements. | | 3034 | This event isn't common. It's the audit mode equivalent of event 3033. | -| 3076 | This event is the main Application Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. | -| 3077 | This event is the main Application Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. | -| 3089 | This event contains signature information for files that were blocked or audit blocked by Application Control. One of these events is created for each signature of a file. Each event shows the total number of signatures found and an index value to identify the current signature. Unsigned files generate a single one of these events with TotalSignatureCount of 0. These events are correlated with 3004, 3033, 3034, 3076 and 3077 events. You can match the events using the `Correlation ActivityID` found in the **System** portion of the event. | +| 3076 | This event is the main App Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. | +| 3077 | This event is the main App Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. | +| 3089 | This event contains signature information for files that were blocked or audit blocked by App Control. One of these events is created for each signature of a file. Each event shows the total number of signatures found and an index value to identify the current signature. Unsigned files generate a single one of these events with TotalSignatureCount of 0. These events are correlated with 3004, 3033, 3034, 3076 and 3077 events. You can match the events using the `Correlation ActivityID` found in the **System** portion of the event. | ## App Control block events for packaged apps, MSI installers, scripts, and COM objects @@ -43,7 +43,7 @@ These events are found in the **AppLocker - MSI and Script** event log. | Event ID | Explanation | |--------|-----------| -| 8028 | This event indicates that a script host, such as PowerShell, queried Application Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the App Control policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with Application Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. | +| 8028 | This event indicates that a script host, such as PowerShell, queried App Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the App Control policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with App Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. | | 8029 | This event is the enforcement mode equivalent of event 8028. Note: While this event says that a script was blocked, the script hosts control the actual script enforcement behavior. The script host may allow the file to run with restrictions and not block the file outright. For example, PowerShell runs script not allowed by your App Control policy in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). | | 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in an App Control for Business policy](../design/allow-com-object-registration-in-appcontrol-policy.md). | | 8037 | This event indicates that a script host checked whether to allow a script to run, and the file passed the App Control policy. | @@ -57,15 +57,15 @@ These events are found in the **CodeIntegrity - Operational** event log. | Event ID | Explanation | |--------|-----------| -| 3095 | The Application Control policy can't be refreshed and must be rebooted instead. | -| 3096 | The Application Control policy wasn't refreshed since it's already up-to-date. This event's Details includes useful information about the policy, such as its policy options. | -| 3097 | The Application Control policy can't be refreshed. | -| 3099 | Indicates that a policy has been loaded. This event's Details includes useful information about the Application Control policy, such as its policy options. | -| 3100 | The application control policy was refreshed but was unsuccessfully activated. Retry. | -| 3101 | Application Control policy refresh started for *N* policies. | -| 3102 | Application Control policy refresh finished for *N* policies. | -| 3103 | The system is ignoring the Application Control policy refresh. For example, an inbox Windows policy that doesn't meet the conditions for activation. | -| 3105 | The system is attempting to refresh the Application Control policy with the specified ID. | +| 3095 | The App Control policy can't be refreshed and must be rebooted instead. | +| 3096 | The App Control policy wasn't refreshed since it's already up-to-date. This event's Details includes useful information about the policy, such as its policy options. | +| 3097 | The App Control policy can't be refreshed. | +| 3099 | Indicates that a policy has been loaded. This event's Details includes useful information about the App Control policy, such as its policy options. | +| 3100 | The App Control policy was refreshed but was unsuccessfully activated. Retry. | +| 3101 | App Control policy refresh started for *N* policies. | +| 3102 | App Control policy refresh finished for *N* policies. | +| 3103 | The system is ignoring the App Control policy refresh. For example, an inbox Windows policy that doesn't meet the conditions for activation. | +| 3105 | The system is attempting to refresh the App Control policy with the specified ID. | ## Diagnostic events for Intelligent Security Graph (ISG) and Managed Installer (MI) @@ -79,7 +79,7 @@ Unless otherwise noted, these events are found in either the **CodeIntegrity - O | Event ID | Explanation | |--------|---------| | 3090 | *Optional* This event indicates that a file was allowed to run based purely on ISG or managed installer. | -| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the Application Control policy is in audit mode. | +| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the App Control policy is in audit mode. | | 3092 | This event is the enforcement mode equivalent of 3091. | | 8002 | This event is found in the **AppLocker - EXE and DLL** event log. When a process launches that matches a managed installer rule, this event is raised with PolicyName = MANAGEDINSTALLER found in the event Details. Events with PolicyName = EXE or DLL aren't related to App Control. | @@ -95,8 +95,8 @@ The following information is found in the details for 3090, 3091, and 3092 event | PassesManagedInstaller | Indicates whether the file originated from a MI | | SmartlockerEnabled | Indicates whether the specified policy enables ISG trust | | PassesSmartlocker | Indicates whether the file had positive reputation according to the ISG | -| AuditEnabled | True if the Application Control policy is in audit mode, otherwise it is in enforce mode | -| PolicyName | The name of the Application Control policy to which the event applies | +| AuditEnabled | True if the App Control policy is in audit mode, otherwise it is in enforce mode | +| PolicyName | The name of the App Control policy to which the event applies | ### Enabling ISG and MI diagnostic events @@ -120,42 +120,42 @@ A list of other relevant event IDs and their corresponding description. | 3010 | The catalog containing the signature for the file under validation is invalid. | | 3011 | Code Integrity finished loading the signature catalog. | | 3012 | Code Integrity started loading the signature catalog. | -| 3023 | The driver file under validation didn't meet the requirements to pass the application control policy. | -| 3024 | Windows application control was unable to refresh the boot catalog file. | +| 3023 | The driver file under validation didn't meet the requirements to pass the App Control policy. | +| 3024 | Windows App Control was unable to refresh the boot catalog file. | | 3026 | Microsoft or the certificate issuing authority revoked the certificate that signed the catalog. | | 3032 | The file under validation is revoked or the file has a signature that is revoked. -| 3033 | The file under validation didn't meet the requirements to pass the application control policy. | -| 3034 | The file under validation wouldn't meet the requirements to pass the Application Control policy if it was enforced. The file was allowed since the policy is in audit mode. | +| 3033 | The file under validation didn't meet the requirements to pass the App Control policy. | +| 3034 | The file under validation wouldn't meet the requirements to pass the App Control policy if it was enforced. The file was allowed since the policy is in audit mode. | | 3036 | Microsoft or the certificate issuing authority revoked the certificate that signed the file being validated. | -| 3064 | If the Application Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the application control policy. The DLL was allowed since the policy is in audit mode. | -| 3065 | If the Application Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the application control policy. | +| 3064 | If the App Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the App Control policy. The DLL was allowed since the policy is in audit mode. | +| 3065 | If the App Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the App Control policy. | | 3074 | Page hash failure while hypervisor-protected code integrity was enabled. | -| 3075 | This event measures the performance of the Application Control policy check during file validation. | -| 3076 | This event is the main Application Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. | -| 3077 | This event is the main Application Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. | -| 3079 | The file under validation didn't meet the requirements to pass the application control policy. | -| 3080 | If the Application Control policy was in enforced mode, the file under validation wouldn't have met the requirements to pass the application control policy. | -| 3081 | The file under validation didn't meet the requirements to pass the application control policy. | -| 3082 | If the Application Control policy was enforced, the policy would have blocked this non-WHQL driver. | +| 3075 | This event measures the performance of the App Control policy check during file validation. | +| 3076 | This event is the main App Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. | +| 3077 | This event is the main App Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. | +| 3079 | The file under validation didn't meet the requirements to pass the App Control policy. | +| 3080 | If the App Control policy was in enforced mode, the file under validation wouldn't have met the requirements to pass the App Control policy. | +| 3081 | The file under validation didn't meet the requirements to pass the App Control policy. | +| 3082 | If the App Control policy was enforced, the policy would have blocked this non-WHQL driver. | | 3084 | Code Integrity is enforcing WHQL driver signing requirements on this boot session. | | 3085 | Code Integrity isn't enforcing WHQL driver signing requirements on this boot session. | | 3086 | The file under validation doesn't meet the signing requirements for an isolated user mode (IUM) process. | -| 3089 | This event contains signature information for files that were blocked or audit blocked by Application Control. One 3089 event is created for each signature of a file. | +| 3089 | This event contains signature information for files that were blocked or audit blocked by App Control. One 3089 event is created for each signature of a file. | | 3090 | *Optional* This event indicates that a file was allowed to run based purely on ISG or managed installer. | -| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the Application Control policy is in audit mode. | +| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the App Control policy is in audit mode. | | 3092 | This event is the enforcement mode equivalent of 3091. | -| 3095 | The Application Control policy can't be refreshed and must be rebooted instead. | -| 3096 | The Application Control policy wasn't refreshed since it's already up-to-date. | -| 3097 | The Application Control policy can't be refreshed. | -| 3099 | Indicates that a policy has been loaded. This event also includes information about the options set by the Application Control policy. | -| 3100 | The application control policy was refreshed but was unsuccessfully activated. Retry. | -| 3101 | The system started refreshing the Application Control policy. | -| 3102 | The system finished refreshing the Application Control policy. | -| 3103 | The system is ignoring the Application Control policy refresh. | +| 3095 | The App Control policy can't be refreshed and must be rebooted instead. | +| 3096 | The App Control policy wasn't refreshed since it's already up-to-date. | +| 3097 | The App Control policy can't be refreshed. | +| 3099 | Indicates that a policy has been loaded. This event also includes information about the options set by the App Control policy. | +| 3100 | The App Control policy was refreshed but was unsuccessfully activated. Retry. | +| 3101 | The system started refreshing the App Control policy. | +| 3102 | The system finished refreshing the App Control policy. | +| 3103 | The system is ignoring the App Control policy refresh. | | 3104 | The file under validation doesn't meet the signing requirements for a PPL (protected process light) process. | -| 3105 | The system is attempting to refresh the Application Control policy. | +| 3105 | The system is attempting to refresh the App Control policy. | | 3108 | Windows mode change event was successful. | | 3110 | Windows mode change event was unsuccessful. | | 3111 | The file under validation didn't meet the hypervisor-protected code integrity (HVCI) policy. | | 3112 | Windows has revoked the certificate that signed the file being validated. | -| 3114 | Dynamic Code Security opted the .NET app or DLL into Application Control policy validation. The file under validation didn't pass your policy and was blocked. | +| 3114 | Dynamic Code Security opted the .NET app or DLL into App Control policy validation. The file under validation didn't pass your policy and was blocked. | diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md index 42552c1b23..0f5513efc4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md @@ -1,12 +1,12 @@ --- -title: Understanding Application Control event tags +title: Understanding App Control event tags description: Learn what different App Control for Business event tags signify. ms.localizationpriority: medium ms.date: 09/11/2024 ms.topic: conceptual --- -# Understanding Application Control event tags +# Understanding App Control event tags App Control for Business events include many fields, which provide helpful troubleshooting information to figure out exactly what an event means. This article describes the values and meanings for a few useful event tags. @@ -82,7 +82,7 @@ Represents why verification failed, or if it succeeded. ## Policy activation event Options -The Application Control policy rule option values can be derived from the "Options" field in the Details section for successful [policy activation events](event-id-explanations.md#app-control-policy-activation-events). To parse the values, first convert the hex value to binary. To derive and parse these values, follow the below workflow. +The App Control policy rule option values can be derived from the "Options" field in the Details section for successful [policy activation events](event-id-explanations.md#app-control-policy-activation-events). To parse the values, first convert the hex value to binary. To derive and parse these values, follow the below workflow. - Access Event Viewer. - Access the Code integrity 3099 event. diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md index a60c584ba9..d6d7b0bf4d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md @@ -1,12 +1,12 @@ --- -title: Query Application Control events with Advanced Hunting +title: Query App Control events with Advanced Hunting description: Learn how to query App Control for Business events across your entire organization by using Advanced Hunting. ms.localizationpriority: medium ms.date: 09/11/2024 ms.topic: troubleshooting --- -# Querying Application Control events centrally using Advanced hunting +# Querying App Control events centrally using Advanced hunting an App Control for Business policy logs events locally in Windows Event Viewer in either enforced or audit mode. While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems. @@ -20,7 +20,7 @@ This capability is supported beginning with Windows version 1607. | ActionType Name | ETW Source Event ID | Description | | - | - | - | -| AppControlCodeIntegrityDriverRevoked | 3023 | The driver file under validation didn't meet the requirements to pass the application control policy. | +| AppControlCodeIntegrityDriverRevoked | 3023 | The driver file under validation didn't meet the requirements to pass the App Control policy. | | AppControlCodeIntegrityImageRevoked | 3036 | The signed file under validation is signed by a code signing certificate that has been revoked by Microsoft or the certificate issuing authority. | | AppControlCodeIntegrityPolicyAudited | 3076 | This event is the main App Control for Business block event for audit mode policies. It indicates the file would have been blocked if the App Control policy was enforced. | | AppControlCodeIntegrityPolicyBlocked | 3077 | This event is the main App Control for Business block event for enforced policies. It indicates the file didn't pass your App Control policy and was blocked. | @@ -39,11 +39,11 @@ This capability is supported beginning with Windows version 1607. | AppControlCodeIntegritySigningInformation | 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. | | AppControlPolicyApplied | 8001 | Indicates the AppLocker policy was successfully applied to the computer. | -Learn more about the [Understanding Application Control event IDs (Windows)](event-id-explanations.md) +Learn more about the [Understanding App Control event IDs (Windows)](event-id-explanations.md) -## Example Advanced Hunting Application Control Queries +## Example Advanced Hunting App Control Queries -Query Example 1: Query the application control action types summarized by type for past seven days +Query Example 1: Query the App Control action types summarized by type for past seven days Here's a simple example query that shows all the App Control for Business events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint: From 58aac16607014a9d1ae254c8f5ffb97d403efeea Mon Sep 17 00:00:00 2001 From: Kevin Sheehan <116211220+kbsheehan@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:54:57 -0400 Subject: [PATCH 090/164] Update configuration-service-provider-ddf.md --- .../client-management/mdm/configuration-service-provider-ddf.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/configuration-service-provider-ddf.md b/windows/client-management/mdm/configuration-service-provider-ddf.md index 67b8fe4fa2..bcb544c636 100644 --- a/windows/client-management/mdm/configuration-service-provider-ddf.md +++ b/windows/client-management/mdm/configuration-service-provider-ddf.md @@ -13,7 +13,7 @@ This article lists the OMA DM device description framework (DDF) files for vario As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download: -- [DDF v2 Files, September 2024](https://download.microsoft.com/download/b/e/7/be7f4a26-2621-4143-b11a-12f6d0ad7413/DDFv2Sept24.zip) +- [DDF v2 Files, September 2024](https://download.microsoft.com/download/a/a/a/aaadc008-67d4-4dcd-b864-70c479baf7d6/DDFv2September24.zip) ## DDF v2 schema From 44533aba91648a0cbd2016a30d7086a8da4cc470 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 25 Sep 2024 11:19:58 -0700 Subject: [PATCH 091/164] edits, linking --- .../ltsc/whats-new-windows-11-2024.md | 84 ++++++++++--------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index b8076ee9ce..a7d6bf95e4 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -39,11 +39,11 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | Feature
          [Release] | Description | | --- | --- | -| **Windows accessibility**
          [22H2] | Improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator.
          For more information, see:
            • [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)
            • [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554)
            • [Accessibility information for IT professionals](/windows/configuration/windows-10-accessibility-for-itpros). | -| **Braille displays**
          [23H2] | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). | -| **Narrator improvements**
          [23H2] | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1) | +| **Windows accessibility**
          [22H2][22H2] | Improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator.
          For more information, see:
            • [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)
            • [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554)
            • [Accessibility information for IT professionals](/windows/configuration/windows-10-accessibility-for-itpros). | +| **Braille displays**
          [23H2][23H2] | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). | +| **Narrator improvements**
          [23H2][23H2] | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1). | | **Bluetooth ® LE audio support for assistive devices**
          [24H2] | Windows has taken a significant step forward in accessibility by supporting the use of assistive hearing devices equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). | -| **Remote Desktop Connection improvements**
          [24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. Remote Desktop Connection supports zoom options of 350, 400, 450, and 500% | +| **Remote Desktop Connection improvements**
          [24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. Remote Desktop Connection supports zoom options of 350, 400, 450, and 500%. | ## Applications @@ -52,7 +52,7 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | Feature
          [Release]| Description | | --- | --- | | **Internet Explorer** | Internet Explorer (IE) is no longer available in Windows 11 Enterprise LTSC 2024. However, you can use IE Mode if a website needs Internet Explorer. For more information, see [Internet Explorer (IE) Mode](/deployedge/edge-ie-mode) | -| **Microsoft Edge**
          [21H2] | The Microsoft Edge browser is the default browser. For information about configuring Microsoft Edge on Windows, see [Configure Microsoft Edge policy settings on Windows devices](/deployedge/configure-microsoft-edge). | +| **Microsoft Edge**
          [21H2][21H2] | The Microsoft Edge browser is the default browser. For information about configuring Microsoft Edge on Windows, see [Configure Microsoft Edge policy settings on Windows devices](/deployedge/configure-microsoft-edge). | ## Security @@ -61,22 +61,22 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | Feature
          [Release] | Description | | --- | --- | -| **Windows Security app**
          [21H2] | Windows Security app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more. For more information, see [the Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center). | -| **Security baselines**
          [21H2] | Security baselines include security settings that are already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines. For more information, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines). | -| **Microsoft Defender Antivirus**
          [21H2] | Microsoft Defender Antivirus helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Intune to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint. For more information, see:
            • [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
            • [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
            • [Enforce compliance for Microsoft Defender for Endpoint](/mem/intune/protect/advanced-threat-protection) | -| **Application Security**
          [21H2] | The Application Security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more. For more information, see [Windows application security](/windows/security/apps). | -| **Microsoft Pluton**
          [22H2] | Pluton, designed by Microsoft and built by silicon partners, is a secure crypto-processor built into the CPU. Pluton provides security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data, and encryption keys. Information is harder to be removed even if an attacker installed malware or has complete physical possession. For more information, see [Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor). | -| **Enhanced Phishing Protection**
          [22H2] | Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft passwords against phishing and unsafe usage. Enhanced Phishing Protection works alongside Windows security protections to help protect sign-in passwords. For more information, see:
            • [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)
            • [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog. | -| **Smart App Control**
          [22H2] | Smart App Control adds significant protection from malware, including new and emerging threats, by blocking apps that are malicious or untrusted. Smart App Control helps block unwanted apps that affect performance, display unexpected ads, offer extra software you didn't want, and other things you don't expect. For more information, see [Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control#wdac-and-smart-app-control). | -| **Credential Guard**
          [22H2] | Credential Guard, enabled by default, uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks like pass the hash and pass the ticket. For more information, see [Configure Credential Guard](/windows/security/identity-protection/credential-guard/configure).| -| **Malicious and vulnerable driver blocking**
          [22H2] | The vulnerable driver blocklist is automatically enabled on devices when Smart App Control is enabled and for clean installs of Windows. For more information, see [recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules#microsoft-vulnerable-driver-blocklist).| -| **Security hardening and threat protection**
          [22H2] | Enhanced support with Local Security Authority (LSA) to prevent code injection that could compromise credentials. For more information, see [Configuring Additional LSA Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json). | -| **Personal Data Encryption (PDE)**
          [22H2] | [Personal Data Encryption (PDE)](/windows/security/operating-system-security/data-protection/personal-data-encryption/) is a security feature that provides file-based data encryption capabilities to Windows. PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user. | -| **Passkeys in Windows**
          [23H2] | Windows provides a native experience for passkey management. You can use the Settings app to view and manage passkeys saved for apps or websites. For more information, see [Support for passkeys in Windows](/windows/security/identity-protection/passkeys). | -| **Windows passwordless experience**
          [23H2] | Windows passwordless experience is a security policy that promotes a user experience without passwords on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices.
          When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). | -| **Web sign-in for Windows**
          [23H2] | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). | -| **Federated sign-in**
          [23H2] | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). | -| **Windows Hello for Business authentication improvement**
          [23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | +| **Windows Security app**
          [21H2][21H2] | Windows Security app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more. For more information, see [the Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center). | +| **Security baselines**
          [21H2][21H2] | Security baselines include security settings that are already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines. For more information, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines). | +| **Microsoft Defender Antivirus**
          [21H2][21H2] | Microsoft Defender Antivirus helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Intune to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint. For more information, see:
            • [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
            • [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
            • [Enforce compliance for Microsoft Defender for Endpoint](/mem/intune/protect/advanced-threat-protection) | +| **Application Security**
          [21H2][21H2] | The Application Security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more. For more information, see [Windows application security](/windows/security/apps). | +| **Microsoft Pluton**
          [22H2][22H2] | Pluton, designed by Microsoft and built by silicon partners, is a secure crypto-processor built into the CPU. Pluton provides security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data, and encryption keys. Information is harder to be removed even if an attacker installed malware or has complete physical possession. For more information, see [Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor). | +| **Enhanced Phishing Protection**
          [22H2][22H2] | Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft passwords against phishing and unsafe usage. Enhanced Phishing Protection works alongside Windows security protections to help protect sign-in passwords. For more information, see:
            • [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)
            • [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog. | +| **Smart App Control**
          [22H2][22H2] | Smart App Control adds significant protection from malware, including new and emerging threats, by blocking apps that are malicious or untrusted. Smart App Control helps block unwanted apps that affect performance, display unexpected ads, offer extra software you didn't want, and other things you don't expect. For more information, see [Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control#wdac-and-smart-app-control). | +| **Credential Guard**
          [22H2][22H2] | Credential Guard, enabled by default, uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks like pass the hash and pass the ticket. For more information, see [Configure Credential Guard](/windows/security/identity-protection/credential-guard/configure).| +| **Malicious and vulnerable driver blocking**
          [22H2][22H2] | The vulnerable driver blocklist is automatically enabled on devices when Smart App Control is enabled and for clean installs of Windows. For more information, see [recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules#microsoft-vulnerable-driver-blocklist).| +| **Security hardening and threat protection**
          [22H2][22H2] | Enhanced support with Local Security Authority (LSA) to prevent code injection that could compromise credentials. For more information, see [Configuring Additional LSA Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json). | +| **Personal Data Encryption (PDE)**
          [22H2][22H2] | [Personal Data Encryption (PDE)](/windows/security/operating-system-security/data-protection/personal-data-encryption/) is a security feature that provides file-based data encryption capabilities to Windows. PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user. | +| **Passkeys in Windows**
          [23H2][23H2] | Windows provides a native experience for passkey management. You can use the Settings app to view and manage passkeys saved for apps or websites. For more information, see [Support for passkeys in Windows](/windows/security/identity-protection/passkeys). | +| **Windows passwordless experience**
          [23H2][23H2] | Windows passwordless experience is a security policy that promotes a user experience without passwords on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices.
          When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). | +| **Web sign-in for Windows**
          [23H2][23H2] | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). | +| **Federated sign-in**
          [23H2][23H2] | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). | +| **Windows Hello for Business authentication improvement**
          [23H2][23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | | **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| | **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | | **Rust in the Windows kernel**
          [24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | @@ -88,8 +88,8 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | Feature
          [Release] | Description | | --- | --- | -| **Windows Updates and Delivery optimization**
          [21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:
            • [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)
            • [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
            • [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)| -| **Control Windows Update notifications**
          [22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| +| **Windows Updates and Delivery optimization**
          [21H2][21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:
            • [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)
            • [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
            • [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)| +| **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| | **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | | **Checkpoint cumulative updates**
          [24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | | **Windows protected print mode**
          [24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | @@ -98,15 +98,15 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | Feature
          [Release] | Description | | --- | --- | -| **Microsoft Intune**
          [21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

          If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. | -| **Control Windows Update notifications**
          [22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| +| **Microsoft Intune**
          [21H2][21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

          If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. | +| **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| | **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | -| **Start menu layout**
          [22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | -| **Restricted User Experience**
          [23H2] | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. | -| **Declared configuration protocol**
          [23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| -| **Control File Explorer Home Recommended section**
          [23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| -| **Taskbar Button Policies**
          [23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| -| **Control Start Menu Recommended section**
          [23H2] | Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.| +| **Start menu layout**
          [22H2][22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | +| **Restricted User Experience**
          [23H2][23H2] | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. | +| **Declared configuration protocol**
          [23H2][23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| +| **Control File Explorer Home Recommended section**
          [23H2][23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| +| **Taskbar Button Policies**
          [23H2][23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| +| **Control Start Menu Recommended section**
          [23H2][23H2] | Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.| ## Networking @@ -118,13 +118,13 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | Feature
          [Release] | Description | | --- | --- | -| **Task Manager**
          [22H2]/[23H2] | A new command bar was added to each page to give access to common actions. Task Manager matches the system wide theme configured in Windows Settings. Added an efficiency mode that allows you to limit the resource usage of a process.
          Process filtering, theme settings, and the ability to opt out of efficiency mode notification were added to Task Manager. | -| **Taskbar overflow menu**
          [23H2] | The taskbar offers an entry point to a menu that shows all of your overflowed apps in one spot. | -| **Taskbar Optimize for touch**
          [23H2] | Taskbar touch optimization is available for devices that can be used as a tablet. Once enabled, the user can switch between a collapsed taskbar, saving screen space, and an expanded taskbar, optimized for touch. The taskbar changes to this optimized version when you disconnect or fold back the keyboard on a 2-in-1 device. To enable or disable this feature on a tablet capable device, go to Settings > Personalization > Taskbar > Taskbar behaviors. See also [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913) | -| **File Explorer Tabs**
          [23H2] | File Explorer includes tabs to help you organize your File Explorer sessions. | -| **Windows Ink as input**
          [23H2] | Windows Ink allows users to handwrite directly onto most editable fields | -| **Uninstall Win32 app**
          [23H2] | Selecting Uninstall for a Win32 app from the right-click menu uses the Installed Apps page in Settings rather than Programs and Features in Control Panel. For more information, see [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) | -| **Dev Drive**
          [23H2] | Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/) and [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310). | +| **Task Manager**
          [22H2][22H2]/[23H2][23H2] | A new command bar was added to each page to give access to common actions. Task Manager matches the system wide theme configured in Windows Settings. Added an efficiency mode that allows you to limit the resource usage of a process.
          Process filtering, theme settings, and the ability to opt out of efficiency mode notification were added to Task Manager. | +| **Taskbar overflow menu**
          [23H2][23H2] | The taskbar offers an entry point to a menu that shows all of your overflowed apps in one spot. | +| **Taskbar Optimize for touch**
          [23H2][23H2] | Taskbar touch optimization is available for devices that can be used as a tablet. Once enabled, the user can switch between a collapsed taskbar, saving screen space, and an expanded taskbar, optimized for touch. The taskbar changes to this optimized version when you disconnect or fold back the keyboard on a 2-in-1 device. To enable or disable this feature on a tablet capable device, go to Settings > Personalization > Taskbar > Taskbar behaviors. See also [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913) | +| **File Explorer Tabs**
          [23H2][23H2] | File Explorer includes tabs to help you organize your File Explorer sessions. | +| **Windows Ink as input**
          [23H2][23H2] | Windows Ink allows users to handwrite directly onto most editable fields | +| **Uninstall Win32 app**
          [23H2][23H2] | Selecting Uninstall for a Win32 app from the right-click menu uses the Installed Apps page in Settings rather than Programs and Features in Control Panel. For more information, see [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) | +| **Dev Drive**
          [23H2][23H2] | Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/) and [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310). | | **High Efficiency Video Coding (HEVC) support**
          [22H2] | HEVC is designed to take advantage of hardware capabilities on some newer devices to support 4K and Ultra HD content. For devices that don't have hardware support for HEVC videos, software support is provided, but the playback experience might vary based on the video resolution and your devices performance. | | **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | | **Windows location improvements**
          [24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. Users can view and modify which apps can access the list of Wi-Fi networks and manage notifications from **Settings** > **Privacy & security** > **Location**. | @@ -133,4 +133,10 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur ## Related links - [Windows Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release. -- [Release information](/windows/release-health/windows11-release-information) \ No newline at end of file +- [Release information](/windows/release-health/windows11-release-information) + + +[21H1]: windows-11-overview.md +[22H2]: whats-new-windows-11-version-22H2.md +[23H2]: whats-new-windows-11-version-23H2.md + \ No newline at end of file From ab6bed746a4d37a06b0c7011c0e408d0c28eaa20 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 25 Sep 2024 11:24:17 -0700 Subject: [PATCH 092/164] edits, linking --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index a7d6bf95e4..72fdf241dc 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -136,7 +136,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur - [Release information](/windows/release-health/windows11-release-information) -[21H1]: windows-11-overview.md -[22H2]: whats-new-windows-11-version-22H2.md -[23H2]: whats-new-windows-11-version-23H2.md - \ No newline at end of file +[21H1]: ..\windows-11-overview.md +[22H2]: ..\whats-new-windows-11-version-22H2.md +[23H2]: ..\whats-new-windows-11-version-23h2.md + \ No newline at end of file From a6db42a02496d61a2904896eb22a289d3fcac33e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 25 Sep 2024 11:25:36 -0700 Subject: [PATCH 093/164] edits, linking --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 72fdf241dc..627d6e1430 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -136,7 +136,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur - [Release information](/windows/release-health/windows11-release-information) -[21H1]: ..\windows-11-overview.md +[21H2]: ..\windows-11-overview.md [22H2]: ..\whats-new-windows-11-version-22H2.md [23H2]: ..\whats-new-windows-11-version-23h2.md \ No newline at end of file From dc0eda847ad591b00d31eb6d2f28eb878e23df1c Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:48:06 -0700 Subject: [PATCH 094/164] Add auto image borders and/or lightboxes to aid legibility --- .../design-create-appid-tagging-policies.md | 2 +- .../deployment/audit-appcontrol-policies.md | 4 ++-- ...create-code-signing-cert-for-appcontrol.md | 2 +- ...-appcontrol-policies-using-group-policy.md | 2 +- .../deploy-appcontrol-policies-with-memcm.md | 20 +++++++++---------- ...loy-catalog-files-to-support-appcontrol.md | 6 +++--- ...ntrol-wizard-create-supplemental-policy.md | 6 +++--- .../appcontrol-wizard-editing-policy.md | 2 +- .../appcontrol-wizard-merging-policies.md | 2 +- .../appcontrol-wizard-parsing-event-logs.md | 15 +++++--------- ...-guard-secure-launch-and-smm-protection.md | 4 ++-- 11 files changed, 30 insertions(+), 35 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index 26940bd0e3..f330f24100 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -18,7 +18,7 @@ You can use the App Control for Business Wizard and the PowerShell commands to c Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/appcontrol-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. - ![Configuring the policy base and template.](../images/appid-appcontrol-wizard-1.png) + :::image type="content" alt-text="Configuring the policy base and template." source="../images/appid-appcontrol-wizard-1.png" lightbox="../images/appid-appcontrol-wizard-1.png"::: > [!NOTE] > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies). diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md index 59a910aa0f..6f8919e77d 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md @@ -25,8 +25,8 @@ To familiarize yourself with creating App Control rules from audit events, follo 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding App Control events](../operations/event-id-explanations.md). - **Figure 1. Exceptions to the deployed App Control policy** - ![Event showing exception to App Control policy.](../images/dg-fig23-exceptionstocode.png) + **Figure 1. Exceptions to the deployed App Control policy**
          + :::image type="content" alt-text="Event showing exception to App Control policy." source="../images/dg-fig23-exceptionstocode.png"::: 3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create an App Control policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md index 6da9a96b92..773daf6a82 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md @@ -75,7 +75,7 @@ Now that the template is available to be issued, you must request one from the c 4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4. - ![Request Certificates: more information required.](../images/dg-fig31-getmoreinfo.png) + :::image type="content" alt-text="Request Certificates: more information required." source="../images/dg-fig31-getmoreinfo.png"::: Figure 4. Get more information for your code signing certificate diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md index 885c8d0203..03cfad7165 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md @@ -50,7 +50,7 @@ To deploy and manage an App Control for Business policy with Group Policy: > [!NOTE] > This policy file does not need to be copied to every computer. You can instead copy the App Control policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers. - ![Group Policy called Deploy App Control for Business.](../images/dg-fig26-enablecode.png) + :::image type="content" alt-text="Group Policy called Deploy App Control for Business." source="../images/dg-fig26-enablecode.png"::: > [!NOTE] > You may have noticed that the GPO setting references a .p7b file, but the file extension and name of the policy binary do not matter. Regardless of what you name your policy binary, they are all converted to SIPolicy.p7b when applied to the client computers running Windows 10. If you are deploying different App Control policies to different sets of devices, you may want to give each of your App Control policies a friendly name and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository. diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md index ae36e1b394..5baec955a9 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md @@ -28,49 +28,49 @@ Configuration Manager doesn't remove policies once deployed. To stop enforcement 1. Select **Asset and Compliance** > **Endpoint Protection** > **App Control for Business** > **Create Application Control Policy** - ![Create an App Control policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg) + :::image type="content" alt-text="Create an App Control policy in Configuration Manager." source="../images/memcm/memcm-create-appcontrol-policy.jpg"::: 2. Enter the name of the policy > **Next** 3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes** 4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only) 5. Select **Next** - ![Create an enforced App Control policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy-2.jpg) + :::image type="content" alt-text="Create an enforced App Control policy in Configuration Manager." source="../images/memcm/memcm-create-appcontrol-policy-2.jpg"::: 6. Select **Add** to begin creating rules for trusted software - ![Create an App Control path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg) + :::image type="content" alt-text="Create an App Control path rule in Configuration Manager." source="../images/memcm/memcm-create-appcontrol-rule.jpg"::: 7. Select **File** or **Folder** to create a path rule > **Browse** - ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-appcontrol-rule-2.jpg) + :::image type="content" alt-text="Select a file or folder to create a path rule." source="../images/memcm/memcm-create-appcontrol-rule-2.jpg"::: 8. Select the executable or folder for your path rule > **OK** - ![Select the executable file or folder.](../images/memcm/memcm-create-appcontrol-rule-3.jpg) + :::image type="content" alt-text="Select the executable file or folder." source="../images/memcm/memcm-create-appcontrol-rule-3.jpg"::: 9. Select **OK** to add the rule to the table of trusted files or folder 10. Select **Next** to navigate to the summary page > **Close** - ![Confirm the App Control path rule in Configuration Manager.](../images/memcm/memcm-confirm-appcontrol-rule.jpg) + :::image type="content" alt-text="Confirm the App Control path rule in Configuration Manager." source="../images/memcm/memcm-confirm-appcontrol-rule.jpg"::: ### Deploy the App Control policy in Configuration Manager 1. Right-click the newly created policy > **Deploy Application Control Policy** - ![Deploy App Control via Configuration Manager.](../images/memcm/memcm-deploy-appcontrol.jpg) + :::image type="content" alt-text="Deploy App Control via Configuration Manager." source="../images/memcm/memcm-deploy-appcontrol.jpg"::: 2. Select **Browse** - ![Select Browse.](../images/memcm/memcm-deploy-appcontrol-2.jpg) + :::image type="content" alt-text="Select Browse." source="../images/memcm/memcm-deploy-appcontrol-2.jpg"::: 3. Select the Device Collection you created earlier > **OK** - ![Select the device collection.](../images/memcm/memcm-deploy-appcontrol-3.jpg) + :::image type="content" alt-text="Select the device collection." source="../images/memcm/memcm-deploy-appcontrol-3.jpg"::: 4. Change the schedule > **OK** - ![Change the App Control deployment schedule.](../images/memcm/memcm-deploy-appcontrol-4.jpg) + :::image type="content" alt-text="Change the App Control deployment schedule." source="../images/memcm/memcm-deploy-appcontrol-4.jpg"::: For more information on using Configuration Manager's native App Control policies, see [App Control for Business management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager). diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md index 2c21e89039..cf222d2d4a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md @@ -108,7 +108,7 @@ For the code signing certificate that you use to sign the catalog file, import i 3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. - ![Digital Signature list in file Properties.](../images/dg-fig12-verifysigning.png) + :::image type="content" alt-text="Digital Signature list in file Properties." source="../images/dg-fig12-verifysigning.png"::: Figure 1. Verify that the signing certificate exists. @@ -131,7 +131,7 @@ The following process walks you through the deployment of a signed catalog file > [!NOTE] > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining App Control policies. - ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png) + :::image type="content" alt-text="Group Policy Management, create a GPO." source="../images/dg-fig13-createnewgpo.png"::: Figure 2. Create a new GPO. @@ -141,7 +141,7 @@ The following process walks you through the deployment of a signed catalog file 5. Within the selected GPO, navigate to **Computer Configuration\\Preferences\\Windows Settings\\Files**. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3. - ![Group Policy Management Editor, New File.](../images/dg-fig14-createnewfile.png) + :::image type="content" alt-text="Group Policy Management Editor, New File." source="../images/dg-fig14-createnewfile.png"::: Figure 3. Create a new file. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md index 03c7231e74..5d17f8fd6f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md @@ -22,11 +22,11 @@ Once the Supplemental Policy type is chosen on the New Policy page, policy name If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed. -![Wizard confirms modification of base policy.](../images/appcontrol-wizard-confirm-base-policy-modification.png) +:::image type="content" alt-text="Wizard confirms modification of base policy." source="../images/appcontrol-wizard-confirm-base-policy-modification.png"::: Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-appcontrol-policies.md). -![Wizard detects a bad base policy.](../images/appcontrol-wizard-supplemental-not-base.png) +:::image type="content" alt-text="Wizard detects a bad base policy." source="../images/appcontrol-wizard-supplemental-not-base.png"::: ## Configuring Policy Rules @@ -44,7 +44,7 @@ Supplemental policies can only configure three policy rules. The following table | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. | | **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. | -![Rule options UI for Windows Allowed mode.](../images/appcontrol-wizard-supplemental-policy-rule-options-UI.png) +:::image type="content" alt-text="Rule options UI for Windows Allowed mode." source="../images/appcontrol-wizard-supplemental-policy-rule-options-UI.png"::: ## Creating custom file rules diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 0386faab8c..f6c6797de5 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -35,7 +35,7 @@ Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more The App Control Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule will highlight the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard will prompt for user confirmation before removing the file rule. Once removed, the rule will no longer appear in the policy or the table. -![Removing file rule from policy during edit.](../images/appcontrol-wizard-edit-remove-file-rule.png) +:::image type="content" alt-text="Removing file rule from policy during edit." source="../images/appcontrol-wizard-edit-remove-file-rule.png"::: **Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md index a7099a7c32..a0c8c1e69a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md @@ -17,4 +17,4 @@ Select the policies you wish to merge into one policy using the `+ Add Policy` b Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy. -![Merging App Control policies into a final App Control policy.](../images/appcontrol-wizard-merge.png) +:::image type="content" alt-text="Merging App Control policies into a final App Control policy." source="../images/appcontrol-wizard-merge.png"::: diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md index c2cfced0cc..2f94b6e7c6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md @@ -26,8 +26,7 @@ To create rules from the App Control event logs on the system: The Wizard parses the relevant audit and block events from the CodeIntegrity (App Control) Operational and AppLocker MSI and Script logs. You see a notification when the Wizard successfully finishes reading the events. - > [!div class="mx-imgBorder"] - > [![Parse App Control and AppLocker event log system events](../images/appcontrol-wizard-event-log-system.png)](../images/appcontrol-wizard-event-log-system-expanded.png) + :::image type="content" alt-text="Parse App Control and AppLocker event log system events." source="../images/appcontrol-wizard-event-log-system.png" lightbox="../images/appcontrol-wizard-event-log-system.png"::: 4. Select the Next button to view the audit and block events and create rules. 5. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -43,8 +42,7 @@ To create rules from the App Control `.EVTX` event logs files on the system: The Wizard parses the relevant audit and block events from the selected log files. You see a notification when the Wizard successfully finishes reading the events. - > [!div class="mx-imgBorder"] - > [![Parse evtx file App Control events](../images/appcontrol-wizard-event-log-files.png)](../images/appcontrol-wizard-event-log-files-expanded.png) + :::image type="content" alt-text="Parse evtx file App Control events" source="../images/appcontrol-wizard-event-log-files.png" lightbox="../images/appcontrol-wizard-event-log-files.png"::: 5. Select the Next button to view the audit and block events and create rules. 6. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -80,8 +78,7 @@ To create rules from the App Control events in [MDE Advanced Hunting](../operati 2. Export the App Control event results by selecting the **Export** button in the results view. - > [!div class="mx-imgBorder"] - > [![Export the MDE Advanced Hunting results to CSV](../images/appcontrol-wizard-event-log-mde-ah-export.png)](../images/appcontrol-wizard-event-log-mde-ah-export-expanded.png) + :::image type="content" alt-text="Export the MDE Advanced Hunting results to CSV" source="../images/appcontrol-wizard-event-log-mde-ah-export.png" lightbox="../images/appcontrol-wizard-event-log-mde-ah-export.png"::: 3. Select **Policy Editor** from the main page. 4. Select **Convert Event Log to an App Control Policy**. @@ -90,8 +87,7 @@ To create rules from the App Control events in [MDE Advanced Hunting](../operati The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You see a notification when the Wizard successfully finishes reading the events. - > [!div class="mx-imgBorder"] - > [![Parse the Advanced Hunting CSV App Control event files](../images/appcontrol-wizard-event-log-mde-ah-parsing.png)](../images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png) + :::image type="content" alt-text="Parse the Advanced Hunting CSV App Control event files." source="../images/appcontrol-wizard-event-log-mde-ah-parsing.png" lightbox="../images/appcontrol-wizard-event-log-mde-ah-parsing.png"::: 7. Select the Next button to view the audit and block events and create rules. 8. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -107,8 +103,7 @@ To create a rule and add it to the App Control policy: 3. Select the attributes and fields that should be added to the policy rules using the checkboxes provided for the rule type. 4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label is shown in the selected row confirming that the rule will be generated. - > [!div class="mx-imgBorder"] - > [![Adding a publisher rule to the App Control policy](../images/appcontrol-wizard-event-rule-creation.png)](../images/appcontrol-wizard-event-rule-creation-expanded.png) + :::image type="content" alt-text="Adding a publisher rule to the App Control policy" source="../images/appcontrol-wizard-event-rule-creation.png" lightbox="../images/appcontrol-wizard-event-rule-creation.png"::: 5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies. diff --git a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md index 24de29841e..af01702227 100644 --- a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md @@ -30,7 +30,7 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM) 1. Select **Start** > type and then select **Edit group policy**. 1. Select **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn On Virtualization Based Security** > **Secure Launch Configuration**. - ![Secure Launch Configuration.](images/secure-launch-group-policy.png) + :::image type="content" alt-text="Secure Launch Configuration." source="images/secure-launch-group-policy.png" lightbox="images/secure-launch-group-policy.png"::: ### Windows Security @@ -52,7 +52,7 @@ Select **Start** > **Settings** > **Update & Security** > **Windows Security** > To verify that Secure Launch is running, use System Information (MSInfo32). Select **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**. -![Verifying Secure Launch is running in the Windows Security settings.](images/secure-launch-msinfo.png) +:::image type="content" alt-text="Verifying Secure Launch is running in the Windows Security settings." source="images/secure-launch-msinfo.png" lightbox="images/secure-launch-msinfo.png"::: > [!NOTE] > To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md), [Credential Guard](../identity-protection/credential-guard/index.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs). From 8ee327110331ff0f35216b40f1221b2341485875 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:28:24 -0700 Subject: [PATCH 095/164] Corrections to code blocks: indentation, content types --- .../design-create-appid-tagging-policies.md | 4 +- .../deployment/appcontrol-deployment-guide.md | 32 +++---- .../deployment/disable-appcontrol-policies.md | 2 +- .../appcontrol-wizard-editing-policy.md | 10 +-- .../appcontrol-wizard-parsing-event-logs.md | 4 +- ...ontrol-policy-for-fully-managed-devices.md | 87 ++++++++++--------- .../operations/citool-commands.md | 22 ++--- .../operations/known-issues.md | 4 +- ...events-centrally-using-advanced-hunting.md | 6 +- ...tion-based-protection-of-code-integrity.md | 26 +++--- 10 files changed, 102 insertions(+), 95 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index f330f24100..69df945159 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -92,8 +92,8 @@ After creating your AppId Tagging policy in the above steps, you can deploy the 2. Optionally, deploy it for local testing: ```powershell - copy ".\{Policy ID}.cip" c:\windows\system32\codeintegrity\CiPolicies\Active\ - ./RefreshPolicy.exe + copy ".\{Policy ID}.cip" c:\windows\system32\codeintegrity\CiPolicies\Active\ + ./RefreshPolicy.exe ``` RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925). diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md index b3ba7121e7..4ee7ef2757 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md @@ -16,23 +16,23 @@ You should now have one or more App Control for Business policies ready to deplo Before you deploy your App Control policies, you must first convert the XML to its binary form. You can do this using the following PowerShell example. You must set the $AppControlPolicyXMLFile variable to point to your App Control policy XML file. - ```powershell - ## Update the path to your App Control policy XML - $AppControlPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyAppControlPolicy.xml" - [xml]$AppControlPolicy = Get-Content -Path $AppControlPolicyXMLFile - if (($AppControlPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022) - { - $PolicyID = $AppControlPolicy.SiPolicy.PolicyID - $PolicyBinary = $PolicyID+".cip" - } - else ## Single policy format (Windows Server 2016 and 2019, and Windows 10 1809 LTSC) - { - $PolicyBinary = "SiPolicy.p7b" - } +```powershell +## Update the path to your App Control policy XML +$AppControlPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyAppControlPolicy.xml" +[xml]$AppControlPolicy = Get-Content -Path $AppControlPolicyXMLFile +if (($AppControlPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022) +{ + $PolicyID = $AppControlPolicy.SiPolicy.PolicyID + $PolicyBinary = $PolicyID+".cip" +} +else ## Single policy format (Windows Server 2016 and 2019, and Windows 10 1809 LTSC) +{ + $PolicyBinary = "SiPolicy.p7b" +} - ## Binary file will be written to your desktop - ConvertFrom-CIPolicy -XmlFilePath $AppControlPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary - ``` +## Binary file will be written to your desktop +ConvertFrom-CIPolicy -XmlFilePath $AppControlPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary +``` ## Plan your deployment diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md index a3add21030..f1e65d8fff 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md @@ -43,7 +43,7 @@ To make a policy effectively inactive before removing it, you can first replace Beginning with the Windows 11 2022 Update, you can remove App Control policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the App Control policy you want to remove: ```powershell - CiTool.exe -rp "{PolicyId GUID}" -json +CiTool.exe -rp "{PolicyId GUID}" -json ``` Then restart the computer. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index f6c6797de5..111961661b 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -40,11 +40,11 @@ The App Control Wizard makes deleting file rules from an existing policy quick a **Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. ```xml - - - - - + + + + + ``` [comment]: <> (## Editing File Rules Coming soon!) diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md index 2f94b6e7c6..5e2b4e4017 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md @@ -53,13 +53,13 @@ To create rules from the App Control events in [MDE Advanced Hunting](../operati 1. Navigate to the Advanced Hunting section within the MDE console and query the App Control events. **The Wizard requires the following fields** in the Advanced Hunting csv file export: - ```KQL + ```kusto | project-keep Timestamp, DeviceId, DeviceName, ActionType, FileName, FolderPath, SHA1, SHA256, IssuerName, IssuerTBSHash, PublisherName, PublisherTBSHash, AuthenticodeHash, PolicyId, PolicyName ``` The following Advanced Hunting query is recommended: - ```KQL + ```kusto DeviceEvents // Take only App Control events | where ActionType startswith 'AppControlCodeIntegrity' diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md index 978a986c90..1563a69a95 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md @@ -61,47 +61,47 @@ Alice follows these steps to complete this task: 2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables: - ```powershell - $PolicyPath=$env:userprofile+"\Desktop\" - $PolicyName= "Lamna_FullyManagedClients_Audit" - $LamnaPolicy=$PolicyPath+$PolicyName+".xml" - $ConfigMgrPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml" - ``` + ```powershell + $PolicyPath=$env:userprofile+"\Desktop\" + $PolicyName= "Lamna_FullyManagedClients_Audit" + $LamnaPolicy=$PolicyPath+$PolicyName+".xml" + $ConfigMgrPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml" + ``` 3. Copy the policy created by Configuration Manager to the desktop: - ```powershell - cp $ConfigMgrPolicy $LamnaPolicy - ``` + ```powershell + cp $ConfigMgrPolicy $LamnaPolicy + ``` 4. Give the new policy a unique ID, descriptive name, and initial version number: - ```powershell - Set-CIPolicyIdInfo -FilePath $LamnaPolicy -PolicyName $PolicyName -ResetPolicyID - Set-CIPolicyVersion -FilePath $LamnaPolicy -Version "1.0.0.0" - ``` + ```powershell + Set-CIPolicyIdInfo -FilePath $LamnaPolicy -PolicyName $PolicyName -ResetPolicyID + Set-CIPolicyVersion -FilePath $LamnaPolicy -Version "1.0.0.0" + ``` 5. Modify the copied policy to set policy rules: - ```powershell - Set-RuleOption -FilePath $LamnaPolicy -Option 3 # Audit Mode - Set-RuleOption -FilePath $LamnaPolicy -Option 6 # Unsigned Policy - Set-RuleOption -FilePath $LamnaPolicy -Option 9 # Advanced Boot Menu - Set-RuleOption -FilePath $LamnaPolicy -Option 12 # Enforce Store Apps - Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer - Set-RuleOption -FilePath $LamnaPolicy -Option 16 # No Reboot - Set-RuleOption -FilePath $LamnaPolicy -Option 17 # Allow Supplemental - Set-RuleOption -FilePath $LamnaPolicy -Option 19 # Dynamic Code Security - ``` + ```powershell + Set-RuleOption -FilePath $LamnaPolicy -Option 3 # Audit Mode + Set-RuleOption -FilePath $LamnaPolicy -Option 6 # Unsigned Policy + Set-RuleOption -FilePath $LamnaPolicy -Option 9 # Advanced Boot Menu + Set-RuleOption -FilePath $LamnaPolicy -Option 12 # Enforce Store Apps + Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer + Set-RuleOption -FilePath $LamnaPolicy -Option 16 # No Reboot + Set-RuleOption -FilePath $LamnaPolicy -Option 17 # Allow Supplemental + Set-RuleOption -FilePath $LamnaPolicy -Option 19 # Dynamic Code Security + ``` 6. If appropriate, add more signer or file rules to further customize the policy for your organization. 7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the App Control for Business policy to a binary format: ```powershell - [xml]$PolicyXML = Get-Content $LamnaPolicy - $LamnaPolicyBin = Join-Path $PolicyPath "$($PolicyXML.SiPolicy.PolicyID).cip" - ConvertFrom-CIPolicy $LamnaPolicy $LamnaPolicyBin + [xml]$PolicyXML = Get-Content $LamnaPolicy + $LamnaPolicyBin = Join-Path $PolicyPath "$($PolicyXML.SiPolicy.PolicyID).cip" + ConvertFrom-CIPolicy $LamnaPolicy $LamnaPolicyBin ``` 8. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). @@ -112,33 +112,40 @@ At this point, Alice now has an initial policy that is ready to deploy in audit Alice has defined a policy for Lamna's fully managed devices that makes some trade-offs between security and manageability for apps. Some of the trade-offs include: -- **Users with administrative access**
          - Although applying to fewer users, Lamna still allows some IT staff to sign in to its fully managed devices as administrator. This privilege allows these users (or malware running with the user's privileges) to modify or remove altogether the App Control policy applied on the device. Additionally, administrators can configure any app they wish to operate as a managed installer that would allow them to gain persistent app authorization for whatever apps or binaries they wish. +- **Users with administrative access** - Possible mitigations: + Although applying to fewer users, Lamna still allows some IT staff to sign in to its fully managed devices as administrator. This privilege allows these users (or malware running with the user's privileges) to modify or remove altogether the App Control policy applied on the device. Additionally, administrators can configure any app they wish to operate as a managed installer that would allow them to gain persistent app authorization for whatever apps or binaries they wish. + + Possible mitigations: - Use signed App Control policies and UEFI BIOS access protection to prevent tampering of App Control policies. - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer. - Use device attestation to detect the configuration state of App Control at boot time and use that information to condition access to sensitive corporate resources. -- **Unsigned policies**
          - Unsigned policies can be replaced or removed without consequence by any process running as administrator. Unsigned base policies that also enable supplemental policies can have their "circle-of-trust" altered by any unsigned supplemental policy. - Existing mitigations applied: +- **Unsigned policies** + + Unsigned policies can be replaced or removed without consequence by any process running as administrator. Unsigned base policies that also enable supplemental policies can have their "circle-of-trust" altered by any unsigned supplemental policy. + + Existing mitigations applied: - Limit who can elevate to administrator on the device. - Possible mitigations: + Possible mitigations: - Use signed App Control policies and UEFI BIOS access protection to prevent tampering of App Control policies. -- **Managed installer**
          - See [security considerations with managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md#security-considerations-with-managed-installer) - Existing mitigations applied: +- **Managed installer** + + See [security considerations with managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md#security-considerations-with-managed-installer) + + Existing mitigations applied: - Limit who can elevate to administrator on the device. - Possible mitigations: + Possible mitigations: - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer. -- **Supplemental policies**
          - Supplemental policies are designed to relax the associated base policy. Additionally allowing unsigned policies allows any administrator process to expand the "circle-of-trust" defined by the base policy without restriction. - Possible mitigations: +- **Supplemental policies**
          + + Supplemental policies are designed to relax the associated base policy. Additionally allowing unsigned policies allows any administrator process to expand the "circle-of-trust" defined by the base policy without restriction. + + Possible mitigations: - Use signed App Control policies that allow authorized signed supplemental policies only. - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection. diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md index d5dba038d4..c8bb39fb47 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md @@ -42,17 +42,17 @@ CiTool makes App Control for Business policy management easier for IT admins. Yo ### List policies (`--list-policies`) -```output - Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816 - Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816 - Friendly Name: Microsoft Windows Driver Policy - Version: 2814751463178240 - Platform Policy: true - Policy is Signed: true - Has File on Disk: false - Is Currently Enforced: true - Is Authorized: true - Status: 0 +```console +Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816 +Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816 +Friendly Name: Microsoft Windows Driver Policy +Version: 2814751463178240 +Platform Policy: true +Policy is Signed: true +Has File on Disk: false +Is Currently Enforced: true +Is Authorized: true +Status: 0 ``` | Attribute | Description | Example value | diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md index 5288f40a3e..018a5a86c7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md @@ -76,13 +76,13 @@ MSI installer files are always detected as user writeable on Windows 10, and on Installing .msi files directly from the internet to a computer protected by App Control fails. For example, this command fails: -```console +```cmd msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi ``` As a workaround, download the MSI file and run it locally: -```console +```cmd msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi ``` diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md index d6d7b0bf4d..d39105c4a1 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md @@ -8,7 +8,7 @@ ms.topic: troubleshooting # Querying App Control events centrally using Advanced hunting -an App Control for Business policy logs events locally in Windows Event Viewer in either enforced or audit mode. +An App Control for Business policy logs events locally in Windows Event Viewer in either enforced or audit mode. While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems. In November 2018, we added functionality in Microsoft Defender for Endpoint that makes it easy to view App Control events centrally from all connected systems. @@ -47,7 +47,7 @@ Query Example 1: Query the App Control action types summarized by type for past Here's a simple example query that shows all the App Control for Business events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint: -``` +```kusto DeviceEvents | where Timestamp > ago(7d) and ActionType startswith "AppControl" @@ -64,7 +64,7 @@ The query results can be used for several important functions related to managin Query Example #2: Query to determine audit blocks in the past seven days -``` +```kusto DeviceEvents | where ActionType startswith "AppControlExecutableAudited" | where Timestamp > ago(7d) diff --git a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md index d11b54e8b9..53dfb74978 100644 --- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md @@ -73,7 +73,7 @@ Set the following registry keys to enable memory integrity. These keys provide s Recommended settings (to enable memory integrity without UEFI Lock): -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f @@ -85,55 +85,55 @@ If you want to customize the preceding recommended settings, use the following r **To enable VBS only (no memory integrity)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f ``` **To enable VBS and require Secure boot only (value 1)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f ``` **To enable VBS with Secure Boot and DMA protection (value 3)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f ``` **To enable VBS without UEFI lock (value 0)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f ``` **To enable VBS with UEFI lock (value 1)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 1 /f ``` **To enable memory integrity** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f ``` **To enable memory integrity without UEFI lock (value 0)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f ``` **To enable memory integrity with UEFI lock (value 1)** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f ``` **To enable VBS (and memory integrity) in mandatory mode** -```console +```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Mandatory" /t REG_DWORD /d 1 /f ``` @@ -143,12 +143,12 @@ The **Mandatory** setting prevents the OS loader from continuing to boot in case > Special care should be used before enabling this mode, since, in case of any failure of the virtualization modules, the system will refuse to boot. **To gray out the memory integrity UI and display the message "This setting is managed by your administrator"** -```console +```cmd reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /f ``` **To let memory integrity UI behave normally (Not grayed out)** -```console +```cmd reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /t REG_DWORD /d 2 /f ``` @@ -269,7 +269,7 @@ Another method to determine the available and enabled VBS features is to run msi 2. Then, boot to Windows RE on the affected computer, see [Windows RE Technical Reference](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference). 3. After logging in to Windows RE, set the memory integrity registry key to off: - ```console + ```cmd reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f ``` From 839e36c30775df823a41b1606d7a2cb8dce7e15f Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:55:47 -0700 Subject: [PATCH 096/164] Correct note style --- .../design/appcontrol-wizard-editing-policy.md | 3 ++- .../app-control-for-business/operations/known-issues.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 111961661b..0143718e13 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -37,7 +37,8 @@ The App Control Wizard makes deleting file rules from an existing policy quick a :::image type="content" alt-text="Removing file rule from policy during edit." source="../images/appcontrol-wizard-edit-remove-file-rule.png"::: -**Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. +> [!NOTE] +> Removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. ```xml diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md index 018a5a86c7..4181691e76 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md @@ -50,7 +50,8 @@ When the App Control engine evaluates files against the active set of policies o Until you apply the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies. If the maximum number of policies is exceeded, the device bluescreens referencing ci.dll with a bug check value of 0x0000003b. Consider this maximum policy count limit when planning your App Control policies. Any [Windows inbox policies](inbox-appcontrol-policies.md) that are active on the device also count towards this limit. To remove the maximum policy limit, install the Windows security update released on, or after, April 9, 2024 and then restart the device. Otherwise, reduce the number of policies on the device to remain below 32 policies. -**Note:** The policy limit was not removed on Windows 11 21H2, and will remain limited to 32 policies. +> [!NOTE] +> The policy limit was not removed on Windows 11 21H2, and will remain limited to 32 policies. ### Audit mode policies can change the behavior for some apps or cause app crashes From c353de08bd36b68c28e75aec406f512b935d24b0 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:56:40 -0700 Subject: [PATCH 097/164] Correct font weight of table headings On Learn, table headings are bold by default, and in fact, a heavier weight font than standard bold. Adding formatting for bold results in a lighter weight font than is standard on Learn. --- .../design/example-appcontrol-base-policies.md | 2 +- .../operations/inbox-appcontrol-policies.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md index 02073ebcb4..fcc507dc75 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md @@ -12,7 +12,7 @@ ms.date: 09/11/2024 When you create policies for use with App Control for Business, start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods. -| **Example Base Policy** | **Description** | **Where it can be found** | +| Example Base Policy | Description | Where it can be found | |-------------------------|---------------------------------------------------------------|--------| | **DefaultWindows_\*.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for the [Microsoft Intune product family](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_\*.xml
          %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\DefaultWindows_Audit.xml | | **AllowMicrosoft.xml** | This example policy includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml
          %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\AllowMicrosoft.xml | diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md index b1a415cde3..f62b037cb4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md @@ -15,7 +15,7 @@ This article describes the App Control for Business policies that ship inbox wit ## Inbox App Control Policies -| **Policy Name** | **Policy ID** | **Policy Type** | **Description** | +| Policy Name | Policy ID | Policy Type | Description | |-----------|-----------|-----------|-----------| | **Microsoft Windows Driver Policy** | {d2bda982-ccf6-4344-ac5b-0b44427b6816} | Kernel-only Base policy | This policy blocks known [vulnerable or malicious kernel drivers](../design/microsoft-recommended-driver-block-rules.md). It's active by default on Windows 11 22H2, [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85), [Windows 11 SE](/education/windows/windows-11-se-overview), and anywhere [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity (HVCI)) is on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\driversipolicy.p7b` and in the EFI system partition at `\Microsoft\Boot\driversipolicy.p7b`. | | **Windows10S_Lockdown_Policy_Supplementable** | {5951a96a-e0b5-4d3d-8fb8-3e5b61030784} | Base policy | This policy is active on devices running [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85). Its policy binary file is found in the EFI system partition at `\Microsoft\Boot\winsipolicy.p7b`. | From 490522101c4d9c95d261958dfa3bbb849e8c01ac Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:57:22 -0700 Subject: [PATCH 098/164] Add vertical spacing for more consistent layout --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md index 53dfb74978..22b8f3245f 100644 --- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md @@ -54,7 +54,9 @@ Use the **Virtualization Based Technology** > **Hypervisor Enforced Code Integri 1. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**. 1. Double-click **Turn on Virtualization Based Security**. 1. Select **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled without UEFI lock**. Only select **Enabled with UEFI lock** if you want to prevent memory integrity from being disabled remotely or by policy update. Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity. + ![Enable memory integrity using Group Policy.](images/enable-hvci-gp.png) + 1. Select **Ok** to close the editor. To apply the new policy on a domain-joined computer, either restart or run `gpupdate /force` in an elevated Command Prompt. From 94da042ea5617c71b544189d1dd49f8127964bb8 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 15:01:30 -0700 Subject: [PATCH 099/164] Add automatic image borders --- .../AppIdTagging/design-create-appid-tagging-policies.md | 2 +- .../deployment/deploy-appcontrol-policies-using-group-policy.md | 2 +- .../design/appcontrol-wizard-create-supplemental-policy.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md index 69df945159..363d4b5dd8 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md @@ -25,7 +25,7 @@ You can use the App Control for Business Wizard and the PowerShell commands to c 2. Set the following rule-options using the Wizard toggles: - ![Configuring the policy rule-options.](../images/appid-appcontrol-wizard-2.png) + :::image type="content" alt-text="Configuring the policy rule-options." source="../images/appid-appcontrol-wizard-2.png"::: 3. Create custom rules: diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md index 03cfad7165..5efe8cdcdb 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md @@ -33,7 +33,7 @@ To deploy and manage an App Control for Business policy with Group Policy: > [!NOTE] > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining App Control policies (or keeping them separate), as discussed in [Plan for App Control for Business lifecycle policy management](../design/plan-appcontrol-management.md). - ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png) + :::image type="content" alt-text="Group Policy Management, create a GPO." source="../images/dg-fig24-creategpo.png"::: 3. Name the new GPO. You can choose any name. diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md index 5d17f8fd6f..3cd72d3fcd 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md @@ -78,7 +78,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Product name** | Specifies the name of the product with which the binary ships. | | **Internal name** | Specifies the internal name of the binary. | -![Custom file attributes rule.](../images/appcontrol-wizard-custom-file-attribute-rule.png) +:::image type="content" alt-text="Custom file attributes rule." source="../images/appcontrol-wizard-custom-file-attribute-rule.png"::: ### File Hash Rules From 9df0253ef6cbf1690fbc4ea6e8f6bff982fee47b Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Wed, 25 Sep 2024 15:01:45 -0700 Subject: [PATCH 100/164] Correct indentation in code blocks --- .../deploy-catalog-files-to-support-appcontrol.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md index cf222d2d4a..ff49b5a9fe 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md @@ -91,15 +91,15 @@ For the code signing certificate that you use to sign the catalog file, import i 1. Initialize the variables to use. Replace the `$ExamplePath` and `$CatFileName` variables as needed: ```powershell - $ExamplePath=$env:userprofile+"\Desktop" - $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat" - ``` + $ExamplePath=$env:userprofile+"\Desktop" + $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat" + ``` 2. Sign the catalog file with Signtool.exe: ```powershell - sign /n "ContosoSigningCert" /fd sha256 /v $CatFileName - ``` + sign /n "ContosoSigningCert" /fd sha256 /v $CatFileName + ``` > [!NOTE] > The `` variable should be the full path to the Signtool.exe utility. `ContosoSigningCert` represents the subject name of the certificate that you use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. From ee1d0c556d4e5057130539bb9c73114a20d7cca5 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 25 Sep 2024 15:45:02 -0700 Subject: [PATCH 101/164] edits, linking --- .../ltsc/whats-new-windows-11-2024.md | 79 +++++++++++++------ 1 file changed, 53 insertions(+), 26 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 627d6e1430..0f26b9dd77 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -53,7 +53,41 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | --- | --- | | **Internet Explorer** | Internet Explorer (IE) is no longer available in Windows 11 Enterprise LTSC 2024. However, you can use IE Mode if a website needs Internet Explorer. For more information, see [Internet Explorer (IE) Mode](/deployedge/edge-ie-mode) | | **Microsoft Edge**
          [21H2][21H2] | The Microsoft Edge browser is the default browser. For information about configuring Microsoft Edge on Windows, see [Configure Microsoft Edge policy settings on Windows devices](/deployedge/configure-microsoft-edge). | +| **File Explorer**
          [23H2][23H2]/[24H2] | **Tabs**:
          File Explorer includes tabs to help you organize your File Explorer sessions.
          **Context menu**:
          Support for creating 7-zip and TAR archives.
          **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard
          Labels were added to the context menu icons for actions like copy, paste, delete, and rename.| +| **Registry Editor**
          Search
          [24H2] | The Registry Editor supports limiting a search to the currently selected key and its descendants | +| **Remote Desktop**
          Connection improvements
          [24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**, provides zoom options of 350, 400, 450, and 500%, and improves the connection bar design | +| **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | +## Developer + +| Feature
          [Release] | Description | +| --- | --- | +| **Arm64EC (Emulation Compatible)** | Code built as Arm64EC is interoperable with x64 code running under emulation within the same process. The Arm64EC code in the process runs with native performance, while any x64 code runs using emulation that comes built-in with Windows 11. For more information, see [Arm64EC - Build and port apps for native performance on Arm](/windows/arm/arm64ec)| +| **Power Grid Forecast**
          [24H2] | The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data varies by region. | +| **Energy saver notification callback**
          [24H2] | Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) | +| **Effective Power Mode**
          [24H2] | Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode. | + +## Management + +| Feature
          [Release] | Description | +| --- | --- | +| **Microsoft Intune**
          [21H2][21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

          If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. | +| **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| +| **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | +| **Start menu layout**
          [22H2][22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | +| **Restricted User Experience**
          [23H2][23H2] | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. | +| **Declared configuration protocol**
          [23H2][23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| +| **Control File Explorer Home Recommended section**
          [23H2][23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| +| **Taskbar Button Policies**
          [23H2][23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| +| **Control Start Menu Recommended section**
          [23H2][23H2] | Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.| +| **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | + +## Networking + +| Feature
          [Release] | Description | +| --- | --- | +| **Wi-Fi 7 consumer access points**
          [24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Wi-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | +| **Windows location improvements**
          [24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**. A new prompt appears the first time an app attempts to access your location or Wi-Fi information. Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change. | ## Security @@ -77,10 +111,15 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Web sign-in for Windows**
          [23H2][23H2] | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). | | **Federated sign-in**
          [23H2][23H2] | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). | | **Windows Hello for Business authentication improvement**
          [23H2][23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | -| **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| +| **App Control for Business**
          [24H2] | Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital property from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol).| | **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | | **Rust in the Windows kernel**
          [24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | | **SHA-3 support**
          [24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms is the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | +| **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| +| **Windows LAPS**
          Automatic account management
          [24H2] | [Windows Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. Admins can configure Windows LAPS to:
            • Automatically create the managed local account
            • Configure name of account
            • Enable or disable the account
            • Randomize the name of the account | +| **Windows LAPS**
          Policy improvements
          [24H2]|   • Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy
            • Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase
            • Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number 0 and the letter O aren't used in the password since the characters can be confused.
            • Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. | +| **Windows LAPS**
          Image rollback detection
          [24H2] | Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). | +| **Windows protected print mode**
          [24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | ## Servicing @@ -92,47 +131,35 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| | **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | | **Checkpoint cumulative updates**
          [24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | -| **Windows protected print mode**
          [24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | - -## Management - -| Feature
          [Release] | Description | -| --- | --- | -| **Microsoft Intune**
          [21H2][21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

          If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. | -| **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| -| **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | -| **Start menu layout**
          [22H2][22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | -| **Restricted User Experience**
          [23H2][23H2] | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. | -| **Declared configuration protocol**
          [23H2][23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| -| **Control File Explorer Home Recommended section**
          [23H2][23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| -| **Taskbar Button Policies**
          [23H2][23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| -| **Control Start Menu Recommended section**
          [23H2][23H2] | Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.| - -## Networking - -| Feature
          [Release] | Description | -| --- | --- | -| **Wi-Fi 7 consumer access points**
          [24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Wi-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | ## User Experience | Feature
          [Release] | Description | | --- | --- | +| **High Efficiency Video Coding (HEVC) support**
          [22H2] | HEVC is designed to take advantage of hardware capabilities on some newer devices to support 4K and Ultra HD content. For devices that don't have hardware support for HEVC videos, software support is provided, but the playback experience might vary based on the video resolution and your devices performance. | | **Task Manager**
          [22H2][22H2]/[23H2][23H2] | A new command bar was added to each page to give access to common actions. Task Manager matches the system wide theme configured in Windows Settings. Added an efficiency mode that allows you to limit the resource usage of a process.
          Process filtering, theme settings, and the ability to opt out of efficiency mode notification were added to Task Manager. | | **Taskbar overflow menu**
          [23H2][23H2] | The taskbar offers an entry point to a menu that shows all of your overflowed apps in one spot. | | **Taskbar Optimize for touch**
          [23H2][23H2] | Taskbar touch optimization is available for devices that can be used as a tablet. Once enabled, the user can switch between a collapsed taskbar, saving screen space, and an expanded taskbar, optimized for touch. The taskbar changes to this optimized version when you disconnect or fold back the keyboard on a 2-in-1 device. To enable or disable this feature on a tablet capable device, go to Settings > Personalization > Taskbar > Taskbar behaviors. See also [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913) | -| **File Explorer Tabs**
          [23H2][23H2] | File Explorer includes tabs to help you organize your File Explorer sessions. | | **Windows Ink as input**
          [23H2][23H2] | Windows Ink allows users to handwrite directly onto most editable fields | | **Uninstall Win32 app**
          [23H2][23H2] | Selecting Uninstall for a Win32 app from the right-click menu uses the Installed Apps page in Settings rather than Programs and Features in Control Panel. For more information, see [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310) | | **Dev Drive**
          [23H2][23H2] | Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/) and [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310). | -| **High Efficiency Video Coding (HEVC) support**
          [22H2] | HEVC is designed to take advantage of hardware capabilities on some newer devices to support 4K and Ultra HD content. For devices that don't have hardware support for HEVC videos, software support is provided, but the playback experience might vary based on the video resolution and your devices performance. | -| **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | -| **Windows location improvements**
          [24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. Users can view and modify which apps can access the list of Wi-Fi networks and manage notifications from **Settings** > **Privacy & security** > **Location**. | +## Features Removed + +The following [deprecated features](/windows/whats-new/deprecated-features) and [removed features](/windows/whats-new/removed-features) are removed in Windows 11 Enterprise LTSC 2024: + +| Feature | Description | +|---------|-------------| +| **WordPad**
          [24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | +| **Alljoyn**
          [24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | + ## Related links - [Windows Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release. +- [Windows 11 requirements](/windows/whats-new/windows-11-requirements) +- [Plan for Windows 11](/windows/whats-new/windows-11-plan) +- [Prepare for Windows 11](/windows/whats-new/windows-11-prepare) - [Release information](/windows/release-health/windows11-release-information) From 50a48fc35e52cb1baa676edebb5066e21d32a2ff Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 08:01:44 -0700 Subject: [PATCH 102/164] edits --- windows/whats-new/ltsc/overview.md | 2 +- .../ltsc/whats-new-windows-11-2024.md | 50 +++++++++---------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/whats-new/ltsc/overview.md b/windows/whats-new/ltsc/overview.md index c057558bb7..1ac5c31aeb 100644 --- a/windows/whats-new/ltsc/overview.md +++ b/windows/whats-new/ltsc/overview.md @@ -42,7 +42,7 @@ The following table summarizes equivalent feature update versions of Windows LTS With the LTSC servicing model, you can delay receiving *feature* updates and instead only receive monthly *quality* updates on devices. Features from Windows 10 and 11 that could be updated with new functionality, including Microsoft Edge and in-box Windows apps, are also not included. Feature updates are offered in new LTSC releases every several years instead of every few months. You can choose to install them as in-place upgrades, or even skip releases, what's best for your business requirements. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or search the [product lifecycle information](/lifecycle/products/) page. > [!IMPORTANT] -> The long-term servicing channel isn't intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides a deployment option for special-purpose devices and environments. These devices typically do a single important task and don't need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC doesn't change for the lifetime of the release, over time there might be some external tools that don't continue to provide legacy support. For more information, see [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). +> The long-term servicing channel isn't intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows provides a deployment option for special-purpose devices and environments. These devices typically do a single important task and don't need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC doesn't change for the lifetime of the release, over time there might be some external tools that don't continue to provide legacy support. For more information, see [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). For more information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview). diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 0f26b9dd77..78d4a20234 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -42,8 +42,8 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | **Windows accessibility**
          [22H2][22H2] | Improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator.
          For more information, see:
            • [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)
            • [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554)
            • [Accessibility information for IT professionals](/windows/configuration/windows-10-accessibility-for-itpros). | | **Braille displays**
          [23H2][23H2] | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). | | **Narrator improvements**
          [23H2][23H2] | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1). | -| **Bluetooth ® LE audio support for assistive devices**
          [24H2] | Windows has taken a significant step forward in accessibility by supporting the use of assistive hearing devices equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). | -| **Remote Desktop Connection improvements**
          [24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. Remote Desktop Connection supports zoom options of 350, 400, 450, and 500%. | +| **Bluetooth ® LE audio support for assistive devices**
          [24H2][24H2] | Windows has taken a significant step forward in accessibility by supporting the use of assistive hearing devices equipped with the latest Bluetooth ® Low Energy Audio technology. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). | +| **Remote Desktop Connection improvements**
          [24H2][24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. Remote Desktop Connection supports zoom options of 350, 400, 450, and 500%. | ## Applications @@ -53,19 +53,19 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | --- | --- | | **Internet Explorer** | Internet Explorer (IE) is no longer available in Windows 11 Enterprise LTSC 2024. However, you can use IE Mode if a website needs Internet Explorer. For more information, see [Internet Explorer (IE) Mode](/deployedge/edge-ie-mode) | | **Microsoft Edge**
          [21H2][21H2] | The Microsoft Edge browser is the default browser. For information about configuring Microsoft Edge on Windows, see [Configure Microsoft Edge policy settings on Windows devices](/deployedge/configure-microsoft-edge). | -| **File Explorer**
          [23H2][23H2]/[24H2] | **Tabs**:
          File Explorer includes tabs to help you organize your File Explorer sessions.
          **Context menu**:
          Support for creating 7-zip and TAR archives.
          **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard
          Labels were added to the context menu icons for actions like copy, paste, delete, and rename.| -| **Registry Editor**
          Search
          [24H2] | The Registry Editor supports limiting a search to the currently selected key and its descendants | -| **Remote Desktop**
          Connection improvements
          [24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**, provides zoom options of 350, 400, 450, and 500%, and improves the connection bar design | -| **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | +| **File Explorer**
          [23H2][23H2]/[24H2][24H2] | **Tabs**:
          File Explorer includes tabs to help you organize your File Explorer sessions.
          **Context menu**:
          Support for creating 7-zip and TAR archives.
          **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard
          Labels were added to the context menu icons for actions like copy, paste, delete, and rename.| +| **Registry Editor**
          Search
          [24H2][24H2] | The Registry Editor supports limiting a search to the currently selected key and its descendants | +| **Remote Desktop**
          Connection improvements
          [24H2][24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**, provides zoom options of 350, 400, 450, and 500%, and improves the connection bar design | +| **Sudo for Windows**
          [24H2][24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | ## Developer | Feature
          [Release] | Description | | --- | --- | | **Arm64EC (Emulation Compatible)** | Code built as Arm64EC is interoperable with x64 code running under emulation within the same process. The Arm64EC code in the process runs with native performance, while any x64 code runs using emulation that comes built-in with Windows 11. For more information, see [Arm64EC - Build and port apps for native performance on Arm](/windows/arm/arm64ec)| -| **Power Grid Forecast**
          [24H2] | The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data varies by region. | -| **Energy saver notification callback**
          [24H2] | Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) | -| **Effective Power Mode**
          [24H2] | Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode. | +| **Power Grid Forecast**
          [24H2][24H2] | The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data varies by region. | +| **Energy saver notification callback**
          [24H2][24H2] | Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) | +| **Effective Power Mode**
          [24H2][24H2] | Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode. | ## Management @@ -80,14 +80,14 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | **Control File Explorer Home Recommended section**
          [23H2][23H2] | Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.| | **Taskbar Button Policies**
          [23H2][23H2] | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).| | **Control Start Menu Recommended section**
          [23H2][23H2] | Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start).
          To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.| -| **Sudo for Windows**
          [24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | +| **Sudo for Windows**
          [24H2][24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). | ## Networking | Feature
          [Release] | Description | | --- | --- | -| **Wi-Fi 7 consumer access points**
          [24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Wi-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | -| **Windows location improvements**
          [24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**. A new prompt appears the first time an app attempts to access your location or Wi-Fi information. Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change. | +| **Wi-Fi 7 consumer access points**
          [24H2][24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices. For more information, see the Wi-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). | +| **Windows location improvements**
          [24H2][24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**. A new prompt appears the first time an app attempts to access your location or Wi-Fi information. Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change. | ## Security @@ -111,15 +111,15 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Web sign-in for Windows**
          [23H2][23H2] | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). | | **Federated sign-in**
          [23H2][23H2] | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). | | **Windows Hello for Business authentication improvement**
          [23H2][23H2] | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). | -| **App Control for Business**
          [24H2] | Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital property from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol).| -| **Local Security Authority (LSA) protection enablement**
          [24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | -| **Rust in the Windows kernel**
          [24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | -| **SHA-3 support**
          [24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms is the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | -| **Windows Local Admin Password Solution (LAPS)**
          [24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| -| **Windows LAPS**
          Automatic account management
          [24H2] | [Windows Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. Admins can configure Windows LAPS to:
            • Automatically create the managed local account
            • Configure name of account
            • Enable or disable the account
            • Randomize the name of the account | -| **Windows LAPS**
          Policy improvements
          [24H2]|   • Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy
            • Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase
            • Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number 0 and the letter O aren't used in the password since the characters can be confused.
            • Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. | -| **Windows LAPS**
          Image rollback detection
          [24H2] | Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). | -| **Windows protected print mode**
          [24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | +| **App Control for Business**
          [24H2][24H2] | Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital property from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol).| +| **Local Security Authority (LSA) protection enablement**
          [24H2][24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. | +| **Rust in the Windows kernel**
          [24H2][24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. | +| **SHA-3 support**
          [24H2][24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms is the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | +| **Windows Local Admin Password Solution (LAPS)**
          [24H2][24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)| +| **Windows LAPS**
          Automatic account management
          [24H2][24H2] | [Windows Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. Admins can configure Windows LAPS to:
            • Automatically create the managed local account
            • Configure name of account
            • Enable or disable the account
            • Randomize the name of the account | +| **Windows LAPS**
          Policy improvements
          [24H2][24H2]|   • Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy
            • Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase
            • Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number 0 and the letter O aren't used in the password since the characters can be confused.
            • Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. | +| **Windows LAPS**
          Image rollback detection
          [24H2][24H2] | Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). | +| **Windows protected print mode**
          [24H2][24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | ## Servicing @@ -130,7 +130,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows Updates and Delivery optimization**
          [21H2][21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:
            • [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)
            • [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)
            • [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)| | **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| | **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | -| **Checkpoint cumulative updates**
          [24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | +| **Checkpoint cumulative updates**
          [24H2][24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). | ## User Experience @@ -151,8 +151,8 @@ The following [deprecated features](/windows/whats-new/deprecated-features) and | Feature | Description | |---------|-------------| -| **WordPad**
          [24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | -| **Alljoyn**
          [24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | +| **WordPad**
          [24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. | +| **Alljoyn**
          [24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. | ## Related links @@ -166,4 +166,4 @@ The following [deprecated features](/windows/whats-new/deprecated-features) and [21H2]: ..\windows-11-overview.md [22H2]: ..\whats-new-windows-11-version-22H2.md [23H2]: ..\whats-new-windows-11-version-23h2.md - \ No newline at end of file +[24H2]: ..\whats-new-windows-11-version-24H2.md From b603ee444a317e3433e8296aa1f128fc23487141 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 08:02:18 -0700 Subject: [PATCH 103/164] edits --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 78d4a20234..41e4240726 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -156,7 +156,7 @@ The following [deprecated features](/windows/whats-new/deprecated-features) and ## Related links -- [Windows Enterprise LTSC](overview.md): A short description of the LTSC servicing channel with links to information about each release. +- [Windows Enterprise LTSC overview](overview.md) - [Windows 11 requirements](/windows/whats-new/windows-11-requirements) - [Plan for Windows 11](/windows/whats-new/windows-11-plan) - [Prepare for Windows 11](/windows/whats-new/windows-11-prepare) From dc933da6b0a3d918c4517fefb75eb04d1f5c2d9e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:23:15 -0700 Subject: [PATCH 104/164] edits --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 41e4240726..b20410d073 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -73,7 +73,7 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements | --- | --- | | **Microsoft Intune**
          [21H2][21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.

          If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. | | **Control Windows Update notifications**
          [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).| -| **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | +| **Organization name in update notifications**
          [22H2][22H2] |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). | | **Start menu layout**
          [22H2][22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). | | **Restricted User Experience**
          [23H2][23H2] | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. | | **Declared configuration protocol**
          [23H2][23H2] | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).| From b635bd0d11faa682f273c56063fe32f1adeddcd4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 10:20:30 -0700 Subject: [PATCH 105/164] edits --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index e45be6bd36..1635abfd9c 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -29,6 +29,8 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ +Devices must be running Windows 11, version 23H2 or 22H2 with the May 2024 nonsecurity preview update, or a later update, installed in order to update to version 24H2. Windows 11, version 24H2 is a full OS swap so it isn't available as an enablement package. Windows 10 devices can be upgraded to to Windows 11, version 24H2 using the same familiar processes, policies, and management solutions you used to originally deploy Windows 10. + Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update]( https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). From 90b2edfea0743143628616711789091d490c34b2 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 11:57:31 -0700 Subject: [PATCH 106/164] SMB edits --- .../whats-new-windows-11-version-24h2.md | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 1635abfd9c..16811bf7b8 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -72,13 +72,20 @@ Some of the features were released within the past year's continuous innovation ### Server Message Block (SMB) protocol changes -#### SMB firewall rule changes +#### SMB signing and encryption -The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. +The following changes were made for SMB signing and encryption: -This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. +- **SMB signing requirement changes**: In Windows 11, version 24H2 on the Home, Pro, Education, and Enterprise editions, [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). + +- **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). + +- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. + +#### SMB alternative client and server ports + +The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Starting in [Windows Server Insider build 26040](https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858), the SMB server now supports listening on an alternative network port for SMB over QUIC. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). -For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). #### SMB NTLM blocking exception list @@ -92,10 +99,6 @@ The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-se For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368). -#### SMB alternative client and server ports - -The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). - #### SMB over QUIC @@ -109,17 +112,13 @@ Administrators now have more options for SMB over QUIC such as: For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). +#### SMB firewall rule changes -#### SMB signing and encryption +The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. -The following changes were made for SMB signing and encryption: - -- **SMB signing requirement changes**: In Windows 11, version 24H2 on the Pro, Education, and Enterprise editions, [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). - -- **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). - -- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. +This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. +For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). ### Local Security Authority (LSA) protection enablement on upgrade From 3b4441e1ced4f5d34beeba046fe86c6d91153921 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 14:30:50 -0700 Subject: [PATCH 107/164] smb adds --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index b20410d073..ce098519c6 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -120,7 +120,15 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows LAPS**
          Policy improvements
          [24H2][24H2]|   • Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy
            • Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase
            • Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number 0 and the letter O aren't used in the password since the characters can be confused.
            • Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. | | **Windows LAPS**
          Image rollback detection
          [24H2][24H2] | Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). | | **Windows protected print mode**
          [24H2][24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | - +| **Windows protected print mode**
          [24H2][24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | +| **SMB signing requirement changes**
          [24H2][24H2] | [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). | +| **SMB client encryption**
          [24H2][24H2] | SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). | +| **SMB signing and encryption auditing**
          [24H2][24H2] | Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. | +| **SMB alternative client and server ports**
          [24H2][24H2] | The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Starting in [Windows Server Insider build 26040](https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858), the SMB server now supports listening on an alternative network port for SMB over QUIC. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). | +| **SMB NTLM blocking exception list**
          [24H2][24H2] |The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and can't brute force, crack, or pass hashes. This change adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). | +| **SMB dialect management**
          [24H2][24H2] | The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368).| +| **SMB over QUIC client access control**
          [24H2][24H2] | [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic), which introduced an alternative to TCP and RDMA, supplies secure connectivity to edge file servers over untrusted networks like the Internet. QUIC has significant advantages, the largest being mandatory certificate-based encryption instead of relying on passwords. SMB over QUIC [client access control](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) improves the existing SMB over QUIC feature. Administrators now have more options for SMB over QUIC such as:
            • [Specifying which clients](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#grant-individual-clients) can access SMB over QUIC servers. This gives organizations more protection but doesn't change the Windows authentication used to make the SMB connection or the end user experience.
            • [Disabling SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell
            • [Auditing client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) for SMB over QUIC

          For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). | +| **SMB firewall rule changes** [24H2][24H2] | The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139.

          This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic)| ## Servicing From 4bf78dcacb4b1f0e96889e1860a66aa0c843a9c7 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 14:32:44 -0700 Subject: [PATCH 108/164] smb adds --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index ce098519c6..d33e7e342a 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -128,7 +128,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **SMB NTLM blocking exception list**
          [24H2][24H2] |The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and can't brute force, crack, or pass hashes. This change adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). | | **SMB dialect management**
          [24H2][24H2] | The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368).| | **SMB over QUIC client access control**
          [24H2][24H2] | [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic), which introduced an alternative to TCP and RDMA, supplies secure connectivity to edge file servers over untrusted networks like the Internet. QUIC has significant advantages, the largest being mandatory certificate-based encryption instead of relying on passwords. SMB over QUIC [client access control](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) improves the existing SMB over QUIC feature. Administrators now have more options for SMB over QUIC such as:
            • [Specifying which clients](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#grant-individual-clients) can access SMB over QUIC servers. This gives organizations more protection but doesn't change the Windows authentication used to make the SMB connection or the end user experience.
            • [Disabling SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell
            • [Auditing client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) for SMB over QUIC

          For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). | -| **SMB firewall rule changes** [24H2][24H2] | The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139.

          This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic)| +| **SMB firewall rule changes** [24H2][24H2] | The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139.

          This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). | ## Servicing From 80c759fedd867d0e367a8d9d6e6ebcf46679f32a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 14:37:23 -0700 Subject: [PATCH 109/164] formatting --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index d33e7e342a..3295fe09cb 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -128,7 +128,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **SMB NTLM blocking exception list**
          [24H2][24H2] |The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and can't brute force, crack, or pass hashes. This change adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). | | **SMB dialect management**
          [24H2][24H2] | The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368).| | **SMB over QUIC client access control**
          [24H2][24H2] | [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic), which introduced an alternative to TCP and RDMA, supplies secure connectivity to edge file servers over untrusted networks like the Internet. QUIC has significant advantages, the largest being mandatory certificate-based encryption instead of relying on passwords. SMB over QUIC [client access control](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) improves the existing SMB over QUIC feature. Administrators now have more options for SMB over QUIC such as:
            • [Specifying which clients](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#grant-individual-clients) can access SMB over QUIC servers. This gives organizations more protection but doesn't change the Windows authentication used to make the SMB connection or the end user experience.
            • [Disabling SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell
            • [Auditing client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) for SMB over QUIC

          For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). | -| **SMB firewall rule changes** [24H2][24H2] | The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139.

          This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). | +| **SMB firewall rule changes**
          [24H2][24H2] | The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139.

          This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). | ## Servicing From d58a32e3aaad4577bea1aa83b311ec0312b94f03 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:12:46 -0700 Subject: [PATCH 110/164] edit removed and dep --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 3295fe09cb..c43882268c 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -155,7 +155,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur ## Features Removed -The following [deprecated features](/windows/whats-new/deprecated-features) and [removed features](/windows/whats-new/removed-features) are removed in Windows 11 Enterprise LTSC 2024: +Each version of Windows client adds new features and functionality. Occasionally, [features and functionality are removed](/windows/whats-new/removed-features), often because a newer option was added. For a list of features no longer in active development that might be removed in a future release, see [deprecated features](/windows/whats-new/deprecated-features). The following features are removed in Windows 11 Enterprise LTSC 2024: | Feature | Description | |---------|-------------| From 28be109a18e84e7d1706aafae3993fde1265dee3 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Fri, 27 Sep 2024 09:17:08 -0600 Subject: [PATCH 111/164] Fix blocking issues --- .../deployment/disable-appcontrol-policies.md | 20 +------------------ .../appcontrol-wizard-editing-policy.md | 13 +++++------- .../design/appcontrol-wizard.md | 2 +- 3 files changed, 7 insertions(+), 28 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md index f1e65d8fff..c2434abfb4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md @@ -52,24 +52,6 @@ Then restart the computer. You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to remove App Control policies from client machines using the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp). - - Consult your MDM solution provider for specific information on using the ApplicationControl CSP. Then restart the computer. @@ -141,7 +123,7 @@ mountvol $MountPoint /D ## Remove App Control policies causing boot stop failures -an App Control policy that blocks boot critical drivers can cause a boot stop failure (BSOD) to occur, though this can be mitigated by setting option **10 Enabled:Boot Audit On Failure** in your policies. Additionally, signed App Control policies protect the policy from administrative manipulation and malware that has gained administrative-level access to the system. For this reason, signed App Control policies are intentionally more difficult to remove than unsigned policies even for administrators. Tampering with or removing a signed App Control policy will cause a BSOD to occur. +An App Control policy that blocks boot critical drivers can cause a boot stop failure (BSOD) to occur, though this can be mitigated by setting option **10 Enabled:Boot Audit On Failure** in your policies. Additionally, signed App Control policies protect the policy from administrative manipulation and malware that has gained administrative-level access to the system. For this reason, signed App Control policies are intentionally more difficult to remove than unsigned policies even for administrators. Tampering with or removing a signed App Control policy will cause a BSOD to occur. To remove a policy that is causing boot stop failures: diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 0143718e13..4b1861ef21 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -11,11 +11,10 @@ ms.date: 09/11/2024 [!INCLUDE [Feature availability note](../includes/feature-availability-note.md)] The App Control for Business Wizard makes editing and viewing App Control policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: - + +- Configuring policy rules +- Adding new allow or block file rules to existing policies +- Removing allow or block file rules on existing policies ## Configuring Policy Rules @@ -48,11 +47,9 @@ The App Control Wizard makes deleting file rules from an existing policy quick a ``` -[comment]: <> (## Editing File Rules Coming soon!) - ### Policy Creation -Once the policy is created, the new policy will be written to the same path as the in-edit policy. The new policy file name will have the policy version appended to the end of the file name. For instance, if the in-edit policy is saved at MyDocuments\BasePolicy.xml, after edit, the new policy will be saved at MyDocuments\BasePolicy_v10.0.0.1.xml. +Once the policy is created, the new policy will be written to the same path as the in-edit policy. The new policy file name will have the policy version appended to the end of the file name. For instance, if the in-edit policy is saved at `MyDocuments\BasePolicy.xml`, after edit, the new policy will be saved at `MyDocuments\BasePolicy_v10.0.0.1.xml`. ## Up next diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md index 823095e953..5fab393481 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md @@ -14,7 +14,7 @@ The App Control for Business policy wizard is an open-source Windows desktop app ## Downloading the application -Download the tool from the official [App Control for Business Policy Wizard website](https://webapp-wdac-wizard.azurewebsites.net/) as an MSIX packaged application. The tool's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [App Control for Business Policy Wizard repository](https://github.com/MicrosoftDocs/App Control-Toolkit). +Download the tool from the official [App Control for Business Policy Wizard website](https://webapp-wdac-wizard.azurewebsites.net/) as an MSIX packaged application. The tool's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [App Control for Business Policy Wizard repository](https://github.com/MicrosoftDocs/WDAC-Toolkit). ### Supported clients From 153d6770a4d3bfdbd1621ad9e97d36b12e9b0b84 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Fri, 27 Sep 2024 09:25:37 -0600 Subject: [PATCH 112/164] Acro-fix --- .../design/appcontrol-wizard-editing-policy.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 4b1861ef21..8818dc5ae7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -18,7 +18,7 @@ The App Control for Business Wizard makes editing and viewing App Control polici ## Configuring Policy Rules -The `Policy Rules` page will load with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button will reveal the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state. For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules). +The `Policy Rules` page loads with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button reveals the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state. For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules). ![Configuring the policy rules.](../images/appcontrol-wizard-edit-policy-rules.png) @@ -28,11 +28,11 @@ A description of the policy rule is shown at the bottom of the page when the cur The App Control for Business Wizard allows users to add rules to their existing policy seamlessly. Previously, this rule-adding task would have involved creating a new policy with the new rules and merging it with the existing policy. -Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](appcontrol-wizard-create-base-policy.md#creating-custom-file-rules). +Selecting the `+ Custom Rules` button opens the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](appcontrol-wizard-create-base-policy.md#creating-custom-file-rules). ## Removing File Rules -The App Control Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule will highlight the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard will prompt for user confirmation before removing the file rule. Once removed, the rule will no longer appear in the policy or the table. +The App Control Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule highlights the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard prompts for user confirmation before removing the file rule. Once removed, the rule no longer appears in the policy or the table. :::image type="content" alt-text="Removing file rule from policy during edit." source="../images/appcontrol-wizard-edit-remove-file-rule.png"::: @@ -49,7 +49,7 @@ The App Control Wizard makes deleting file rules from an existing policy quick a ### Policy Creation -Once the policy is created, the new policy will be written to the same path as the in-edit policy. The new policy file name will have the policy version appended to the end of the file name. For instance, if the in-edit policy is saved at `MyDocuments\BasePolicy.xml`, after edit, the new policy will be saved at `MyDocuments\BasePolicy_v10.0.0.1.xml`. +Once the policy is created, the new policy is written to the same path as the in-edit policy. The new policy file name has the policy version appended to the end of the file name. For instance, if the in-edit policy is saved at `MyDocuments\BasePolicy.xml`, after edit, the new policy will be saved at `MyDocuments\BasePolicy_v10.0.0.1.xml`. ## Up next From 8d6c5dd44e56d930b27925aafee3c6cdfe09ffda Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:30:10 -0600 Subject: [PATCH 113/164] 24H2 CSP Updates --- .../mdm/clouddesktop-ddf-file.md | 6 +- windows/client-management/mdm/defender-csp.md | 6 +- windows/client-management/mdm/defender-ddf.md | 6 +- windows/client-management/mdm/firewall-csp.md | 4 +- windows/client-management/mdm/laps-csp.md | 16 +- .../client-management/mdm/laps-ddf-file.md | 14 +- .../mdm/personalization-ddf.md | 4 +- .../mdm/policies-in-preview.md | 169 +------ .../policy-configuration-service-provider.md | 3 +- .../mdm/policy-csp-admx-appxpackagemanager.md | 8 +- .../mdm/policy-csp-admx-appxruntime.md | 24 +- .../policy-csp-admx-controlpaneldisplay.md | 4 +- .../mdm/policy-csp-admx-deviceguard.md | 6 +- .../mdm/policy-csp-admx-dnsclient.md | 96 ++-- .../mdm/policy-csp-admx-filesys.md | 4 +- ...icy-csp-admx-microsoftdefenderantivirus.md | 30 +- .../mdm/policy-csp-admx-netlogon.md | 4 +- .../mdm/policy-csp-admx-printing.md | 4 +- .../mdm/policy-csp-admx-startmenu.md | 4 +- .../mdm/policy-csp-admx-taskbar.md | 12 +- .../mdm/policy-csp-admx-terminalserver.md | 4 +- .../mdm/policy-csp-admx-thumbnails.md | 11 +- .../mdm/policy-csp-admx-windowsexplorer.md | 18 +- .../mdm/policy-csp-admx-wpn.md | 4 +- .../mdm/policy-csp-appdeviceinventory.md | 100 ++++- .../mdm/policy-csp-applicationmanagement.md | 10 +- .../mdm/policy-csp-appruntime.md | 6 +- .../mdm/policy-csp-appvirtualization.md | 5 +- .../mdm/policy-csp-cryptography.md | 16 +- .../mdm/policy-csp-defender.md | 4 +- .../mdm/policy-csp-desktopappinstaller.md | 74 +++- .../mdm/policy-csp-devicelock.md | 22 +- .../mdm/policy-csp-experience.md | 19 +- .../mdm/policy-csp-fileexplorer.md | 4 +- .../mdm/policy-csp-humanpresence.md | 12 +- .../mdm/policy-csp-internetexplorer.md | 25 +- .../mdm/policy-csp-lanmanworkstation.md | 4 +- ...policy-csp-localpoliciessecurityoptions.md | 66 +-- .../client-management/mdm/policy-csp-lsa.md | 6 +- .../mdm/policy-csp-mssecurityguide.md | 6 +- .../mdm/policy-csp-networklistmanager.md | 16 +- .../mdm/policy-csp-notifications.md | 6 +- .../mdm/policy-csp-printers.md | 34 +- .../mdm/policy-csp-privacy.md | 203 +-------- .../mdm/policy-csp-remotedesktopservices.md | 98 ++++- .../mdm/policy-csp-search.md | 14 +- .../mdm/policy-csp-settingssync.md | 8 +- .../mdm/policy-csp-smartscreen.md | 57 +-- .../mdm/policy-csp-speakforme.md | 79 ++++ .../client-management/mdm/policy-csp-sudo.md | 27 +- .../mdm/policy-csp-system.md | 20 +- .../mdm/policy-csp-systemservices.md | 36 +- .../mdm/policy-csp-tenantrestrictions.md | 6 +- .../mdm/policy-csp-update.md | 413 ++++++++---------- .../mdm/policy-csp-userrights.md | 28 +- .../mdm/policy-csp-webthreatdefense.md | 6 +- .../mdm/policy-csp-windowsai.md | 73 +++- .../mdm/policy-csp-windowslogon.md | 10 +- .../mdm/policy-csp-windowssandbox.md | 52 ++- windows/client-management/mdm/toc.yml | 16 +- 60 files changed, 1001 insertions(+), 1041 deletions(-) create mode 100644 windows/client-management/mdm/policy-csp-speakforme.md diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md index 07c68d9f04..1cf28badea 100644 --- a/windows/client-management/mdm/clouddesktop-ddf-file.md +++ b/windows/client-management/mdm/clouddesktop-ddf-file.md @@ -1,7 +1,7 @@ --- title: CloudDesktop DDF file description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the C 99.9.99999 2.0 - 0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF; + 0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD; @@ -139,7 +139,7 @@ The following XML file contains the device description framework (DDF) for the C 10.0.22621.3374 1.0 - 0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF; + 0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD; diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 198570987e..9841e9f442 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -1,7 +1,7 @@ --- title: Defender CSP description: Learn more about the Defender CSP. -ms.date: 06/21/2024 +ms.date: 09/27/2024 --- @@ -1289,7 +1289,7 @@ Define data duplication remote location for Device Control. When configuring thi -Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled. +Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 30 days when enabled. @@ -1304,7 +1304,7 @@ Configure how many days can pass before an aggressive quick scan is triggered. T | Format | `int` | | Access Type | Add, Delete, Get, Replace | | Allowed Values | Range: `[7-60]` | -| Default Value | 25 | +| Default Value | 30 | diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index f286ba947c..2055d5bdf0 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -1,7 +1,7 @@ --- title: Defender DDF file description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider. -ms.date: 06/28/2024 +ms.date: 09/27/2024 --- @@ -2373,8 +2373,8 @@ The following XML file contains the device description framework (DDF) for the D - 25 - Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled. + 30 + Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 30 days when enabled. diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index e269946643..4d6dc724a9 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -1,7 +1,7 @@ --- title: Firewall CSP description: Learn more about the Firewall CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -2221,7 +2221,7 @@ Specifies the friendly name of the firewall rule. -Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule. +Specifies one App Control tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule. diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 0e5e7d5b2d..76508deef5 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -1,7 +1,7 @@ --- title: LAPS CSP description: Learn more about the LAPS CSP. -ms.date: 06/21/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 06/21/2024 # LAPS CSP -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings). @@ -432,7 +430,7 @@ If the specified user or group account is invalid the device will fallback to us | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -488,7 +486,7 @@ If not specified, this setting defaults to False. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -543,7 +541,7 @@ If not specified, this setting defaults to False. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -587,7 +585,7 @@ If not specified, this setting will default to "WLapsAdmin". | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -643,7 +641,7 @@ If not specified, this setting defaults to False. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -759,7 +757,7 @@ If not specified, this setting will default to 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md index 5d06e470a6..d32a646434 100644 --- a/windows/client-management/mdm/laps-ddf-file.md +++ b/windows/client-management/mdm/laps-ddf-file.md @@ -1,7 +1,7 @@ --- title: LAPS DDF file description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider. -ms.date: 06/28/2024 +ms.date: 09/27/2024 --- @@ -327,7 +327,7 @@ This setting has a maximum allowed value of 10 words. - 99.9.9999 + 10.0.26100 1.1 @@ -690,7 +690,7 @@ If not specified, this setting defaults to False. - 99.9.9999 + 10.0.26100 1.1 @@ -736,7 +736,7 @@ If not specified, this setting will default to 1. - 99.9.9999 + 10.0.26100 1.1 @@ -791,7 +791,7 @@ If not specified, this setting will default to "WLapsAdmin". - 99.9.9999 + 10.0.26100 1.1 @@ -839,7 +839,7 @@ If not specified, this setting defaults to False. - 99.9.9999 + 10.0.26100 1.1 @@ -897,7 +897,7 @@ If not specified, this setting defaults to False. - 99.9.9999 + 10.0.26100 1.1 diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index 052f60bfcd..6cf4a75b50 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -1,7 +1,7 @@ --- title: Personalization DDF file description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P 10.0.16299 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2; diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md index 0ad7b632c3..2c62565783 100644 --- a/windows/client-management/mdm/policies-in-preview.md +++ b/windows/client-management/mdm/policies-in-preview.md @@ -1,7 +1,7 @@ --- title: Configuration service provider preview policies description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview. -ms.date: 09/11/2024 +ms.date: 09/27/2024 --- @@ -17,6 +17,7 @@ This article lists the policies that are applicable for Windows Insider Preview - [TurnOffInstallTracing](policy-csp-appdeviceinventory.md#turnoffinstalltracing) - [TurnOffAPISamping](policy-csp-appdeviceinventory.md#turnoffapisamping) - [TurnOffApplicationFootprint](policy-csp-appdeviceinventory.md#turnoffapplicationfootprint) +- [TurnOffWin32AppBackup](policy-csp-appdeviceinventory.md#turnoffwin32appbackup) ## ClientCertificateInstall CSP @@ -28,15 +29,6 @@ This article lists the policies that are applicable for Windows Insider Preview - [EnablePhysicalDeviceAccessOnErrorScreens](clouddesktop-csp.md#userenablephysicaldeviceaccessonerrorscreens) - [EnableBootToCloudSharedPCMode](clouddesktop-csp.md#deviceenableboottocloudsharedpcmode) -## Cryptography - -- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md#configureellipticcurvecryptography) -- [ConfigureSystemCryptographyForceStrongKeyProtection](policy-csp-cryptography.md#configuresystemcryptographyforcestrongkeyprotection) -- [OverrideMinimumEnabledTLSVersionClient](policy-csp-cryptography.md#overrideminimumenabledtlsversionclient) -- [OverrideMinimumEnabledTLSVersionServer](policy-csp-cryptography.md#overrideminimumenabledtlsversionserver) -- [OverrideMinimumEnabledDTLSVersionClient](policy-csp-cryptography.md#overrideminimumenableddtlsversionclient) -- [OverrideMinimumEnabledDTLSVersionServer](policy-csp-cryptography.md#overrideminimumenableddtlsversionserver) - ## DeclaredConfiguration CSP - [Document](declaredconfiguration-csp.md#hostcompletedocumentsdociddocument) @@ -47,23 +39,6 @@ This article lists the policies that are applicable for Windows Insider Preview - [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn) - [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords) -## DesktopAppInstaller - -- [EnableWindowsPackageManagerCommandLineInterfaces](policy-csp-desktopappinstaller.md#enablewindowspackagemanagercommandlineinterfaces) -- [EnableWindowsPackageManagerConfiguration](policy-csp-desktopappinstaller.md#enablewindowspackagemanagerconfiguration) - -## DeviceLock - -- [MaximumPasswordAge](policy-csp-devicelock.md#maximumpasswordage) -- [ClearTextPassword](policy-csp-devicelock.md#cleartextpassword) -- [PasswordComplexity](policy-csp-devicelock.md#passwordcomplexity) -- [PasswordHistorySize](policy-csp-devicelock.md#passwordhistorysize) -- [AccountLockoutPolicy](policy-csp-devicelock.md#accountlockoutpolicy) -- [AllowAdministratorLockout](policy-csp-devicelock.md#allowadministratorlockout) -- [MinimumPasswordLength](policy-csp-devicelock.md#minimumpasswordlength) -- [MinimumPasswordLengthAudit](policy-csp-devicelock.md#minimumpasswordlengthaudit) -- [RelaxMinimumPasswordLengthLimits](policy-csp-devicelock.md#relaxminimumpasswordlengthlimits) - ## DevicePreparation CSP - [PageEnabled](devicepreparation-csp.md#pageenabled) @@ -84,12 +59,6 @@ This article lists the policies that are applicable for Windows Insider Preview - [Cadence](dmclient-csp.md#deviceproviderprovideridconfigrefreshcadence) - [PausePeriod](dmclient-csp.md#deviceproviderprovideridconfigrefreshpauseperiod) -## Experience - -- [AllowScreenRecorder](policy-csp-experience.md#allowscreenrecorder) -- [EnableOrganizationalMessages](policy-csp-experience.md#enableorganizationalmessages) -- [DisableTextTranslation](policy-csp-experience.md#disabletexttranslation) - ## FileSystem - [EnableDevDrive](policy-csp-filesystem.md#enabledevdrive) @@ -99,13 +68,6 @@ This article lists the policies that are applicable for Windows Insider Preview - [AttestErrorMessage](healthattestation-csp.md#attesterrormessage) -## HumanPresence - -- [ForceDisableWakeWhenBatterySaverOn](policy-csp-humanpresence.md#forcedisablewakewhenbatterysaveron) -- [ForceAllowWakeWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowwakewhenexternaldisplayconnected) -- [ForceAllowLockWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowlockwhenexternaldisplayconnected) -- [ForceAllowDimWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowdimwhenexternaldisplayconnected) - ## InternetExplorer - [AllowLegacyURLFields](policy-csp-internetexplorer.md#allowlegacyurlfields) @@ -121,49 +83,8 @@ This article lists the policies that are applicable for Windows Insider Preview - [StartInstallation](language-pack-management-csp.md#installlanguage-idstartinstallation) - [SystemPreferredUILanguages](language-pack-management-csp.md#languagesettingssystempreferreduilanguages) -## LAPS CSP - -- [PassphraseLength](laps-csp.md#policiespassphraselength) -- [AutomaticAccountManagementEnabled](laps-csp.md#policiesautomaticaccountmanagementenabled) -- [AutomaticAccountManagementTarget](laps-csp.md#policiesautomaticaccountmanagementtarget) -- [AutomaticAccountManagementNameOrPrefix](laps-csp.md#policiesautomaticaccountmanagementnameorprefix) -- [AutomaticAccountManagementEnableAccount](laps-csp.md#policiesautomaticaccountmanagementenableaccount) -- [AutomaticAccountManagementRandomizeName](laps-csp.md#policiesautomaticaccountmanagementrandomizename) - ## LocalPoliciesSecurityOptions -- [Audit_AuditTheUseOfBackupAndRestoreprivilege](policy-csp-localpoliciessecurityoptions.md#audit_audittheuseofbackupandrestoreprivilege) -- [Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings](policy-csp-localpoliciessecurityoptions.md#audit_forceauditpolicysubcategorysettingstooverrideauditpolicycategorysettings) -- [Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits](policy-csp-localpoliciessecurityoptions.md#audit_shutdownsystemimmediatelyifunabletologsecurityaudits) -- [Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly](policy-csp-localpoliciessecurityoptions.md#devices_restrictfloppyaccesstolocallyloggedonuseronly) -- [DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptorsignsecurechanneldataalways) -- [DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptsecurechanneldatawhenpossible) -- [DomainMember_DigitallySignSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallysignsecurechanneldatawhenpossible) -- [DomainMember_DisableMachineAccountPasswordChanges](policy-csp-localpoliciessecurityoptions.md#domainmember_disablemachineaccountpasswordchanges) -- [DomainMember_MaximumMachineAccountPasswordAge](policy-csp-localpoliciessecurityoptions.md#domainmember_maximummachineaccountpasswordage) -- [DomainMember_RequireStrongSessionKey](policy-csp-localpoliciessecurityoptions.md#domainmember_requirestrongsessionkey) -- [InteractiveLogon_MachineAccountLockoutThreshold](policy-csp-localpoliciessecurityoptions.md#interactivelogon_machineaccountlockoutthreshold) -- [InteractiveLogon_NumberOfPreviousLogonsToCache](policy-csp-localpoliciessecurityoptions.md#interactivelogon_numberofpreviouslogonstocache) -- [InteractiveLogon_PromptUserToChangePasswordBeforeExpiration](policy-csp-localpoliciessecurityoptions.md#interactivelogon_promptusertochangepasswordbeforeexpiration) -- [MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_amountofidletimerequiredbeforesuspendingsession) -- [MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_disconnectclientswhenlogonhoursexpire) -- [MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_serverspntargetnamevalidationlevel) -- [NetworkAccess_AllowAnonymousSIDOrNameTranslation](policy-csp-localpoliciessecurityoptions.md#networkaccess_allowanonymoussidornametranslation) -- [NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication](policy-csp-localpoliciessecurityoptions.md#networkaccess_donotallowstorageofpasswordsandcredentialsfornetworkauthentication) -- [NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers](policy-csp-localpoliciessecurityoptions.md#networkaccess_leteveryonepermissionsapplytoanonymoususers) -- [NetworkAccess_NamedPipesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_namedpipesthatcanbeaccessedanonymously) -- [NetworkAccess_RemotelyAccessibleRegistryPaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypaths) -- [NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypathsandsubpaths) -- [NetworkAccess_SharesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharesthatcanbeaccessedanonymously) -- [NetworkAccess_SharingAndSecurityModelForLocalAccounts](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharingandsecuritymodelforlocalaccounts) -- [NetworkSecurity_AllowLocalSystemNULLSessionFallback](policy-csp-localpoliciessecurityoptions.md#networksecurity_allowlocalsystemnullsessionfallback) -- [NetworkSecurity_ForceLogoffWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#networksecurity_forcelogoffwhenlogonhoursexpire) -- [NetworkSecurity_LDAPClientSigningRequirements](policy-csp-localpoliciessecurityoptions.md#networksecurity_ldapclientsigningrequirements) -- [RecoveryConsole_AllowAutomaticAdministrativeLogon](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowautomaticadministrativelogon) -- [RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowfloppycopyandaccesstoalldrivesandallfolders) -- [SystemCryptography_ForceStrongKeyProtection](policy-csp-localpoliciessecurityoptions.md#systemcryptography_forcestrongkeyprotection) -- [SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems](policy-csp-localpoliciessecurityoptions.md#systemobjects_requirecaseinsensitivityfornonwindowssubsystems) -- [SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects](policy-csp-localpoliciessecurityoptions.md#systemobjects_strengthendefaultpermissionsofinternalsystemobjects) - [UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_behavioroftheelevationpromptforadministratorprotection) - [UserAccountControl_TypeOfAdminApprovalMode](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_typeofadminapprovalmode) @@ -174,23 +95,6 @@ This article lists the policies that are applicable for Windows Insider Preview - [ConfigureDeviceStandbyAction](policy-csp-mixedreality.md#configuredevicestandbyaction) - [ConfigureDeviceStandbyActionTimeout](policy-csp-mixedreality.md#configuredevicestandbyactiontimeout) -## MSSecurityGuide - -- [NetBTNodeTypeConfiguration](policy-csp-mssecurityguide.md#netbtnodetypeconfiguration) - -## NetworkListManager - -- [AllNetworks_NetworkIcon](policy-csp-networklistmanager.md#allnetworks_networkicon) -- [AllNetworks_NetworkLocation](policy-csp-networklistmanager.md#allnetworks_networklocation) -- [AllNetworks_NetworkName](policy-csp-networklistmanager.md#allnetworks_networkname) -- [IdentifyingNetworks_LocationType](policy-csp-networklistmanager.md#identifyingnetworks_locationtype) -- [UnidentifiedNetworks_LocationType](policy-csp-networklistmanager.md#unidentifiednetworks_locationtype) -- [UnidentifiedNetworks_UserPermissions](policy-csp-networklistmanager.md#unidentifiednetworks_userpermissions) - -## Notifications - -- [DisableAccountNotifications](policy-csp-notifications.md#disableaccountnotifications) - ## PassportForWork CSP - [EnableWindowsHelloProvisioningForSecurityKeys](passportforwork-csp.md#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys) @@ -202,77 +106,15 @@ This article lists the policies that are applicable for Windows Insider Preview ## RemoteDesktopServices -- [LimitServerToClientClipboardRedirection](policy-csp-remotedesktopservices.md#limitservertoclientclipboardredirection) -- [LimitClientToServerClipboardRedirection](policy-csp-remotedesktopservices.md#limitclienttoserverclipboardredirection) -- [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md#disconnectonlocklegacyauthn) -- [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md#disconnectonlockmicrosoftidentityauthn) - [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md#ts_server_remoteapp_use_shellappruntime) -## Search - -- [ConfigureSearchOnTaskbarMode](policy-csp-search.md#configuresearchontaskbarmode) - -## SettingsSync - -- [DisableAccessibilitySettingSync](policy-csp-settingssync.md#disableaccessibilitysettingsync) -- [DisableLanguageSettingSync](policy-csp-settingssync.md#disablelanguagesettingsync) - -## Sudo - -- [EnableSudo](policy-csp-sudo.md#enablesudo) - ## SurfaceHub CSP - [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled) -## System - -- [HideUnsupportedHardwareNotifications](policy-csp-system.md#hideunsupportedhardwarenotifications) - -## SystemServices - -- [ConfigureComputerBrowserServiceStartupMode](policy-csp-systemservices.md#configurecomputerbrowserservicestartupmode) -- [ConfigureIISAdminServiceStartupMode](policy-csp-systemservices.md#configureiisadminservicestartupmode) -- [ConfigureInfraredMonitorServiceStartupMode](policy-csp-systemservices.md#configureinfraredmonitorservicestartupmode) -- [ConfigureInternetConnectionSharingServiceStartupMode](policy-csp-systemservices.md#configureinternetconnectionsharingservicestartupmode) -- [ConfigureLxssManagerServiceStartupMode](policy-csp-systemservices.md#configurelxssmanagerservicestartupmode) -- [ConfigureMicrosoftFTPServiceStartupMode](policy-csp-systemservices.md#configuremicrosoftftpservicestartupmode) -- [ConfigureRemoteProcedureCallLocatorServiceStartupMode](policy-csp-systemservices.md#configureremoteprocedurecalllocatorservicestartupmode) -- [ConfigureRoutingAndRemoteAccessServiceStartupMode](policy-csp-systemservices.md#configureroutingandremoteaccessservicestartupmode) -- [ConfigureSimpleTCPIPServicesStartupMode](policy-csp-systemservices.md#configuresimpletcpipservicesstartupmode) -- [ConfigureSpecialAdministrationConsoleHelperServiceStartupMode](policy-csp-systemservices.md#configurespecialadministrationconsolehelperservicestartupmode) -- [ConfigureSSDPDiscoveryServiceStartupMode](policy-csp-systemservices.md#configuressdpdiscoveryservicestartupmode) -- [ConfigureUPnPDeviceHostServiceStartupMode](policy-csp-systemservices.md#configureupnpdevicehostservicestartupmode) -- [ConfigureWebManagementServiceStartupMode](policy-csp-systemservices.md#configurewebmanagementservicestartupmode) -- [ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode](policy-csp-systemservices.md#configurewindowsmediaplayernetworksharingservicestartupmode) -- [ConfigureWindowsMobileHotspotServiceStartupMode](policy-csp-systemservices.md#configurewindowsmobilehotspotservicestartupmode) -- [ConfigureWorldWideWebPublishingServiceStartupMode](policy-csp-systemservices.md#configureworldwidewebpublishingservicestartupmode) - ## Update - [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol) -- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md#configuredeadlinenoautorebootforfeatureupdates) -- [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md#configuredeadlinenoautorebootforqualityupdates) -- [AlwaysAutoRebootAtScheduledTimeMinutes](policy-csp-update.md#alwaysautorebootatscheduledtimeminutes) - -## UserRights - -- [BypassTraverseChecking](policy-csp-userrights.md#bypasstraversechecking) -- [ReplaceProcessLevelToken](policy-csp-userrights.md#replaceprocessleveltoken) -- [ChangeTimeZone](policy-csp-userrights.md#changetimezone) -- [ShutDownTheSystem](policy-csp-userrights.md#shutdownthesystem) -- [LogOnAsBatchJob](policy-csp-userrights.md#logonasbatchjob) -- [ProfileSystemPerformance](policy-csp-userrights.md#profilesystemperformance) -- [DenyLogOnAsBatchJob](policy-csp-userrights.md#denylogonasbatchjob) -- [LogOnAsService](policy-csp-userrights.md#logonasservice) -- [IncreaseProcessWorkingSet](policy-csp-userrights.md#increaseprocessworkingset) -- [DenyLogOnAsService](policy-csp-userrights.md#denylogonasservice) -- [AdjustMemoryQuotasForProcess](policy-csp-userrights.md#adjustmemoryquotasforprocess) -- [AllowLogOnThroughRemoteDesktop](policy-csp-userrights.md#allowlogonthroughremotedesktop) - -## WebThreatDefense - -- [AutomaticDataCollection](policy-csp-webthreatdefense.md#automaticdatacollection) ## Wifi @@ -281,7 +123,7 @@ This article lists the policies that are applicable for Windows Insider Preview ## WindowsAI -- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis) +- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey) - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator) - [DisableCocreator](policy-csp-windowsai.md#disablecocreator) @@ -294,11 +136,6 @@ This article lists the policies that are applicable for Windows Insider Preview - [DisableSubscription](windowslicensing-csp.md#subscriptionsdisablesubscription) - [RemoveSubscription](windowslicensing-csp.md#subscriptionsremovesubscription) -## WindowsSandbox - -- [AllowMappedFolders](policy-csp-windowssandbox.md#allowmappedfolders) -- [AllowWriteToMappedFolders](policy-csp-windowssandbox.md#allowwritetomappedfolders) - ## Related articles [Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 0fa200d984..1823ce5450 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1,7 +1,7 @@ --- title: Policy CSP description: Learn more about the Policy CSP. -ms.date: 08/07/2024 +ms.date: 09/27/2024 --- @@ -1152,6 +1152,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f - [Settings](policy-csp-settings.md) - [SettingsSync](policy-csp-settingssync.md) - [SmartScreen](policy-csp-smartscreen.md) +- [SpeakForMe](policy-csp-speakforme.md) - [Speech](policy-csp-speech.md) - [Start](policy-csp-start.md) - [Stickers](policy-csp-stickers.md) diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md index 0cdd78d66b..3f48213786 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md +++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md @@ -1,7 +1,7 @@ --- title: ADMX_AppxPackageManager Policy CSP description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -32,7 +32,7 @@ ms.date: 08/06/2024 -This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off: +This policy setting allows you to manage the deployment of packaged Microsoft Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off: Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies. @@ -42,9 +42,9 @@ Temporary user profiles, which are created when an error prevents the correct pr User profiles for the Guest account and members of the Guests group. -- If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Store apps when using a special profile. +- If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of packaged Microsoft Store apps when using a special profile. -- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile. +- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of packaged Microsoft Store apps when using a special profile. diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md index 540235107e..1cc79f97a0 100644 --- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md +++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md @@ -1,7 +1,7 @@ --- title: ADMX_AppXRuntime Policy CSP description: Learn more about the ADMX_AppXRuntime Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -32,11 +32,11 @@ ms.date: 08/06/2024 -This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer. +This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer. -- If you enable this policy setting, you can define additional Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use. +- If you enable this policy setting, you can define additional Content URI Rules that all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer can use. -- If you disable or don't set this policy setting, Windows Store apps will only use the static Content URI Rules. +- If you disable or don't set this policy setting, packaged Microsoft Store apps will only use the static Content URI Rules. @@ -60,7 +60,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static | Name | Value | |:--|:--| | Name | AppxRuntimeApplicationContentUriRules | -| Friendly Name | Turn on dynamic Content URI Rules for Windows store apps | +| Friendly Name | Turn on dynamic Content URI Rules for packaged Microsoft Store apps | | Location | Computer Configuration | | Path | Windows Components > App runtime | | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Packages\Applications | @@ -95,11 +95,11 @@ This policy setting lets you turn on Content URI Rules to supplement the static -This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type. +This policy setting lets you control whether packaged Microsoft Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a packaged Microsoft Store app might compromise the system by opening a file in the default desktop app for a file type. -- If you enable this policy setting, Windows Store apps can't open files in the default desktop app for a file type; they can open files only in other Windows Store apps. +- If you enable this policy setting, packaged Microsoft Store apps can't open files in the default desktop app for a file type; they can open files only in other packaged Microsoft Store apps. -- If you disable or don't configure this policy setting, Windows Store apps can open files in the default desktop app for a file type. +- If you disable or don't configure this policy setting, packaged Microsoft Store apps can open files in the default desktop app for a file type. @@ -219,14 +219,14 @@ This policy shouldn't be enabled unless recommended by Microsoft as a security r -This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. +This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app. -- If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. +- If you enable this policy setting, packaged Microsoft Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps. -- If you disable or don't configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. +- If you disable or don't configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme. > [!NOTE] -> Enabling this policy setting doesn't block Windows Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk. +> Enabling this policy setting doesn't block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk. diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md index af2f85b62d..fa0478440b 100644 --- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md +++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md @@ -1,7 +1,7 @@ --- title: ADMX_ControlPanelDisplay Policy CSP description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -1351,7 +1351,7 @@ Specifies which theme file is applied to the computer the first time a user logs |:--|:--| | Name | CPL_Personalization_SetTheme | | Friendly Name | Load a specific theme | -| Location | User Configuration | +| Location | Computer and User Configuration | | Path | Control Panel > Personalization | | Registry Key Name | Software\Policies\Microsoft\Windows\Personalization | | ADMX File Name | ControlPanelDisplay.admx | diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md index 94711a96ae..f3aa4eedc9 100644 --- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md @@ -1,7 +1,7 @@ --- title: ADMX_DeviceGuard Policy CSP description: Learn more about the ADMX_DeviceGuard Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -34,7 +34,7 @@ ms.date: 08/06/2024 -Deploy Windows Defender Application Control. +Deploy App Control for Business. This policy setting lets you deploy a Code Integrity Policy to a machine to control what's allowed to run on that machine. @@ -69,7 +69,7 @@ If using a signed and protected policy then disabling this policy setting doesn' | Name | Value | |:--|:--| | Name | ConfigCIPolicy | -| Friendly Name | Deploy Windows Defender Application Control | +| Friendly Name | Deploy App Control for Business | | Location | Computer Configuration | | Path | System > Device Guard | | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard | diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md index 2f447009b6..dc1ec2aa56 100644 --- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md +++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md @@ -1,7 +1,7 @@ --- title: ADMX_DnsClient Policy CSP description: Learn more about the ADMX_DnsClient Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -91,7 +91,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie -Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails. +Specifies that the DNS client may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails. A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com" is an example of a fully qualified name because it contains a terminating dot. @@ -103,7 +103,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix - If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails. -- If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names. +- If you don't configure this policy setting, the DNS client will use its local settings to determine the query behavior for unqualified multi-label names. @@ -162,9 +162,9 @@ Specifies a connection-specific DNS suffix. This policy setting supersedes local To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix. -- If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting. +- If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by the DNS client. -- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied connection specific DNS suffix, if configured. @@ -234,7 +234,7 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. -If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. +If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two. @@ -295,11 +295,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the -Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured. +Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the DNS client is on non-domain networks with no WINS servers configured. - If this policy setting is enabled, IDNs aren't converted to Punycode. -- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured. +- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the DNS client is on non-domain networks with no WINS servers configured. @@ -413,13 +413,13 @@ Specifies whether the DNS client should convert internationalized domain names ( -Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. +Defines the DNS servers to which the DNS client sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address. -- If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. +- If you enable this policy setting, the list of DNS servers is applied to all network connections used by the DNS client. -- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied list of DNS servers, if configured. @@ -535,18 +535,18 @@ Specifies that responses from link local name resolution protocols received over -Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution. +Specifies the primary DNS suffix used by the DNS client in DNS name registration and DNS name resolution. To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com. > [!IMPORTANT] -> In order for changes to this policy setting to be applied on computers that receive it, you must restart Windows. +> In order for changes to this policy setting to be applied on the DNS client, you must restart Windows. - If you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel. You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix. -- If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client uses the local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined. @@ -600,18 +600,18 @@ You can use this policy setting to prevent users, including local administrators -Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix. +Specifies if the DNS client performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix. By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com. -- If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting. +- If you enable this policy setting, the DNS client will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by the DNS client. -For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled. +For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, the DNS client will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled. > [!IMPORTANT] -> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled. +> This policy setting is ignored by the DNS client if dynamic DNS registration is disabled. -- If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client won't register any A and PTR resource records using a connection-specific DNS suffix. @@ -666,7 +666,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso -Specifies if DNS client computers will register PTR resource records. +Specifies if the DNS client will register PTR resource records. By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record. @@ -674,13 +674,13 @@ By default, DNS clients configured to perform dynamic DNS registration will atte To use this policy setting, click Enabled, and then select one of the following options from the drop-down list: -Don't register: Computers won't attempt to register PTR resource records. +Don't register: the DNS client won't attempt to register PTR resource records. -Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful. +Register: the DNS client will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful. -Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful. +Register only if A record registration succeeds: the DNS client will attempt to register PTR resource records only if registration of the corresponding A records was successful. -- If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use locally configured settings. @@ -734,11 +734,11 @@ Register only if A record registration succeeds: Computers will attempt to regis -Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server. +Specifies if DNS dynamic update is enabled. DNS clients configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server. -- If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled. +- If you enable this policy setting, or you don't configure this policy setting, the DNS client will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled. -- If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections. +- If you disable this policy setting, the DNS client may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections. @@ -795,7 +795,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. -This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers. +This policy setting is designed for DNS clients that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other DNS clients. During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address. @@ -856,18 +856,18 @@ During dynamic update of resource records in a zone that doesn't use Secure Dyna -Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates. +Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies DNS clients performing dynamic DNS updates. -Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records. +DNS clients configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records. > [!WARNING] > If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records. To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 seconds is 30 minutes. -- If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting. +- If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by DNS clients that receive this policy setting. -- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied setting. By default, DNS clients configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed. @@ -921,13 +921,13 @@ To specify the registration refresh interval, click Enabled and then enter a val -Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied. +Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by the DNS client to which this policy setting is applied. To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes). -- If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting. +- If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by the DNS client. -- If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes). +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes). @@ -985,7 +985,7 @@ Specifies the DNS suffixes to attach to an unqualified single-label name before An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com". -Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com". +DNS clients that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com". To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes. @@ -1170,15 +1170,15 @@ Specifies the security level for dynamic DNS updates. To use this policy setting, click Enabled and then select one of the following values: -Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused. +Unsecure followed by secure - the DNS client sends secure dynamic updates only when nonsecure dynamic updates are refused. -Only unsecure - computers send only nonsecure dynamic updates. +Only unsecure - the DNS client sends only nonsecure dynamic updates. -Only secure - computers send only secure dynamic updates. +Only secure - The DNS client sends only secure dynamic updates. -- If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. +- If you enable this policy setting, DNS clients that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. -- If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. +- If you disable this policy setting, or if you don't configure this policy setting, DNS clients will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update. @@ -1232,13 +1232,13 @@ Only secure - computers send only secure dynamic updates. -Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com". +Specifies if the DNS client may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com". By default, a DNS client that's configured to perform dynamic DNS update will update the DNS zone that's authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone. -- If you enable this policy setting, computers send dynamic updates to any zone that's authoritative for the resource records that the computer needs to update, except the root zone. +- If you enable this policy setting, the DNS client sends dynamic updates to any zone that's authoritative for the resource records that the DNS client needs to update, except the root zone. -- If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update. +- If you disable this policy setting, or if you don't configure this policy setting, the DNS client doesn't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the DNS client needs to update. @@ -1309,7 +1309,7 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. -If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. +If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two. @@ -1370,11 +1370,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the -Specifies that link local multicast name resolution (LLMNR) is disabled on client computers. +Specifies that link local multicast name resolution (LLMNR) is disabled on the DNS client. -LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible. +LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a DNS client to another DNS client on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible. -- If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer. +- If you enable this policy setting, LLMNR will be disabled on all available network adapters on the DNS client. - If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters. diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 03c6eabd47..1b08f87864 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -1,7 +1,7 @@ --- title: ADMX_FileSys Policy CSP description: Learn more about the ADMX_FileSys Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -260,7 +260,7 @@ Encrypting the page file prevents malicious users from reading data that has bee -Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process. +Enabling Win32 long paths will allow manifested win32 applications and packaged Microsoft Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 124f07bbb0..2664598272 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -1,7 +1,7 @@ --- title: ADMX_MicrosoftDefenderAntivirus Policy CSP description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -1523,11 +1523,13 @@ This policy setting defines the number of days items should be kept in the Quara -This policy setting allows you to configure the scheduled scan, and the scheduled security intelligence update, start time window in hours. +This policy setting allows you to configure the randomization of the scheduled scan start time and the scheduled definition update start time. -- If you disable or don't configure this setting, scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler. +- If you enable or don't configure this policy setting, and didn't set a randomization window in the Configure scheduled task time randomization window setting , then randomization will be added between 0-4 hours. -- If you enable this setting, you can widen, or narrow, this randomization period. Specify a randomization window of between 1 and 23 hours. +- If you enable or don't configure this policy setting, and set a randomization window in the Configure scheduled task time randomization window setting, the configured randomization window will be used. + +- If you disable this policy setting, but configured the scheduled task time randomization window, randomization won't be done. @@ -3528,11 +3530,11 @@ This policy setting allows you to configure scanning mapped network drives. -This policy setting allows you to configure scanning for network files. It's recommended that you don't enable this setting. +This policy setting allows the scanning of network files using on access protection. The default is enabled. Recommended to remain enabled in most cases. -- If you enable this setting, network files will be scanned. +- If you enable or don't configure this setting, network files will be scanned. -- If you disable or don't configure this setting, network files won't be scanned. +- If you disable this setting, network files won't be scanned. @@ -3556,7 +3558,7 @@ This policy setting allows you to configure scanning for network files. It's rec | Name | Value | |:--|:--| | Name | Scan_DisableScanningNetworkFiles | -| Friendly Name | Scan network files | +| Friendly Name | Configure scanning of network files | | Location | Computer Configuration | | Path | Windows Components > Microsoft Defender Antivirus > Scan | | Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan | @@ -5436,12 +5438,7 @@ Valid remediation action values are: - -This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display. - -- If you enable this setting, the additional text specified will be displayed. - -- If you disable or don't configure this setting, there will be no additional text displayed. + @@ -5458,6 +5455,7 @@ This policy setting allows you to configure whether or not to display additional + [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -5465,10 +5463,6 @@ This policy setting allows you to configure whether or not to display additional | Name | Value | |:--|:--| | Name | UX_Configuration_CustomDefaultActionToastString | -| Friendly Name | Display additional text to clients when they need to perform an action | -| Location | Computer Configuration | -| Path | Windows Components > Microsoft Defender Antivirus > Client Interface | -| Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration | | ADMX File Name | WindowsDefender.admx | diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 6603256c75..3cad268ba1 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -1,7 +1,7 @@ --- title: ADMX_Netlogon Policy CSP description: Learn more about the ADMX_Netlogon Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -420,6 +420,8 @@ Note that this policy setting doesn't affect NetBIOS-based discovery for DC loca - If you enable or don't configure this policy setting, the DC location algorithm doesn't use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. - If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails. + +This setting has no effect unless the BlockNetbiosDiscovery setting is disabled. NetBIOS-based discovery is considered unsecure, has many limitations, and will be deprecated in a future release. For these reasons, NetBIOS-based discovery isn't recommended. See for more information. diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index d610c2f9e8..3d3913d0a5 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -1,7 +1,7 @@ --- title: ADMX_Printing Policy CSP description: Learn more about the ADMX_Printing Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -749,7 +749,7 @@ This preference allows you to change default printer management. -Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2022. +Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2025. - If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps). diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index e43437afce..7c490ba91b 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -1,7 +1,7 @@ --- title: ADMX_StartMenu Policy CSP description: Learn more about the ADMX_StartMenu Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -997,7 +997,7 @@ This policy setting allows you to prevent users from changing their Start screen |:--|:--| | Name | NoChangeStartMenu | | Friendly Name | Prevent users from customizing their Start Screen | -| Location | User Configuration | +| Location | Computer and User Configuration | | Path | Start Menu and Taskbar | | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | | Registry Value Name | NoChangeStartMenu | diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index 15a624d898..f2d2086000 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -1,7 +1,7 @@ --- title: ADMX_Taskbar Policy CSP description: Learn more about the ADMX_Taskbar Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -69,7 +69,7 @@ A reboot is required for this policy setting to take effect. |:--|:--| | Name | DisableNotificationCenter | | Friendly Name | Remove Notifications and Action Center | -| Location | User Configuration | +| Location | Computer and User Configuration | | Path | Start Menu and Taskbar | | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer | | Registry Value Name | DisableNotificationCenter | @@ -748,11 +748,11 @@ This policy setting allows you to turn off automatic promotion of notification i -This policy setting allows users to see Windows Store apps on the taskbar. +This policy setting allows users to see packaged Microsoft Store apps on the taskbar. -- If you enable this policy setting, users will see Windows Store apps on the taskbar. +- If you enable this policy setting, users will see packaged Microsoft Store apps on the taskbar. -- If you disable this policy setting, users won't see Windows Store apps on the taskbar. +- If you disable this policy setting, users won't see packaged Microsoft Store apps on the taskbar. - If you don't configure this policy setting, the default setting for the user's device will be used, and the user can choose to change it. @@ -778,7 +778,7 @@ This policy setting allows users to see Windows Store apps on the taskbar. | Name | Value | |:--|:--| | Name | ShowWindowsStoreAppsOnTaskbar | -| Friendly Name | Show Windows Store apps on the taskbar | +| Friendly Name | Show packaged Microsoft Store apps on the taskbar | | Location | User Configuration | | Path | Start Menu and Taskbar | | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer | diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index c4f588506a..d6d10aed92 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -1,7 +1,7 @@ --- title: ADMX_TerminalServer Policy CSP description: Learn more about the ADMX_TerminalServer Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -3585,7 +3585,7 @@ This policy setting allows you to specify which protocols can be used for Remote - If you enable this policy setting, you must specify if you would like RDP to use UDP. -You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)". +You can select one of the following options: "Use either UDP or TCP (default)" or "Use only TCP". If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 7095179c9c..bc47c28b99 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -1,7 +1,7 @@ --- title: ADMX_Thumbnails Policy CSP description: Learn more about the ADMX_Thumbnails Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -95,11 +95,14 @@ File Explorer displays thumbnail images by default. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders. -File Explorer displays thumbnail images on network folders by default. +File Explorer displays only icons and never displays thumbnail images on network folders by default. -- If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders. +- If you disable this policy setting, File Explorer displays thumbnail images on network folders. -- If you disable or don't configure this policy setting, File Explorer displays only thumbnail images on network folders. +- If you enable or don't configure this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders. + +> [!NOTE] +> Allowing the use of thumbnail images from network folders can expose the users' computers to security risks. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 44d542de9d..9100a4bbb3 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -1,7 +1,7 @@ --- title: ADMX_WindowsExplorer Policy CSP description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -472,7 +472,15 @@ You can specify a known folder using its known folder id or using its canonical - + +This policy setting determines the application of the Mark of the Web tag to files sourced from insecure locations. + +- If you enable this policy setting, files copied from unsecure sources won't be tagged with the Mark of the Web. + +- If you disable or don't configure this policy setting, files copied from unsecure sources will be tagged with the appropriate Mark of the Web. + +> [!NOTE] +> Failure to tag files from unsecure sources with the Mark of the Web can expose users' computers to security risks. @@ -489,7 +497,6 @@ You can specify a known folder using its known folder id or using its canonical - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -497,6 +504,11 @@ You can specify a known folder using its known folder id or using its canonical | Name | Value | |:--|:--| | Name | DisableMotWOnInsecurePathCopy | +| Friendly Name | Do not apply the Mark of the Web tag to files copied from insecure sources | +| Location | Computer Configuration | +| Path | WindowsComponents > File Explorer | +| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer | +| Registry Value Name | DisableMotWOnInsecurePathCopy | | ADMX File Name | WindowsExplorer.admx | diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index bfddc2641c..b1b7b3fd75 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -1,7 +1,7 @@ --- title: ADMX_WPN Policy CSP description: Learn more about the ADMX_WPN Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -254,7 +254,7 @@ No reboots or service restarts are required for this policy setting to take effe |:--|:--| | Name | NoToastNotification | | Friendly Name | Turn off toast notifications | -| Location | User Configuration | +| Location | Computer and User Configuration | | Path | Start Menu and Taskbar > Notifications | | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications | | Registry Value Name | NoToastApplicationNotification | diff --git a/windows/client-management/mdm/policy-csp-appdeviceinventory.md b/windows/client-management/mdm/policy-csp-appdeviceinventory.md index 7e0fb8176b..aa8f597ae9 100644 --- a/windows/client-management/mdm/policy-csp-appdeviceinventory.md +++ b/windows/client-management/mdm/policy-csp-appdeviceinventory.md @@ -1,7 +1,7 @@ --- title: AppDeviceInventory Policy CSP description: Learn more about the AppDeviceInventory Area in Policy CSP. -ms.date: 08/07/2024 +ms.date: 09/27/2024 --- @@ -33,7 +33,12 @@ ms.date: 08/07/2024 - + +This policy controls the state of API Sampling. API Sampling monitors the sampled collection of application programming interfaces used during system runtime to help diagnose compatibility problems. + +- If you enable this policy, API Sampling won't be run. + +- If you disable or don't configure this policy, API Sampling will be turned on. @@ -50,7 +55,6 @@ ms.date: 08/07/2024 - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -58,6 +62,11 @@ ms.date: 08/07/2024 | Name | Value | |:--|:--| | Name | TurnOffAPISamping | +| Friendly Name | Turn off API Sampling | +| Location | Computer Configuration | +| Path | Windows Components > App and Device Inventory | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat | +| Registry Value Name | DisableAPISamping | | ADMX File Name | AppDeviceInventory.admx | @@ -83,7 +92,12 @@ ms.date: 08/07/2024 - + +This policy controls the state of Application Footprint. Application Footprint monitors the sampled collection of registry and file usage to help diagnose compatibility problems. + +- If you enable this policy, Application Footprint won't be run. + +- If you disable or don't configure this policy, Application Footprint will be turned on. @@ -100,7 +114,6 @@ ms.date: 08/07/2024 - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -108,6 +121,11 @@ ms.date: 08/07/2024 | Name | Value | |:--|:--| | Name | TurnOffApplicationFootprint | +| Friendly Name | Turn off Application Footprint | +| Location | Computer Configuration | +| Path | Windows Components > App and Device Inventory | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat | +| Registry Value Name | DisableApplicationFootprint | | ADMX File Name | AppDeviceInventory.admx | @@ -133,7 +151,12 @@ ms.date: 08/07/2024 - + +This policy controls the state of Install Tracing. Install Tracing is a mechanism that tracks application installs to help diagnose compatibility problems. + +- If you enable this policy, Install Tracing won't be run. + +- If you disable or don't configure this policy, Install Tracing will be turned on. @@ -150,7 +173,6 @@ ms.date: 08/07/2024 - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -158,6 +180,11 @@ ms.date: 08/07/2024 | Name | Value | |:--|:--| | Name | TurnOffInstallTracing | +| Friendly Name | Turn off Install Tracing | +| Location | Computer Configuration | +| Path | Windows Components > App and Device Inventory | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat | +| Registry Value Name | DisableInstallTracing | | ADMX File Name | AppDeviceInventory.admx | @@ -167,6 +194,65 @@ ms.date: 08/07/2024 + +## TurnOffWin32AppBackup + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/AppDeviceInventory/TurnOffWin32AppBackup +``` + + + + +This policy controls the state of the compatibility scan for backed up applications. The compatibility scan for backed up applications evaluates for compatibility problems in installed applications. + +- If you enable this policy, the compatibility scan for backed up applications won't be run. + +- If you disable or don't configure this policy, the compatibility scan for backed up applications will be run. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] + +**ADMX mapping**: + +| Name | Value | +|:--|:--| +| Name | TurnOffWin32AppBackup | +| Friendly Name | Turn off compatibility scan for backed up applications | +| Location | Computer Configuration | +| Path | Windows Components > App and Device Inventory | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat | +| Registry Value Name | DisableWin32AppBackup | +| ADMX File Name | AppDeviceInventory.admx | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 7b1698c462..885f96e31a 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -1,7 +1,7 @@ --- title: ApplicationManagement Policy CSP description: Learn more about the ApplicationManagement Area in Policy CSP. -ms.date: 04/10/2024 +ms.date: 09/27/2024 --- @@ -30,11 +30,11 @@ ms.date: 04/10/2024 -This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps. +This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed packaged Microsoft Store apps. -- If you enable this policy setting, you can install any LOB or developer-signed Windows Store app (which must be signed with a certificate chain that can be successfully validated by the local computer). +- If you enable this policy setting, you can install any LOB or developer-signed packaged Microsoft Store app (which must be signed with a certificate chain that can be successfully validated by the local computer). -- If you disable or don't configure this policy setting, you can't install LOB or developer-signed Windows Store apps. +- If you disable or don't configure this policy setting, you can't install LOB or developer-signed packaged Microsoft Store apps. @@ -269,7 +269,7 @@ Allows or denies development of Microsoft Store applications and installing them | Name | Value | |:--|:--| | Name | AllowDevelopmentWithoutDevLicense | -| Friendly Name | Allows development of Windows Store apps and installing them from an integrated development environment (IDE) | +| Friendly Name | Allows development of packaged Microsoft Store apps and installing them from an integrated development environment (IDE) | | Location | Computer Configuration | | Path | Windows Components > App Package Deployment | | Registry Key Name | Software\Policies\Microsoft\Windows\Appx | diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 20cddfc183..2b19c52a8c 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -1,7 +1,7 @@ --- title: AppRuntime Policy CSP description: Learn more about the AppRuntime Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -32,9 +32,9 @@ ms.date: 01/18/2024 -This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. +This policy setting lets you control whether Microsoft accounts are optional for packaged Microsoft Store apps that require an account to sign in. This policy only affects packaged Microsoft Store apps that support it. -- If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead. +- If you enable this policy setting, packaged Microsoft Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead. - If you disable or don't configure this policy setting, users will need to sign in with a Microsoft account. diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 6e677aa3b7..220712712a 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -1,7 +1,7 @@ --- title: AppVirtualization Policy CSP description: Learn more about the AppVirtualization Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -33,6 +33,9 @@ ms.date: 01/18/2024 This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. + +> [!NOTE] +> Application Virtualization (App-V) will reach end-of-life April 2026. After that time, the App-V client will be excluded from new versions of the Windows operating system. See aka.ms/AppVDeprecation for more information. diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 27aae04079..11bf016054 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -1,7 +1,7 @@ --- title: Cryptography Policy CSP description: Learn more about the Cryptography Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 01/18/2024 # Policy CSP - Cryptography -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -79,7 +77,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -146,7 +144,7 @@ CertUtil.exe -DisplayEccCurve. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -196,7 +194,7 @@ System cryptography: Force strong key protection for user keys stored on the com | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -235,7 +233,7 @@ Override minimal enabled TLS version for client role. Last write wins. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -274,7 +272,7 @@ Override minimal enabled TLS version for server role. Last write wins. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -313,7 +311,7 @@ Override minimal enabled TLS version for client role. Last write wins. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index a790f24a26..2eef54311e 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -1,7 +1,7 @@ --- title: Defender Policy CSP description: Learn more about the Defender Area in Policy CSP. -ms.date: 06/28/2024 +ms.date: 09/27/2024 --- @@ -745,7 +745,7 @@ This policy setting allows you to configure scheduled scans and on-demand (manua | Name | Value | |:--|:--| | Name | Scan_DisableScanningNetworkFiles | -| Friendly Name | Scan network files | +| Friendly Name | Configure scanning of network files | | Location | Computer Configuration | | Path | Windows Components > Microsoft Defender Antivirus > Scan | | Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan | diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md index 2b3fea16a4..c1806d30f7 100644 --- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md +++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md @@ -1,7 +1,7 @@ --- title: DesktopAppInstaller Policy CSP description: Learn more about the DesktopAppInstaller Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -11,8 +11,6 @@ ms.date: 01/18/2024 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -215,7 +213,14 @@ Users will still be able to execute the *winget* command. The default help will - + +This policy controls whether the [Windows Package Manager](/windows/package-manager/) will validate the Microsoft Store certificate hash matches to a known Microsoft Store certificate when initiating a connection to the Microsoft Store Source. + +- If you enable this policy, the [Windows Package Manager](/windows/package-manager/) will bypass the Microsoft Store certificate validation. + +- If you disable this policy, the [Windows Package Manager](/windows/package-manager/) will validate the Microsoft Store certificate used is valid and belongs to the Microsoft Store before communicating with the Microsoft Store source. + +- If you don't configure this policy, the [Windows Package Manager](/windows/package-manager/) administrator settings will be adhered to. @@ -232,7 +237,6 @@ Users will still be able to execute the *winget* command. The default help will - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -240,6 +244,11 @@ Users will still be able to execute the *winget* command. The default help will | Name | Value | |:--|:--| | Name | EnableBypassCertificatePinningForMicrosoftStore | +| Friendly Name | Enable App Installer Microsoft Store Source Certificate Validation Bypass | +| Location | Computer Configuration | +| Path | Windows Components > Desktop App Installer | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller | +| Registry Value Name | EnableBypassCertificatePinningForMicrosoftStore | | ADMX File Name | DesktopAppInstaller.admx | @@ -445,7 +454,14 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa - + +This policy controls the ability to override malware vulnerability scans when installing an archive file using a local manifest using the command line arguments. + +- If you enable this policy, users can override the malware scan when performing a local manifest install of an archive file. + +- If you disable this policy, users will be unable to override the malware scan of an archive file when installing using a local manifest. + +- If you don't configure this policy, the [Windows Package Manager](/windows/package-manager/) administrator settings will be adhered to. @@ -462,7 +478,6 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -470,6 +485,11 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa | Name | Value | |:--|:--| | Name | EnableLocalArchiveMalwareScanOverride | +| Friendly Name | Enable App Installer Local Archive Malware Scan Override | +| Location | Computer Configuration | +| Path | Windows Components > Desktop App Installer | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller | +| Registry Value Name | EnableLocalArchiveMalwareScanOverride | | ADMX File Name | DesktopAppInstaller.admx | @@ -618,9 +638,9 @@ This policy controls the Microsoft Store source included with the [Windows Packa This policy controls whether users can install packages from a website that's using the ms-appinstaller protocol. -- If you enable or don't configure this setting, users will be able to install packages from websites that use this protocol. +- If you enable this setting, users will be able to install packages from websites that use this protocol. -- If you disable this setting, users won't be able to install packages from websites that use this protocol. +- If you disable or don't configure this setting, users won't be able to install packages from websites that use this protocol. @@ -724,7 +744,7 @@ The settings are stored inside of a .json file on the user’s system. It may be | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -734,7 +754,14 @@ The settings are stored inside of a .json file on the user’s system. It may be - + +This policy determines if a user can perform an action using the [Windows Package Manager](/windows/package-manager/) through a command line interface (WinGet CLI, or WinGet PowerShell). + +If you disable this policy, users won't be able execute the [Windows Package Manager](/windows/package-manager/) CLI, and PowerShell cmdlets. + +If you enable, or don't configuring this policy, users will be able to execute the [Windows Package Manager](/windows/package-manager/) CLI commands, and PowerShell cmdlets. (Provided "Enable App Installer" policy isn't disabled). + +This policy doesn't override the "Enable App Installer" policy. @@ -751,7 +778,6 @@ The settings are stored inside of a .json file on the user’s system. It may be - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -759,6 +785,11 @@ The settings are stored inside of a .json file on the user’s system. It may be | Name | Value | |:--|:--| | Name | EnableWindowsPackageManagerCommandLineInterfaces | +| Friendly Name | Enable Windows Package Manager command line interfaces | +| Location | Computer Configuration | +| Path | Windows Components > Desktop App Installer | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller | +| Registry Value Name | EnableWindowsPackageManagerCommandLineInterfaces | | ADMX File Name | DesktopAppInstaller.admx | @@ -774,7 +805,7 @@ The settings are stored inside of a .json file on the user’s system. It may be | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -784,7 +815,12 @@ The settings are stored inside of a .json file on the user’s system. It may be - + +This policy controls whether the [Windows Package Manager](/windows/package-manager/) configuration feature can be used by users. + +- If you enable or don't configure this setting, users will be able to use the [Windows Package Manager](/windows/package-manager/) configuration feature. + +- If you disable this setting, users won't be able to use the [Windows Package Manager](/windows/package-manager/) configuration feature. @@ -801,7 +837,6 @@ The settings are stored inside of a .json file on the user’s system. It may be - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -809,6 +844,11 @@ The settings are stored inside of a .json file on the user’s system. It may be | Name | Value | |:--|:--| | Name | EnableWindowsPackageManagerConfiguration | +| Friendly Name | Enable Windows Package Manager Configuration | +| Location | Computer Configuration | +| Path | Windows Components > Desktop App Installer | +| Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller | +| Registry Value Name | EnableWindowsPackageManagerConfiguration | | ADMX File Name | DesktopAppInstaller.admx | @@ -835,9 +875,9 @@ The settings are stored inside of a .json file on the user’s system. It may be -This policy controls the auto update interval for package-based sources. +This policy controls the auto-update interval for package-based sources. The default source for [Windows Package Manager](/windows/package-manager/) is configured such that an index of the packages is cached on the local machine. The index is downloaded when a user invokes a command, and the interval has passed. -- If you disable or don't configure this setting, the default interval or the value specified in settings will be used by the [Windows Package Manager](/windows/package-manager/). +- If you disable or don't configure this setting, the default interval or the value specified in the [Windows Package Manager](/windows/package-manager/) settings will be used. - If you enable this setting, the number of minutes specified will be used by the [Windows Package Manager](/windows/package-manager/). diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 259d88a891..c294633d53 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -1,7 +1,7 @@ --- title: DeviceLock Policy CSP description: Learn more about the DeviceLock Area in Policy CSP. -ms.date: 08/05/2024 +ms.date: 09/27/2024 --- @@ -11,8 +11,6 @@ ms.date: 08/05/2024 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - > [!IMPORTANT] @@ -25,7 +23,7 @@ ms.date: 08/05/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -64,7 +62,7 @@ Account lockout threshold - This security setting determines the number of faile | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -329,7 +327,7 @@ Determines the type of PIN or password required. This policy only applies if the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -685,7 +683,7 @@ The number of authentication failures allowed before the device will be wiped. A | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1025,7 +1023,7 @@ This security setting determines the period of time (in days) that a password mu | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1078,7 +1076,7 @@ This security setting determines the least number of characters that a password | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1128,7 +1126,7 @@ This security setting determines the minimum password length for which password | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1188,7 +1186,7 @@ Complexity requirements are enforced when passwords are changed or created. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1360,7 +1358,7 @@ If you enable this setting, users will no longer be able to modify slide show se | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index f0831810bd..d6932eb1ca 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -1,7 +1,7 @@ --- title: Experience Policy CSP description: Learn more about the Experience Area in Policy CSP. -ms.date: 08/07/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 08/07/2024 # Policy CSP - Experience -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -484,7 +482,7 @@ Allow screen capture. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
          ✅ User | ❌ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ❌ Device
          ✅ User | ❌ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -494,7 +492,7 @@ Allow screen capture. - + This policy setting allows you to control whether screen recording functionality is available in the Windows Snipping Tool app. - If you disable this policy setting, screen recording functionality won't be accessible in the Windows Snipping Tool app. @@ -531,7 +529,12 @@ This policy setting allows you to control whether screen recording functionality | Name | Value | |:--|:--| | Name | AllowScreenRecorder | -| Path | Programs > AT > WindowsComponents > SnippingTool | +| Friendly Name | Allow Screen Recorder | +| Location | User Configuration | +| Path | Windows Components > Snipping Tool | +| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\SnippingTool | +| Registry Value Name | AllowScreenRecorder | +| ADMX File Name | Programs.admx | @@ -1681,7 +1684,7 @@ This policy setting lets you turn off cloud consumer account state content in al | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ❌ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ❌ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1887,7 +1890,7 @@ _**Turn syncing off by default but don’t disable**_ | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
          ✅ User | ❌ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4828] and later
          ✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later
          ✅ Windows Insider Preview | +| ❌ Device
          ✅ User | ❌ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5041582](https://support.microsoft.com/help/5041582) [10.0.19045.4842] and later
          ✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later
          ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index fb55df7a5d..73f6d2a6de 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -1,7 +1,7 @@ --- title: FileExplorer Policy CSP description: Learn more about the FileExplorer Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -138,7 +138,7 @@ When This PC location is restricted, give the user the option to enumerate and n -Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, etc. +Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, Details pane, etc. diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md index 3ef891ed68..1cf592ddff 100644 --- a/windows/client-management/mdm/policy-csp-humanpresence.md +++ b/windows/client-management/mdm/policy-csp-humanpresence.md @@ -1,7 +1,7 @@ --- title: HumanPresence Policy CSP description: Learn more about the HumanPresence Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 01/18/2024 # Policy CSP - HumanPresence -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -21,7 +19,7 @@ ms.date: 01/18/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -85,7 +83,7 @@ Determines whether Allow Adaptive Dimming When Battery Saver On checkbox is forc | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -149,7 +147,7 @@ Determines whether Allow Lock on Leave When Battery Saver On checkbox is forced | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -213,7 +211,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 5e218fe45c..bfcf5c6f27 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -1,7 +1,7 @@ --- title: InternetExplorer Policy CSP description: Learn more about the InternetExplorer Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -1005,7 +1005,12 @@ Note. It's recommended to configure template policy settings in one Group Policy - + +This policy setting allows the use of some disabled functionality, such as WorkingDirectory field or pluggable protocol handling, in Internet Shortcut files. + +If you enable this policy, disabled functionality for Internet Shortcut files will be re-enabled. + +If you disable, or don't configure this policy, some functionality for Internet Shortcut files, such as WorkingDirectory field or pluggable protocol handling, will be disabled. @@ -1022,7 +1027,6 @@ Note. It's recommended to configure template policy settings in one Group Policy - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -1030,6 +1034,11 @@ Note. It's recommended to configure template policy settings in one Group Policy | Name | Value | |:--|:--| | Name | AllowLegacyURLFields | +| Friendly Name | Allow legacy functionality for Internet Shortcut files | +| Location | Computer and User Configuration | +| Path | Windows Components > Internet Explorer | +| Registry Key Name | Software\Policies\Microsoft\Internet Explorer\Main | +| Registry Value Name | AllowLegacyURLFields | | ADMX File Name | inetres.admx | @@ -7923,13 +7932,11 @@ This policy setting allows you to manage the opening of windows and frames and a -This policy setting specifies whether JScript or JScript9Legacy is loaded for MSHTML/WebOC/MSXML/Cscript based invocations. +This policy setting specifies whether JScript or JScript9Legacy is loaded. -- If you enable this policy setting, JScript9Legacy will be loaded in situations where JScript is instantiated. +- If you enable this policy setting or not configured, JScript9Legacy will be loaded in situations where JScript is instantiated. - If you disable this policy, then JScript will be utilized. - -- If this policy is left unconfigured, then MSHTML will use JScript9Legacy and MSXML/Cscript will use JScript. @@ -7953,7 +7960,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS | Name | Value | |:--|:--| | Name | JScriptReplacement | -| Friendly Name | Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC. | +| Friendly Name | Replace JScript by loading JScript9Legacy in place of JScript. | | Location | Computer and User Configuration | | Path | Windows Components > Internet Explorer | | Registry Key Name | Software\Policies\Microsoft\Internet Explorer\Main | @@ -13407,7 +13414,7 @@ If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode If you disable, or don't configure this policy, the zoom of an HTML dialog in Internet Explorer mode will be set based on the zoom of it's parent page. -For more information, see +For more information, see diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index b3e44fe44d..b80bf2d206 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -1,7 +1,7 @@ --- title: LanmanWorkstation Policy CSP description: Learn more about the LanmanWorkstation Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -36,6 +36,8 @@ This policy setting determines if the SMB client will allow insecure guest logon - If you disable this policy setting, the SMB client will reject insecure guest logons. +If you enable signing, the SMB client will reject insecure guest logons. + Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access". diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 8caa34c334..4333825aac 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1,7 +1,7 @@ --- title: LocalPoliciesSecurityOptions Policy CSP description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP. -ms.date: 09/11/2024 +ms.date: 09/27/2024 --- @@ -360,7 +360,7 @@ Accounts: Rename guest account This security setting determines whether a differ | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -404,7 +404,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -445,7 +445,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -718,7 +718,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -771,7 +771,7 @@ Devices: Restrict floppy access to locally logged-on user only This security set | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -825,7 +825,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -878,7 +878,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -928,7 +928,7 @@ Domain member: Digitally sign secure channel data (when possible) This security | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -982,7 +982,7 @@ Domain member: Disable machine account password changes Determines whether a dom | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1035,7 +1035,7 @@ Domain member: Maximum machine account password age This security setting determ | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1335,7 +1335,7 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1535,7 +1535,7 @@ Interactive logon: Message title for users attempting to log on This security se | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1575,7 +1575,7 @@ Interactive logon: Number of previous logons to cache (in case domain controller | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1864,7 +1864,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2047,7 +2047,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2090,7 +2090,7 @@ Microsoft network server: Disconnect clients when logon hours expire This securi | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2131,7 +2131,7 @@ Microsoft network server: Server SPN target name validation level This policy se | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2312,7 +2312,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2360,7 +2360,7 @@ Network access: Don't allow storage of passwords and credentials for network aut | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2412,7 +2412,7 @@ Network access: Let Everyone permissions apply to anonymous users This security | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2452,7 +2452,7 @@ Network access: Named pipes that can be accessed anonymously This security setti | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2495,7 +2495,7 @@ Network access: Remotely accessible registry paths This security setting determi | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2644,7 +2644,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2684,7 +2684,7 @@ Network access: Shares that can be accessed anonymously This security setting de | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2728,7 +2728,7 @@ Network access: Sharing and security model for local accounts This security sett | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2958,7 +2958,7 @@ Network security: Don't store LAN Manager hash value on next password change Thi | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -3083,7 +3083,7 @@ Network security LAN Manager authentication level This security setting determin | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -3489,7 +3489,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -3539,7 +3539,7 @@ Recovery console: Allow automatic administrative logon This security setting det | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -3696,7 +3696,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -3737,7 +3737,7 @@ System Cryptography: Force strong key protection for user keys stored on the com | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -3787,7 +3787,7 @@ System objects: Require case insensitivity for non-Windows subsystems This secur | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md index d4773d4c5d..d29d14edd8 100644 --- a/windows/client-management/mdm/policy-csp-lsa.md +++ b/windows/client-management/mdm/policy-csp-lsa.md @@ -1,7 +1,7 @@ --- title: LocalSecurityAuthority Policy CSP description: Learn more about the LocalSecurityAuthority Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -93,7 +93,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A This policy controls the configuration under which LSASS is run. -- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for clean installed, HVCI capable, client SKUs that are domain or cloud domain joined devices. This configuration isn't UEFI locked. This can be overridden if the policy is configured. +- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for all clean installed, HVCI capable, client SKUs. This configuration isn't UEFI locked. This can be overridden if the policy is configured. - If you configure and set this policy setting to "Disabled", LSA won't run as a protected process. @@ -135,7 +135,7 @@ This policy controls the configuration under which LSASS is run. | Friendly Name | Configures LSASS to run as a protected process | | Location | Computer Configuration | | Path | System > Local Security Authority | -| Registry Key Name | System\CurrentControlSet\Control\Lsa | +| Registry Key Name | Software\Policies\Microsoft\Windows\System | | ADMX File Name | LocalSecurityAuthority.admx | diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index da47e000cd..75b88b507b 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -1,7 +1,7 @@ --- title: MSSecurityGuide Policy CSP description: Learn more about the MSSecurityGuide Area in Policy CSP. -ms.date: 01/31/2024 +ms.date: 09/27/2024 --- @@ -11,8 +11,6 @@ ms.date: 01/31/2024 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -223,7 +221,7 @@ ms.date: 01/31/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index 5864c486c1..a8158e010d 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -1,7 +1,7 @@ --- title: NetworkListManager Policy CSP description: Learn more about the NetworkListManager Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 08/06/2024 # Policy CSP - NetworkListManager -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -21,7 +19,7 @@ ms.date: 08/06/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -70,7 +68,7 @@ This policy setting allows you to specify whether users can change the network i | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -119,7 +117,7 @@ This policy setting allows you to specify whether users can change the network l | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -262,7 +260,7 @@ This policy setting provides the string that names a network. If this setting is | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -311,7 +309,7 @@ This policy setting allows you to configure the Network Location for networks th | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -360,7 +358,7 @@ This policy setting allows you to configure the Network Location type for networ | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ❌ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 65d5cb42bc..8c03b26633 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -1,7 +1,7 @@ --- title: Notifications Policy CSP description: Learn more about the Notifications Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 01/18/2024 # Policy CSP - Notifications -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -21,7 +19,7 @@ ms.date: 01/18/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ❌ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index fa423988bf..098733446d 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -1,7 +1,7 @@ --- title: Printers Policy CSP description: Learn more about the Printers Area in Policy CSP. -ms.date: 01/31/2024 +ms.date: 09/27/2024 --- @@ -369,7 +369,7 @@ Determines whether Redirection Guard is enabled for the print spooler. You can enable this setting to configure the Redirection Guard policy being applied to spooler. -- If you disable or don't configure this policy setting, Redirection Guard will default to being 'enabled'. +- If you disable or don't configure this policy setting, Redirection Guard will default to being 'Enabled'. - If you enable this setting you may select the following options: @@ -435,7 +435,12 @@ The following are the supported values: - + +This policy setting controls whether packet level privacy is enabled for RPC for incoming connections. + +By default packet level privacy is enabled for RPC for incoming connections. + +If you enable or don't configure this policy setting, packet level privacy is enabled for RPC for incoming connections. @@ -452,7 +457,6 @@ The following are the supported values: - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -460,6 +464,11 @@ The following are the supported values: | Name | Value | |:--|:--| | Name | ConfigureRpcAuthnLevelPrivacyEnabled | +| Friendly Name | Configure RPC packet level privacy setting for incoming connections | +| Location | Computer Configuration | +| Path | Printers | +| Registry Key Name | System\CurrentControlSet\Control\Print | +| Registry Value Name | RpcAuthnLevelPrivacyEnabled | | ADMX File Name | Printing.admx | @@ -685,7 +694,16 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use - + +Determines whether Windows protected print is enabled on this computer. + +By default, Windows protected print isn't enabled and there aren't any restrictions on the print drivers that can be installed or print functionality. + +- If you enable this setting, the computer will operate in Windows protected print mode which only allows printing to printers that support a subset of inbox Windows print drivers. + +- If you disable this setting or don't configure it, there aren't any restrictions on the print drivers that can be installed or print functionality. + +For more information, please see [insert link to web page with WPP info] @@ -702,7 +720,6 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -710,6 +727,11 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use | Name | Value | |:--|:--| | Name | ConfigureWindowsProtectedPrint | +| Friendly Name | Configure Windows protected print | +| Location | Computer Configuration | +| Path | Printers | +| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\WPP | +| Registry Value Name | WindowsProtectedPrintGroupPolicyState | | ADMX File Name | Printing.admx | diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 895ee8c286..35949bfb98 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -1,7 +1,7 @@ --- title: Privacy Policy CSP description: Learn more about the Privacy Area in Policy CSP. -ms.date: 09/11/2024 +ms.date: 09/27/2024 --- @@ -2398,207 +2398,6 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use - -## LetAppsAccessGenerativeAI - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI -``` - - - - -This policy setting specifies whether Windows apps can use generative AI features of Windows. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `int` | -| Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[0-2]` | -| Default Value | 0 | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | LetAppsAccessGenerativeAI | -| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy | -| Element Name | LetAppsAccessGenerativeAI_Enum | - - - - - - - - - -## LetAppsAccessGenerativeAI_ForceAllowTheseApps - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceAllowTheseApps -``` - - - - -List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `chr` (string) | -| Access Type | Add, Delete, Get, Replace | -| Allowed Values | List (Delimiter: `;`) | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | LetAppsAccessGenerativeAI | -| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy | -| Element Name | LetAppsAccessGenerativeAI_ForceAllowTheseApps_List | - - - - - - - - - -## LetAppsAccessGenerativeAI_ForceDenyTheseApps - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceDenyTheseApps -``` - - - - -List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `chr` (string) | -| Access Type | Add, Delete, Get, Replace | -| Allowed Values | List (Delimiter: `;`) | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | LetAppsAccessGenerativeAI | -| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy | -| Element Name | LetAppsAccessGenerativeAI_ForceDenyTheseApps_List | - - - - - - - - - -## LetAppsAccessGenerativeAI_UserInControlOfTheseApps - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_UserInControlOfTheseApps -``` - - - - -List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the generative AI setting for the listed apps. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `chr` (string) | -| Access Type | Add, Delete, Get, Replace | -| Allowed Values | List (Delimiter: `;`) | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | LetAppsAccessGenerativeAI | -| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy | -| Element Name | LetAppsAccessGenerativeAI_UserInControlOfTheseApps_List | - - - - - - - - ## LetAppsAccessGraphicsCaptureProgrammatic diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 68895bc0f7..70acc4ac5e 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -1,7 +1,7 @@ --- title: RemoteDesktopServices Policy CSP description: Learn more about the RemoteDesktopServices Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -156,7 +156,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -166,7 +166,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp - + +This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session can't be left on the lock screen and can't reconnect automatically due to loss of network connectivity. + +This policy applies only when using legacy authentication to authenticate to the remote PC. Legacy authentication is limited to username and password, or certificates like smartcards. Legacy authentication doesn't leverage the Microsoft identity platform, such as Microsoft Entra ID. Legacy authentication includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols. + +- If you enable this policy setting, Remote Desktop connections using legacy authentication will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and re-enter their credentials when prompted. + +- If you disable or don't configure this policy setting, Remote Desktop connections using legacy authentication will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates. @@ -183,7 +190,6 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -191,7 +197,12 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp | Name | Value | |:--|:--| | Name | TS_DISCONNECT_ON_LOCK_POLICY | -| ADMX File Name | terminalserver.admx | +| Friendly Name | Disconnect remote session on lock for legacy authentication | +| Location | Computer Configuration | +| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services | +| Registry Value Name | fDisconnectOnLockLegacy | +| ADMX File Name | TerminalServer.admx | @@ -206,7 +217,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -216,7 +227,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp - + +This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session can't be left on the lock screen and can't reconnect automatically due to loss of network connectivity. + +This policy applies only when using an identity provider that uses the Microsoft identity platform, such as Microsoft Entra ID, to authenticate to the remote PC. This policy doesn't apply when using Legacy authentication which includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols. + +- If you enable or don't configure this policy setting, Remote Desktop connections using the Microsoft identity platform will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and can use passwordless authentication if configured. + +- If you disable this policy setting, Remote Desktop connections using the Microsoft identity platform will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates. @@ -233,7 +251,6 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -241,7 +258,12 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp | Name | Value | |:--|:--| | Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY | -| ADMX File Name | terminalserver.admx | +| Friendly Name | Disconnect remote session on lock for Microsoft identity platform authentication | +| Location | Computer Configuration | +| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services | +| Registry Value Name | fDisconnectOnLockMicrosoftIdentity | +| ADMX File Name | TerminalServer.admx | @@ -439,7 +461,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
          ✅ [10.0.25398.946] and later
          ✅ Windows 11, version 21H2 [10.0.22000.3014] and later
          ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
          ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
          ✅ Windows Insider Preview | +| ✅ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
          ✅ [10.0.25398.946] and later
          ✅ Windows 11, version 21H2 [10.0.22000.3014] and later
          ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
          ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
          ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -453,7 +475,25 @@ By default, Remote Desktop allows redirection of WebAuthn requests. - + +This policy setting allows you to restrict clipboard data transfers from client to server. + +- If you enable this policy setting, you must choose from the following behaviors: + +- Disable clipboard transfers from client to server. + +- Allow plain text copying from client to server. + +- Allow plain text and images copying from client to server. + +- Allow plain text, images and Rich Text Format copying from client to server. + +- Allow plain text, images, Rich Text Format and HTML copying from client to server. + +- If you disable or don't configure this policy setting, users can copy arbitrary contents from client to server if clipboard redirection is enabled. + +> [!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used. @@ -470,7 +510,6 @@ By default, Remote Desktop allows redirection of WebAuthn requests. - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -478,7 +517,11 @@ By default, Remote Desktop allows redirection of WebAuthn requests. | Name | Value | |:--|:--| | Name | TS_CLIENT_CLIPBOARDRESTRICTION_CS | -| ADMX File Name | terminalserver.admx | +| Friendly Name | Restrict clipboard transfer from client to server | +| Location | Computer and User Configuration | +| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services | +| ADMX File Name | TerminalServer.admx | @@ -493,7 +536,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
          ✅ [10.0.25398.946] and later
          ✅ Windows 11, version 21H2 [10.0.22000.3014] and later
          ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
          ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
          ✅ Windows Insider Preview | +| ✅ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later
          ✅ [10.0.25398.946] and later
          ✅ Windows 11, version 21H2 [10.0.22000.3014] and later
          ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later
          ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later
          ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -507,7 +550,25 @@ By default, Remote Desktop allows redirection of WebAuthn requests. - + +This policy setting allows you to restrict clipboard data transfers from server to client. + +- If you enable this policy setting, you must choose from the following behaviors: + +- Disable clipboard transfers from server to client. + +- Allow plain text copying from server to client. + +- Allow plain text and images copying from server to client. + +- Allow plain text, images and Rich Text Format copying from server to client. + +- Allow plain text, images, Rich Text Format and HTML copying from server to client. + +- If you disable or don't configure this policy setting, users can copy arbitrary contents from server to client if clipboard redirection is enabled. + +> [!NOTE] +> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used. @@ -524,7 +585,6 @@ By default, Remote Desktop allows redirection of WebAuthn requests. - [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] **ADMX mapping**: @@ -532,7 +592,11 @@ By default, Remote Desktop allows redirection of WebAuthn requests. | Name | Value | |:--|:--| | Name | TS_CLIENT_CLIPBOARDRESTRICTION_SC | -| ADMX File Name | terminalserver.admx | +| Friendly Name | Restrict clipboard transfer from server to client | +| Location | Computer and User Configuration | +| Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services | +| ADMX File Name | TerminalServer.admx | diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 005ef18357..fc7b78d250 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -1,7 +1,7 @@ --- title: Search Policy CSP description: Learn more about the Search Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 08/06/2024 # Policy CSP - Search -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -648,7 +646,7 @@ The most restrictive value is `0` to now allow automatic language detection. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -930,13 +928,13 @@ This policy setting configures whether or not locations on removable drives can -This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home. +This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search. -- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home. +- If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search. -- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home. +- If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search. -- If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search, and if search highlights are shown in the search box and in search home. +- If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search. diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md index 39e032a8b4..e8025d4898 100644 --- a/windows/client-management/mdm/policy-csp-settingssync.md +++ b/windows/client-management/mdm/policy-csp-settingssync.md @@ -1,7 +1,7 @@ --- title: SettingsSync Policy CSP description: Learn more about the SettingsSync Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -11,8 +11,6 @@ ms.date: 01/18/2024 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -23,7 +21,7 @@ ms.date: 01/18/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -84,7 +82,7 @@ If you don't set or disable this setting, syncing of the "accessibility" group i | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 6e99e05ccb..166eacb4b4 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -1,7 +1,7 @@ --- title: SmartScreen Policy CSP description: Learn more about the SmartScreen Area in Policy CSP. -ms.date: 01/31/2024 +ms.date: 09/27/2024 --- @@ -29,20 +29,11 @@ ms.date: 01/31/2024 - -App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly. + +Allows IT Admins to control whether users are allowed to install apps from places other than the Store. -- If you enable this setting, you must choose from the following behaviors: - -- Turn off app recommendations. - -- Show me app recommendations. - -- Warn me before installing apps from outside the Store. - -- Allow apps from Store only. - -- If you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet. +> [!NOTE] +> This policy will block installation only while the device is online. To block offline installation too, SmartScreen/PreventOverrideForFilesInShell and SmartScreen/EnableSmartScreenInShell policies should also be enabled. This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet. @@ -110,23 +101,8 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot - -This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious. - -Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. - -- If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: - -- Warn and prevent bypass -- Warn. - -- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. - -- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app. - -- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet. - -- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings. + +Allows IT Admins to configure SmartScreen for Windows. @@ -188,23 +164,8 @@ Some information is sent to Microsoft about files and programs run on PCs with t - -This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious. - -Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. - -- If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options: - -- Warn and prevent bypass -- Warn. - -- If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. - -- If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app. - -- If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet. - -- If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings. + +Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files. diff --git a/windows/client-management/mdm/policy-csp-speakforme.md b/windows/client-management/mdm/policy-csp-speakforme.md new file mode 100644 index 0000000000..b1be7a5fa4 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-speakforme.md @@ -0,0 +1,79 @@ +--- +title: SpeakForMe Policy CSP +description: Learn more about the SpeakForMe Area in Policy CSP. +ms.date: 09/27/2024 +--- + + + + +# Policy CSP - SpeakForMe + + + + + + +## EnableSpeakForMe + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```User +./User/Vendor/MSFT/Policy/Config/SpeakForMe/EnableSpeakForMe +``` + + + + +This policy setting controls whether to allow the creation of personal voices with SpeakForMe Accessibility Windows Application. + +- If you enable this policy setting, then user can create their personal voice models. + +- If you disable this policy setting, then user can't create their personal voice models with SpeakForMe. + +- If you don't configure this policy setting (default), then users can launch the training flow and create their personal voice model through SpeakForMe. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Not allowed. | +| 1 (Default) | Allowed. | + + + + + + + + + + + + + + +## Related articles + +[Policy configuration service provider](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-csp-sudo.md b/windows/client-management/mdm/policy-csp-sudo.md index 09a4e3c938..dbcd21af22 100644 --- a/windows/client-management/mdm/policy-csp-sudo.md +++ b/windows/client-management/mdm/policy-csp-sudo.md @@ -1,7 +1,7 @@ --- title: Sudo Policy CSP description: Learn more about the Sudo Area in Policy CSP. -ms.date: 04/10/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 04/10/2024 # Policy CSP - Sudo -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -21,7 +19,7 @@ ms.date: 04/10/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ❌ Pro
          ❌ Enterprise
          ❌ Education
          ❌ Windows SE
          ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ❌ Pro
          ❌ Enterprise
          ❌ Education
          ❌ Windows SE
          ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -31,7 +29,20 @@ ms.date: 04/10/2024 - + +This policy setting controls use of the sudo.exe command line tool. + +- If you enable this policy setting, then you may set a maximum allowed mode to run sudo in. This restricts the ways in which users may interact with command-line applications run with sudo. You may pick one of the following modes to allow sudo to run in: + +"Disabled": sudo is entirely disabled on this machine. When the user tries to run sudo, sudo will print an error message and exit. + +"Force new window": When sudo launches a command line application, it will launch that app in a new console window. + +"Disable input": When sudo launches a command line application, it will launch the app in the current console window, but the user won't be able to type input to the command line app. The user may also choose to run sudo in "Force new window" mode. + +"Normal": When sudo launches a command line application, it will launch the app in the current console window. The user may also choose to run sudo in "Force new window" or "Disable input" mode. + +- If you disable this policy or don't configure it, the user will be able to run sudo.exe normally (after enabling the setting in the Settings app). @@ -65,7 +76,11 @@ ms.date: 04/10/2024 | Name | Value | |:--|:--| | Name | EnableSudo | -| Path | Sudo > AT > System | +| Friendly Name | Configure the behavior of the sudo command | +| Location | Computer Configuration | +| Path | System | +| Registry Key Name | Software\Policies\Microsoft\Windows\Sudo | +| ADMX File Name | Sudo.admx | diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 57739476b7..1f4fbbaa1e 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1,7 +1,7 @@ --- title: System Policy CSP description: Learn more about the System Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -11,8 +11,6 @@ ms.date: 08/06/2024 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -431,7 +429,7 @@ This policy setting determines whether Windows is allowed to download fonts and - If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. -- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts. +- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally-installed fonts. - If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot. @@ -569,7 +567,7 @@ Specifies whether to allow app access to the Location service. Most restricted v This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows. This policy setting configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See for more information. -When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. +hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop. @@ -888,7 +886,7 @@ To enable this behavior: When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. -If you disable or don't configure this policy setting, devices enrolled to Windows Autopatch won't be able to take advantage of some deployment service features. +If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features. @@ -1471,7 +1469,7 @@ This policy setting lets you prevent apps and features from working with files o * Users can't access OneDrive from the OneDrive app and file picker. -* Windows Store apps can't access OneDrive using the WinRT API. +* Packaged Microsoft Store apps can't access OneDrive using the WinRT API. * OneDrive doesn't appear in the navigation pane in File Explorer. @@ -1739,7 +1737,7 @@ This policy setting controls whether Windows records attempts to connect with th -Diagnostic files created when feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally. +Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally. @@ -1761,8 +1759,8 @@ Diagnostic files created when feedback is filed in the Feedback Hub app will alw | Value | Description | |:--|:--| -| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so. | -| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted. | +| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. | +| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. | @@ -1777,7 +1775,7 @@ Diagnostic files created when feedback is filed in the Feedback Hub app will alw | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 2d9c9595f5..10d548c65f 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -1,7 +1,7 @@ --- title: SystemServices Policy CSP description: Learn more about the SystemServices Area in Policy CSP. -ms.date: 04/10/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 04/10/2024 # Policy CSP - SystemServices -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -21,7 +19,7 @@ ms.date: 04/10/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -171,7 +169,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -221,7 +219,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -271,7 +269,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -321,7 +319,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -371,7 +369,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -421,7 +419,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -471,7 +469,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -521,7 +519,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -571,7 +569,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -621,7 +619,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -671,7 +669,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -721,7 +719,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -771,7 +769,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -821,7 +819,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -871,7 +869,7 @@ This setting determines whether the service's start type is Automatic(2), Manual | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md index 484f4c88ad..536b1b741f 100644 --- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md +++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md @@ -1,7 +1,7 @@ --- title: TenantRestrictions Policy CSP description: Learn more about the TenantRestrictions Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 09/27/2024 --- @@ -41,9 +41,9 @@ When you enable this setting, compliant applications will be prevented from acce -Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information. +Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information. -For details about setting up WDAC with tenant restrictions, see +For details about setting up App Control with tenant restrictions, see diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 9ecb6a207c..a77f87712f 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1,7 +1,7 @@ --- title: Update Policy CSP description: Learn more about the Update Area in Policy CSP. -ms.date: 09/11/2024 +ms.date: 09/27/2024 --- @@ -9,18 +9,12 @@ ms.date: 09/11/2024 # Policy CSP - Update -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - Update CSP policies are listed below based on the group policy area: -- [Windows Insider Preview](#windows-insider-preview) - - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes) - - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates) - - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates) - [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update) - [AllowNonMicrosoftSignedUpdate](#allownonmicrosoftsignedupdate) - [AllowOptionalContent](#allowoptionalcontent) @@ -61,7 +55,8 @@ Update CSP policies are listed below based on the group policy area: - [ConfigureDeadlineForQualityUpdates](#configuredeadlineforqualityupdates) - [ConfigureDeadlineGracePeriod](#configuredeadlinegraceperiod) - [ConfigureDeadlineGracePeriodForFeatureUpdates](#configuredeadlinegraceperiodforfeatureupdates) - - [ConfigureDeadlineNoAutoReboot](#configuredeadlinenoautoreboot) + - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates) + - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates) - [ConfigureFeatureUpdateUninstallPeriod](#configurefeatureupdateuninstallperiod) - [NoUpdateNotificationsDuringActiveHours](#noupdatenotificationsduringactivehours) - [ScheduledInstallDay](#scheduledinstallday) @@ -76,6 +71,7 @@ Update CSP policies are listed below based on the group policy area: - [SetEDURestart](#setedurestart) - [UpdateNotificationLevel](#updatenotificationlevel) - [Legacy Policies](#legacy-policies) + - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes) - [AutoRestartDeadlinePeriodInDays](#autorestartdeadlineperiodindays) - [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#autorestartdeadlineperiodindaysforfeatureupdates) - [AutoRestartNotificationSchedule](#autorestartnotificationschedule) @@ -99,188 +95,6 @@ Update CSP policies are listed below based on the group policy area: - [ScheduleRestartWarning](#schedulerestartwarning) - [SetAutoRestartNotificationDisable](#setautorestartnotificationdisable) -## Windows Insider Preview - - -### AlwaysAutoRebootAtScheduledTimeMinutes - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes -``` - - - - - -- If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days. - -The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users. - -- If you disable or don't configure this policy, Windows Update won't alter its restart behavior. - -If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `int` | -| Access Type | Add, Delete, Get, Replace | -| Allowed Values | Range: `[15-180]` | -| Default Value | 15 | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | AlwaysAutoRebootAtScheduledTime | -| Friendly Name | Always automatically restart at the scheduled time | -| Element Name | work (minutes) | -| Location | Computer Configuration | -| Path | Windows Components > Windows Update > Manage end user experience | -| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU | -| ADMX File Name | WindowsUpdate.admx | - - - - - - - - - -### ConfigureDeadlineNoAutoRebootForFeatureUpdates - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates -``` - - - - -When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `int` | -| Access Type | Add, Delete, Get, Replace | -| Default Value | 0 | - - - -**Allowed values**: - -| Value | Description | -|:--|:--| -| 0 (Default) | Disabled. | -| 1 | Enabled. | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates | -| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat | -| Element Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates | - - - - - - - - - -### ConfigureDeadlineNoAutoRebootForQualityUpdates - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | - - - -```Device -./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates -``` - - - - -When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `int` | -| Access Type | Add, Delete, Get, Replace | -| Default Value | 0 | - - - -**Allowed values**: - -| Value | Description | -|:--|:--| -| 0 (Default) | Disabled. | -| 1 | Enabled. | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | ConfigureDeadlineNoAutoRebootForQualityUpdates | -| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat | -| Element Name | ConfigureDeadlineNoAutoRebootForQualityUpdates | - - - - - - - - ## Manage updates offered from Windows Update @@ -2518,8 +2332,8 @@ Number of days before feature updates are installed on devices automatically reg | Name | Value | |:--|:--| -| Name | ComplianceDeadline | -| Friendly Name | Specify deadlines for automatic updates and restarts | +| Name | ComplianceDeadlineForFU | +| Friendly Name | Specify deadline for automatic updates and restarts for feature update | | Element Name | Deadline (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage end user experience | @@ -2578,7 +2392,7 @@ Number of days before quality updates are installed on devices automatically reg | Name | Value | |:--|:--| | Name | ComplianceDeadline | -| Friendly Name | Specify deadlines for automatic updates and restarts | +| Friendly Name | Specify deadline for automatic updates and restarts for quality update | | Element Name | Deadline (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage end user experience | @@ -2633,7 +2447,7 @@ Minimum number of days from update installation until restarts occur automatical | Name | Value | |:--|:--| | Name | ComplianceDeadline | -| Friendly Name | Specify deadlines for automatic updates and restarts | +| Friendly Name | Specify deadline for automatic updates and restarts for quality update | | Element Name | Grace period (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage end user experience | @@ -2687,8 +2501,8 @@ Minimum number of days from update installation until restarts occur automatical | Name | Value | |:--|:--| -| Name | ComplianceDeadline | -| Friendly Name | Specify deadlines for automatic updates and restarts | +| Name | ComplianceDeadlineForFU | +| Friendly Name | Specify deadline for automatic updates and restarts for feature update | | Element Name | Grace Period (days) | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage end user experience | @@ -2702,31 +2516,47 @@ Minimum number of days from update installation until restarts occur automatical - -### ConfigureDeadlineNoAutoReboot + +### ConfigureDeadlineNoAutoRebootForFeatureUpdates - + | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later | - +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + - + ```Device -./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoReboot +./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates ``` - + - - -When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates or Update/ConfigureDeadlineForFeatureUpdates is configured. - + + +This policy lets you specify the number of days before feature updates are installed on devices automatically, and a grace period after which required restarts occur automatically. - +Set deadlines for feature updates and quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they're offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users won't be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity. + +Set a grace period for feature updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations. + +You can set the device to delay restarting until both the deadline and grace period have expired. + +If you disable or don't configure this policy, devices will get updates and will restart according to the default schedule. + +This policy will override the following policies: + +1. Specify deadline before auto restart for update installation +1. Specify Engaged restart transition and notification schedule for updates. + +1. Always automatically restart at the scheduled time +1. Configure Automatic Updates. + + + - + - + **Description framework properties**: | Property name | Property value | @@ -2734,36 +2564,115 @@ When enabled, devices won't automatically restart outside of active hours until | Format | `int` | | Access Type | Add, Delete, Get, Replace | | Default Value | 0 | - + - + **Allowed values**: | Value | Description | |:--|:--| | 0 (Default) | Disabled. | | 1 | Enabled. | - + - + **Group policy mapping**: | Name | Value | |:--|:--| -| Name | ComplianceDeadline | -| Friendly Name | Specify deadlines for automatic updates and restarts | +| Name | ComplianceDeadlineForFU | +| Friendly Name | Specify deadline for automatic updates and restarts for feature update | | Element Name | Don't auto-restart until end of grace period. | | Location | Computer Configuration | | Path | Windows Components > Windows Update > Manage end user experience | | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | | ADMX File Name | WindowsUpdate.admx | - + - + - + - + + + +### ConfigureDeadlineNoAutoRebootForQualityUpdates + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates +``` + + + + +This policy lets you specify the number of days before quality updates are installed on devices automatically, and a grace period after which required restarts occur automatically. + +Set deadlines for quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they're offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users won't be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity. + +Set a grace period for quality updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations. + +You can set the device to delay restarting until both the deadline and grace period have expired. + +If you disable or don't configure this policy, devices will get updates and will restart according to the default schedule. + +This policy will override the following policies: + +1. Specify deadline before auto restart for update installation +1. Specify Engaged restart transition and notification schedule for updates. + +1. Always automatically restart at the scheduled time +1. Configure Automatic Updates. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Disabled. | +| 1 | Enabled. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | ComplianceDeadline | +| Friendly Name | Specify deadline for automatic updates and restarts for quality update | +| Element Name | Don't auto-restart until end of grace period. | +| Location | Computer Configuration | +| Path | Windows Components > Windows Update > Manage end user experience | +| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate | +| ADMX File Name | WindowsUpdate.admx | + + + + + + + ### ConfigureFeatureUpdateUninstallPeriod @@ -3647,6 +3556,68 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 ## Legacy Policies + +### AlwaysAutoRebootAtScheduledTimeMinutes + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes +``` + + + + + +- If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days. + +The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users. + +- If you disable or don't configure this policy, Windows Update won't alter its restart behavior. + +If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[15-180]` | +| Default Value | 15 | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | AlwaysAutoRebootAtScheduledTime | +| Friendly Name | Always automatically restart at the scheduled time | +| Element Name | work (minutes) | +| Location | Computer Configuration | +| Path | Windows Components > Windows Update > Legacy Policies | +| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU | +| ADMX File Name | WindowsUpdate.admx | + + + + + + + + ### AutoRestartDeadlinePeriodInDays diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index dc226ea336..68db80419e 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1,7 +1,7 @@ --- title: UserRights Policy CSP description: Learn more about the UserRights Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 01/18/2024 # Policy CSP - UserRights -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as Security Identifiers (SID) or strings. For more information, see [Well-known SID structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab). @@ -258,7 +256,7 @@ This user right allows a process to impersonate any user without authentication. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -359,7 +357,7 @@ This user right determines which users can log on to the computer. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -460,7 +458,7 @@ This user right determines which users can bypass file, directory, registry, and | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -567,7 +565,7 @@ This user right determines which users and groups can change the time and date o | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1027,7 +1025,7 @@ This security setting determines which service accounts are prevented from regis | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1076,7 +1074,7 @@ This security setting determines which accounts are prevented from being able to | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1336,7 +1334,7 @@ Assigning this user right to a user allows programs running on behalf of that us | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1543,7 +1541,7 @@ This user right determines which accounts can use a process to keep data in phys | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1592,7 +1590,7 @@ This security setting allows a user to be logged-on by means of a batch-queue fa | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1889,7 +1887,7 @@ This user right determines which users can use performance monitoring tools to m | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -1987,7 +1985,7 @@ This user right determines which users are allowed to shut down a computer from | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -2088,7 +2086,7 @@ This user right determines which users can bypass file, directory, registry, and | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md index 0b01461d1e..96d9296b8a 100644 --- a/windows/client-management/mdm/policy-csp-webthreatdefense.md +++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md @@ -1,7 +1,7 @@ --- title: WebThreatDefense Policy CSP description: Learn more about the WebThreatDefense Area in Policy CSP. -ms.date: 01/31/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 01/31/2024 # Policy CSP - WebThreatDefense -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - > [!NOTE] @@ -23,7 +21,7 @@ ms.date: 01/31/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 1d1a1691af..642e2df000 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 09/11/2024 +ms.date: 09/27/2024 --- @@ -21,7 +21,7 @@ ms.date: 09/11/2024 | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ❌ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -31,14 +31,12 @@ ms.date: 09/11/2024 - -This policy setting allows you to determine whether end users have the option to allow snapshots to be saved on their PCs. + +This policy setting allows you to control whether Windows saves snapshots of the screen and analyzes the user's activity on their device. -- If disabled, end users will have a choice to save snapshots of their screen on their PC and then use Recall to find things they've seen. +- If you enable this policy setting, Windows won't be able to save snapshots and users won't be able to search for or browse through their historical device activity using Recall. -- If the policy is enabled, end users won't be able to save snapshots on their PC. - -- If the policy isn't configured, end users may or may not be able to save snapshots on their PC-depending on other policy configurations. +- If you disable or don't configure this policy setting, Windows will save snapshots of the screen and users will be able to search for or browse through a timeline of their past activities using Recall. @@ -70,7 +68,12 @@ This policy setting allows you to determine whether end users have the option to | Name | Value | |:--|:--| | Name | DisableAIDataAnalysis | -| Path | WindowsAI > AT > WindowsComponents > WindowsAI | +| Friendly Name | Turn off Saving Snapshots for Windows | +| Location | User Configuration | +| Path | Windows Components > Windows AI | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI | +| Registry Value Name | DisableAIDataAnalysis | +| ADMX File Name | WindowsCopilot.admx | @@ -203,6 +206,58 @@ This policy setting allows you to control whether Image Creator functionality is + +## SetCopilotHardwareKey + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ❌ Device
          ✅ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```User +./User/Vendor/MSFT/Policy/Config/WindowsAI/SetCopilotHardwareKey +``` + + + + +This policy setting determines which app opens when the user presses the Copilot key on their keyboard. + +- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings. + +- If the policy isn't configured, Copilot will open if it's available in that country or region. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | SetCopilotHardwareKey | +| Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot | + + + + + + + + ## TurnOffWindowsCopilot diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index d9c4d40da1..c7a7fe256c 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -1,7 +1,7 @@ --- title: WindowsLogon Policy CSP description: Learn more about the WindowsLogon Area in Policy CSP. -ms.date: 04/10/2024 +ms.date: 09/27/2024 --- @@ -380,11 +380,11 @@ This policy setting allows you to control whether users see the first sign-in an -This policy controls the configuration under which winlogon sends MPR notifications in the system. +This policy controls whether the user's password is included in the content of MPR notifications sent by winlogon in the system. -- If you enable this setting or don't configure it, winlogon sends MPR notifications if a credential manager is configured. +- If you disable this setting or don't configure it, winlogon sends MPR notifications with empty password fields of the user's authentication info. -- If you disable this setting, winlogon doesn't send MPR notifications. +- If you enable this setting, winlogon sends MPR notifications containing the user's password in the authentication info. @@ -415,7 +415,7 @@ This policy controls the configuration under which winlogon sends MPR notificati | Name | Value | |:--|:--| | Name | EnableMPRNotifications | -| Friendly Name | Enable MPR notifications for the system | +| Friendly Name | Configure the transmission of the user's password in the content of MPR notifications sent by winlogon. | | Location | Computer Configuration | | Path | Windows Components > Windows Logon Options | | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System | diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index ffa94e847a..a22172669f 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -1,7 +1,7 @@ --- title: WindowsSandbox Policy CSP description: Learn more about the WindowsSandbox Area in Policy CSP. -ms.date: 01/18/2024 +ms.date: 09/27/2024 --- @@ -9,8 +9,6 @@ ms.date: 01/18/2024 # Policy CSP - WindowsSandbox -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -149,7 +147,7 @@ This policy setting enables or disables clipboard sharing with the sandbox. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -159,8 +157,18 @@ This policy setting enables or disables clipboard sharing with the sandbox. - -Allow mapping folders into Windows Sandbox. + +This policy setting enables or disables mapping folders into sandbox. + +- If you enable this policy setting, mapping folders from the host into Sandbox will be permitted. + +- If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files. + +- If you disable this policy setting, mapping folders from the host into Sandbox won't be permitted. + +- If you don't configure this policy setting, mapped folders will be enabled. + +Note that there may be security implications of exposing folders from the host into the container. @@ -184,7 +192,12 @@ Allow mapping folders into Windows Sandbox. | Name | Value | |:--|:--| | Name | AllowMappedFolders | -| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat | +| Friendly Name | Allow mapping folders into Windows Sandbox | +| Location | Computer Configuration | +| Path | Windows Components > Windows Sandbox | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox | +| Registry Value Name | AllowMappedFolders | +| ADMX File Name | WindowsSandbox.admx | @@ -457,7 +470,7 @@ Note that there may be security implications of exposing host video input to the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
          ❌ User | ✅ Pro
          ✅ Enterprise
          ✅ Education
          ✅ Windows SE
          ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later | @@ -467,8 +480,18 @@ Note that there may be security implications of exposing host video input to the - -Allow Sandbox to write to mapped folders. + +This policy setting enables or disables mapping folders into sandbox. + +- If you enable this policy setting, mapping folders from the host into Sandbox will be permitted. + +- If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files. + +- If you disable this policy setting, mapping folders from the host into Sandbox won't be permitted. + +- If you don't configure this policy setting, mapped folders will be enabled. + +Note that there may be security implications of exposing folders from the host into the container. @@ -492,8 +515,13 @@ Allow Sandbox to write to mapped folders. | Name | Value | |:--|:--| -| Name | AllowWriteToMappedFolders | -| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat | +| Name | AllowMappedFolders | +| Friendly Name | Allow mapping folders into Windows Sandbox | +| Location | Computer Configuration | +| Path | Windows Components > Windows Sandbox | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox | +| Registry Value Name | AllowMappedFolders | +| ADMX File Name | WindowsSandbox.admx | diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index eba37a1745..3011ad91da 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -48,12 +48,12 @@ items: - name: Protocol expanded: true items: - - name: Overview - href: ../declared-configuration.md - - name: Discovery - href: ../declared-configuration-discovery.md - - name: Enrollment - href: ../declared-configuration-enrollment.md + - name: Overview + href: ../declared-configuration.md + - name: Discovery + href: ../declared-configuration-discovery.md + - name: Enrollment + href: ../declared-configuration-enrollment.md - name: Extensibility href: ../declared-configuration-extensibility.md - name: Resource access @@ -387,7 +387,7 @@ items: href: policy-csp-authentication.md - name: Autoplay href: policy-csp-autoplay.md - - name: BitLocker + - name: Bitlocker href: policy-csp-bitlocker.md - name: BITS href: policy-csp-bits.md @@ -537,6 +537,8 @@ items: href: policy-csp-settingssync.md - name: SmartScreen href: policy-csp-smartscreen.md + - name: SpeakForMe + href: policy-csp-speakforme.md - name: Speech href: policy-csp-speech.md - name: Start From 96c05f67527a3d09786ea7d22df98ee7c9a6c221 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:50:15 -0600 Subject: [PATCH 114/164] Fix link --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index c0c0fd2588..826ef1ac3b 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -137,7 +137,6 @@ ms.date: 02/03/2023 - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#configuredeadlineforfeatureupdates) 11 - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#configuredeadlineforqualityupdates) 11 - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#configuredeadlinegraceperiod) 11 -- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#configuredeadlinenoautoreboot) 11 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#deferfeatureupdatesperiodindays) - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#deferqualityupdatesperiodindays) - [Update/ManagePreviewBuilds](policy-csp-update.md#managepreviewbuilds) From 47fbcbae93ed2dbb0b399a9f5ab0e648aff057dc Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:15:31 -0700 Subject: [PATCH 115/164] fix link in dep page --- windows/whats-new/deprecated-features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 5e62d5b170..a12c5b5eb4 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 09/11/2024 +ms.date: 10/01/2024 ms.service: windows-client ms.subservice: itpro-fundamentals ms.localizationpriority: medium @@ -57,7 +57,7 @@ The features in this article are no longer being actively developed, and might b | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits | Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows.

          TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024| | Test Base | [Test Base for Microsoft 365](/microsoft-365/test-base/overview), an Azure cloud service for application testing, is deprecated. The service will be retired in the future and will be no longer available for use after retirement. | March 2024 | | Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in Windows 11, version 24H2. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality), and Steam VR Beta. Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11, version 23H2. After November 2026, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates.

          This deprecation doesn't affect HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 | -| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities.

          **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated Windows Store app will not be available after May 2024. This affects the following browsers: *Application Guard Extension - Chrome* and *Application Guard Extension - Firefox*. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). | December 2023 | +| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). To learn more about Edge for Business security capabilities, see [Microsoft Edge security for your business](/deployedge/ms-edge-security-for-business).

          **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated Windows Store app will not be available after May 2024. This affects the following browsers: *Application Guard Extension - Chrome* and *Application Guard Extension - Firefox*. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). | December 2023 | | Legacy console mode | The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 | | Windows speech recognition | [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is deprecated and is no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 | | Microsoft Defender Application Guard for Office | [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated and will no longer be updated. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac). | November 2023 | From 34f8e42e7382a50be87c7ff55abb6e02f706b2c2 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:39:40 -0700 Subject: [PATCH 116/164] edit --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index c43882268c..d19bb328cb 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -24,7 +24,7 @@ This article lists some of the new and updated features and content that is of i Windows 11 Enterprise LTSC 2024 builds on Windows 10 Enterprise LTSC 2021, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. -The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements provided in Windows 11 versions 21H2, 22H2, 23H2, and 24H2. Details about these enhancements are provided below. +The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements provided in Windows 11 versions 21H2, 22H2, 23H2, and 24H2. Details about these enhancements are provided below. ## Lifecycle From 89e6a8f4bdca8bc5b9927921e574116a5ad8f5b5 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:46:29 -0700 Subject: [PATCH 117/164] edit index file --- windows/whats-new/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index 26ab9092d6..9d6a27a7f2 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -61,7 +61,7 @@ landingContent: linkLists: - linkListType: whats-new links: - - text: Windows 10 Enterprise LTSC overview + - text: Windows Enterprise LTSC overview url: ltsc/overview.md - text: What's new in Windows 11 Enterprise LTSC 2024 url: ltsc/whats-new-windows-11-2024.md From cefe7d5bc79a1690b79fec36fbbf9c549964902c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:13:47 -0700 Subject: [PATCH 118/164] syntax-fix-24h2 --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 16811bf7b8..795ddf0bd1 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -31,7 +31,7 @@ Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/ Devices must be running Windows 11, version 23H2 or 22H2 with the May 2024 nonsecurity preview update, or a later update, installed in order to update to version 24H2. Windows 11, version 24H2 is a full OS swap so it isn't available as an enablement package. Windows 10 devices can be upgraded to to Windows 11, version 24H2 using the same familiar processes, policies, and management solutions you used to originally deploy Windows 10. -Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update]( https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). +Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update](https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install). To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/). From 9812283a89f496e50bf8419a154a35fad758a06d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:13:52 -0700 Subject: [PATCH 119/164] ltsc-edits --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index d19bb328cb..79052bca61 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -17,10 +17,6 @@ appliesto: This article lists some of the new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise long-term servicing channel (LTSC) 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). -> [!NOTE] -> Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are equivalent to Windows 11, version 24H2. -> -> The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools that are designed for the general availability channel release of Windows might be limited. Windows 11 Enterprise LTSC 2024 builds on Windows 10 Enterprise LTSC 2021, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. @@ -28,6 +24,8 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements ## Lifecycle +Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are similar to Windows 11, version 24H2.The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools, such as in-box apps and Microsoft Store, that are designed for the general availability channel release of Windows might be limited. + > [!IMPORTANT] > Windows 11 Enterprise LTSC 2024 has a 5 year lifecycle. ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-11-iot-enterprise-ltsc-2024)). Windows 11 Enterprise LTSC follows the [Fixed Lifecycle Policy](/lifecycle/policies/fixed). From 704a69e6849ed1cfb33716ffb927714940f59f6e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:40:20 -0700 Subject: [PATCH 120/164] ltsc-edits --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index 79052bca61..d00254802c 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -27,7 +27,7 @@ The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are similar to Windows 11, version 24H2.The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools, such as in-box apps and Microsoft Store, that are designed for the general availability channel release of Windows might be limited. > [!IMPORTANT] -> Windows 11 Enterprise LTSC 2024 has a 5 year lifecycle. ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-11-iot-enterprise-ltsc-2024)). Windows 11 Enterprise LTSC follows the [Fixed Lifecycle Policy](/lifecycle/policies/fixed). +> Windows 11 Enterprise LTSC 2024 has a 5 year lifecycle. ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-11-iot-enterprise-ltsc-2024)). Windows 11 Enterprise LTSC 2024 follows the [Fixed Lifecycle Policy](/lifecycle/policies/fixed). From 51fef6768d02afeb5e5e45c8836a60a440f1468b Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 27 Sep 2024 14:16:32 -0700 Subject: [PATCH 121/164] refresh for maxado-8631996 --- windows/application-management/index.yml | 2 +- .../application-management/per-user-services-in-windows.md | 4 ++-- windows/application-management/sideload-apps-in-windows.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml index ae406114d7..2fe6bc1844 100644 --- a/windows/application-management/index.yml +++ b/windows/application-management/index.yml @@ -9,7 +9,7 @@ metadata: author: aczechowski ms.author: aaroncz manager: aaroncz - ms.date: 06/28/2024 + ms.date: 09/27/2024 ms.topic: landing-page ms.service: windows-client ms.subservice: itpro-apps diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index 9e6cefb8ae..19044b7c4c 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -4,7 +4,7 @@ description: Learn about per-user services, how to change the template service s author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 12/22/2023 +ms.date: 10/01/2024 ms.topic: how-to ms.service: windows-client ms.subservice: itpro-apps @@ -99,7 +99,7 @@ $services = Get-Service foreach ( $service in $services ) { # For each specific service, check if the service type property includes the 64 bit using the bitwise AND operator (-band). # If the result equals the flag value, then the service is a per-user service. - if ( ( $service.ServiceType -band $flag ) -eq $flag ) { + if ( ( $service.ServiceType -band $flag ) -eq $flag ) { # When a per-user service is found, then add that service object to the results array. $serviceList += $service } diff --git a/windows/application-management/sideload-apps-in-windows.md b/windows/application-management/sideload-apps-in-windows.md index 3779938afc..8daf6b4e76 100644 --- a/windows/application-management/sideload-apps-in-windows.md +++ b/windows/application-management/sideload-apps-in-windows.md @@ -4,7 +4,7 @@ description: Learn how to sideload line-of-business (LOB) apps in Windows client author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 12/22/2023 +ms.date: 09/27/2024 ms.topic: how-to ms.service: windows-client ms.subservice: itpro-apps From afb3d175e9e750ff38815514e078039949a2a4ef Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 27 Sep 2024 14:23:02 -0700 Subject: [PATCH 122/164] update link for maxado-8631993 --- windows/hub/index.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 2fc576e11b..a7c884a207 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -15,7 +15,7 @@ metadata: author: aczechowski ms.author: aaroncz manager: aaroncz - ms.date: 08/27/2024 + ms.date: 10/01/2024 highlightedContent: # itemType: architecture | concept | deploy | download | get-started | how-to-guide | training | overview | quickstart | reference | sample | tutorial | video | whats-new @@ -73,7 +73,7 @@ conceptualContent: - title: Privacy in Windows links: - - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2 + - url: /windows/privacy/required-diagnostic-events-fields-windows-11-24h2 itemType: reference text: Windows 11 required diagnostic data - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization From 33b1ab7c0e993aecbfa41a0e63fc02b54968e54f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sat, 28 Sep 2024 09:39:46 -0700 Subject: [PATCH 123/164] ltsc-tw --- windows/whats-new/ltsc/whats-new-windows-11-2024.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md index d00254802c..3fbb4a3529 100644 --- a/windows/whats-new/ltsc/whats-new-windows-11-2024.md +++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md @@ -118,7 +118,6 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur | **Windows LAPS**
          Policy improvements
          [24H2][24H2]|   • Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy
            • Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase
            • Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number 0 and the letter O aren't used in the password since the characters can be confused.
            • Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. | | **Windows LAPS**
          Image rollback detection
          [24H2][24H2] | Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). | | **Windows protected print mode**
          [24H2][24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | -| **Windows protected print mode**
          [24H2][24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). | | **SMB signing requirement changes**
          [24H2][24H2] | [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). | | **SMB client encryption**
          [24H2][24H2] | SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). | | **SMB signing and encryption auditing**
          [24H2][24H2] | Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. | From 091fece54fc47bb54cdf4faef8cbf6adcadce25b Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sat, 28 Sep 2024 11:53:06 -0700 Subject: [PATCH 124/164] contentsource-8914508 --- windows/deployment/update/fod-and-lang-packs.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index 87d5304815..feaf6fb6c7 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -13,7 +13,7 @@ appliesto: - ✅ Windows 10 - ✅ Microsoft Configuration Manager - ✅ WSUS -ms.date: 04/22/2024 +ms.date: 10/01/2024 --- # How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager @@ -31,11 +31,13 @@ Due to these changes, the **Specify settings for optional component installation The introduction of the **Specify source service for specific classes of Windows Updates** ([SetPolicyDrivenUpdateSourceFor](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourceforfeatureupdates)) policy in Windows 10, version 2004 further complicated configuring settings for FoD and language pack content. -Starting in Windows 11, version 22H2, on-premises Unified Update Platform (UUP) updates were introduced. FoDs and language packs are available from WSUS again. It's no longer necessary to use the **Specify settings for optional component installation and component repair** policy for FoD and language pack content. +Starting in Windows 11, version 22H2, on-premises Unified Update Platform (UUP) updates were introduced. FoDs and language packs are available from WSUS again. It's no longer necessary to use the **Specify settings for optional component installation and component repair** policy for FoD and language pack content. This policy was modified starting in Windows 11, version 24H2 and the following options were removed: +- Never attempt to download payload from Windows Update +- Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS) ## Version specific information for Features on Demand and language packs -Windows 11, version 22H2, and later clients use on-premises Unified Update Platform (UUP) updates with WSUS and Microsoft Configuration Manager. These clients don't need to use **Specify settings for optional component installation and component repair** for FoDs and language packs since the content is available in WSUS due to on-premises UUP. +Windows 11, version 22H2, and later clients use on-premises Unified Update Platform (UUP) updates with WSUS and Microsoft Configuration Manager. These clients don't need to use **Specify settings for optional component installation and component repair** for FoDs and language packs since the content is available in WSUS due to on-premises UUP. For Windows 10, version 2004 through Windows 11, version 21H2, clients can't download FoDs or language packs when **Specify settings for optional component installation and component repair** is set to Windows Update and **Specify source service for specific classes of Windows Updates** ([SetPolicyDrivenUpdateSourceFor](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourceforfeatureupdates)) for either feature or quality updates is set to WSUS. If you need this content, you can set **Specify settings for optional component installation and component repair** to Windows Update and then either: - Change the source selection for feature and quality updates to Windows Update From 0cd90a87befa22f08318d011e44bbbf0ce7ffc80 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sat, 28 Sep 2024 12:17:53 -0700 Subject: [PATCH 125/164] contentsource-8914508 --- windows/deployment/update/fod-and-lang-packs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md index feaf6fb6c7..f9ece8c2d3 100644 --- a/windows/deployment/update/fod-and-lang-packs.md +++ b/windows/deployment/update/fod-and-lang-packs.md @@ -37,7 +37,7 @@ Starting in Windows 11, version 22H2, on-premises Unified Update Platform (UUP) ## Version specific information for Features on Demand and language packs -Windows 11, version 22H2, and later clients use on-premises Unified Update Platform (UUP) updates with WSUS and Microsoft Configuration Manager. These clients don't need to use **Specify settings for optional component installation and component repair** for FoDs and language packs since the content is available in WSUS due to on-premises UUP. +Windows 11, version 22H2, and later clients use on-premises Unified Update Platform (UUP) updates with WSUS and Microsoft Configuration Manager. These clients don't need to use **Specify settings for optional component installation and component repair** for FoDs and language packs since the content is available in WSUS due to on-premises UUP. The policy was modified starting in Windows 11, version 24H2 to remove the unneeded options. For Windows 10, version 2004 through Windows 11, version 21H2, clients can't download FoDs or language packs when **Specify settings for optional component installation and component repair** is set to Windows Update and **Specify source service for specific classes of Windows Updates** ([SetPolicyDrivenUpdateSourceFor](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourceforfeatureupdates)) for either feature or quality updates is set to WSUS. If you need this content, you can set **Specify settings for optional component installation and component repair** to Windows Update and then either: - Change the source selection for feature and quality updates to Windows Update From 7735ba838d1309d2f75b7b0b6850d1b80038f72c Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Mon, 30 Sep 2024 10:21:00 -0700 Subject: [PATCH 126/164] Updates for 1 October release --- ...ndows-diagnostic-events-and-fields-1809.md | 33 +- windows/privacy/index.yml | 2 +- ...iagnostic-events-fields-windows-11-22H2.md | 204 +- ...iagnostic-events-fields-windows-11-24H2.md | 4266 +++++++++++++++++ ...windows-11-diagnostic-events-and-fields.md | 48 +- ...-diagnostic-data-events-and-fields-2004.md | 57 +- windows/privacy/toc.yml | 2 + 7 files changed, 4417 insertions(+), 195 deletions(-) create mode 100644 windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 92ce858c06..da212c5802 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 04/24/2024 +ms.date: 10/01/2024 ms.topic: reference ms.collection: privacy-windows --- @@ -27,6 +27,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) @@ -903,7 +904,7 @@ The following fields are available: - **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? - **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? - **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden? +- **DriverBlockOverridden** Is there a driver block on the device that has been overridden? - **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? - **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? - **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? @@ -949,7 +950,6 @@ The following fields are available: - **DriverShouldNotMigrate** Should the driver package be migrated during upgrade? - **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? - ### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove This event indicates that the DecisionDriverPackage object represented by the objectInstanceId is no longer present. This event is used to make compatibility decisions about driver packages to help keep Windows up to date. @@ -1763,7 +1763,6 @@ The following fields are available: The SystemProcessorPopCntStartSync event indicates that a new set of SystemProcessorPopCntAdd events will be sent. This event is used to understand if the system supports the PopCnt CPU requirement for newer versions of Windows. - This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -2186,7 +2185,7 @@ The following fields are available: - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment. -- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. +- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier @@ -2626,7 +2625,7 @@ Fires when the compatibility check completes. Gives the results from the check. The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. -- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement). +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement). ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled @@ -4759,6 +4758,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. + ### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd This event retrieves information about what sensor interfaces are available on the device. The data collected with this event is used to keep Windows performing properly. @@ -5375,7 +5375,7 @@ This Ping event sends a detailed inventory of software and hardware information The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. - **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. @@ -5383,11 +5383,11 @@ The following fields are available: - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Please see the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. - **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. @@ -5398,8 +5398,8 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. @@ -5409,9 +5409,9 @@ The following fields are available: - **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **eventType** A string indicating the type of the event. - **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'. @@ -9069,7 +9069,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours -This event indicates that update activity was blocked because it is within the active hours window. The data collected with this event is used to help keep Windows secure and up to date. +This event indicates that update activity was blocked because it's within the active hours window. The data collected with this event is used to help keep Windows secure and up to date. The following fields are available: @@ -10231,7 +10231,4 @@ The following fields are available: - **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc). - **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license. - **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application. -- **UserId** The XUID (Xbox User ID) of the current user. - - - +- **UserId** The XUID (Xbox User ID) of the current user. \ No newline at end of file diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml index f06366e02f..3f854c689e 100644 --- a/windows/privacy/index.yml +++ b/windows/privacy/index.yml @@ -39,7 +39,7 @@ productDirectory: - title: Windows 11 required diagnostic data imageSrc: /media/common/i_extend.svg summary: Learn more about basic Windows diagnostic data events and fields collected. - url: required-diagnostic-events-fields-windows-11-22H2.md + url: required-diagnostic-events-fields-windows-11-24H2.md - title: Windows 10 required diagnostic data imageSrc: /media/common/i_build.svg summary: See what changes Windows is making to align to the new data collection taxonomy diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md index 97d13f6d72..446a29e39a 100644 --- a/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md @@ -8,7 +8,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 02/29/2024 +ms.date: 10/01/2024 ms.topic: reference ms.collection: privacy-windows --- @@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) @@ -128,6 +129,7 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser binary generating the events. + ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date. @@ -780,6 +782,7 @@ The following fields are available: - **AppraiserVersion** Appraiser version. + ### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date. @@ -1309,7 +1312,6 @@ The following fields are available: - **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. - **xid** A list of base10-encoded XBOX User IDs. - ## Common data fields ### Ms.Device.DeviceInventoryChange @@ -1725,7 +1727,7 @@ The following fields are available: ### Microsoft.Windows.HangReporting.AppHangEvent -This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events. +This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and won't produce AppHang events. The following fields are available: @@ -1751,31 +1753,6 @@ The following fields are available: ## Holographic events -### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered - -This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. - -The following fields are available: - -- **SessionID** Unique value for each attempt. -- **TargetAsId** The sequence number for the process. -- **windowInstanceId** Unique value for each window instance. - - -### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave - -This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. - -The following fields are available: - -- **EventHistory** Unique number of event history. -- **ExternalComponentState** State of external component. -- **LastEvent** Unique number of last event. -- **SessionID** Unique value for each attempt. -- **TargetAsId** The sequence number for the process. -- **windowInstanceId** Unique value for each window instance. - - ### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly. @@ -2247,6 +2224,22 @@ The following fields are available: - **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. +### Microsoft.Edge.Crashpad.HangEvent + +This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang. + +The following fields are available: + +- **app_name** The name of the hanging process. +- **app_session_guid** Encodes the boot session, process, and process start time. +- **app_version** The version of the hanging process. +- **client_id_hash** Hash of the browser client id to help identify the installation. +- **etag** Identifier to help identify running browser experiments. +- **hang_source** Identifies how the hang was detected. +- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc. +- **stack_hash** A hash of the hanging stack. Currently not used or set to zero. + + ## OneSettings events ### Microsoft.Windows.OneSettingsClient.Status @@ -2273,105 +2266,29 @@ The following fields are available: ## Other events -### Microsoft.Edge.Crashpad.HangEvent +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered -This event sends simple Product and Service Performance data on a hanging/frozen Microsoft Edge browser process to help mitigate future instances of the hang. +This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **app_name** The name of the hanging process. -- **app_session_guid** Encodes the boot session, process, and process start time. -- **app_version** The version of the hanging process. -- **client_id_hash** Hash of the browser client id to help identify the installation. -- **etag** Identifier to help identify running browser experiments. -- **hang_source** Identifies how the hang was detected. -- **process_type** The type of the hanging browser process, for example, gpu-process, renderer, etc. -- **stack_hash** A hash of the hanging stack. Currently not used or set to zero. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. -### Microsoft.Gaming.Critical.Error +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave -Common error event used by the Gaming Telemetry Library to provide centralized monitoring for critical errors logged by callers using the library. +This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. The following fields are available: -- **callStack** List of active subroutines running during error occurrence. -- **componentName** Friendly name meant to represent what feature area this error should be attributed to. Used for aggregations and pivots of data. -- **customAttributes** List of custom attributes. -- **errorCode** Error code. -- **extendedData** JSON blob representing additional, provider-level properties common to the component. -- **featureName** Friendly name meant to represent which feature this should be attributed to. -- **identifier** Error identifier. -- **message** Error message. -- **properties** List of properties attributed to the error. - -### Microsoft.Gaming.Critical.ProviderRegistered - -Indicates that a telemetry provider has been registered with the Gaming Telemetry Library. - -The following fields are available: - -- **providerNamespace** The telemetry Namespace for the registered provider. - -### Microsoft.Gaming.OOBE.HDDBackup - -This event describes whether an External HDD back up has been found. - -The following fields are available: - -- **backupVersion** version number of backup. -- **extendedData** JSON blob representing additional, provider-level properties common to the component. -- **hasConsoleSettings** Indicates whether the console settings stored. -- **hasUserSettings** Indicates whether the user settings stored. -- **hasWirelessProfile** Indicates whether the wireless profile stored. -- **hddBackupFound** Indicates whether hdd backup is found. -- **osVersion** Operating system version. - -### Microsoft.Gaming.OOBE.OobeComplete - -This event is triggered when OOBE activation is complete. - -The following fields are available: - -- **allowAutoUpdate** Allows auto update. -- **allowAutoUpdateApps** Allows auto update for apps. -- **appliedTransferToken** Applied transfer token. -- **connectionType** Connection type. -- **curSessionId** Current session id. -- **extendedData** JSON blob representing additional, provider-level properties common to the component. -- **instantOn** Instant on. -- **moobeAcceptedState** Moobe accepted state. -- **phaseOneElapsedTimeMs** Total elapsed time in milliseconds for phase 1. -- **phaseOneVersion** Version of phase 1. -- **phaseTwoElapsedTimeMs** Total elapsed time in milliseconds for phase 2. -- **phaseTwoVersion** Version of phase 2. -- **systemUpdateRequired** Indicates whether a system update required. -- **totalElapsedTimeMs** Total elapsed time in milliseconds of all phases. -- **usedCloudBackup** Indicates whether cloud backup is used. -- **usedHDDBackup** Indicates whether HDD backup is used. -- **usedOffConsole** Indicates whether off console is used. - - -### Microsoft.Gaming.OOBE.SessionStarted - -This event is sent at the start of OOBE session. - -The following fields are available: - -- **customAttributes** customAttributes. -- **extendedData** extendedData. - -### Microsoft.Surface.Mcu.Prod.CriticalLog - -Error information from Surface device firmware. - -The following fields are available: - -- **CrashLog** MCU crash log -- **criticalLogSize** Log size -- **CUtility::GetTargetNameA(target)** Product identifier. -- **productId** Product identifier -- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure. +- **EventHistory** Unique number of event history. +- **ExternalComponentState** State of external component. +- **LastEvent** Unique number of last event. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. ### Microsoft.Windows.Defender.Engine.Maps.Heartbeat @@ -2409,6 +2326,7 @@ The following fields are available: - **Action** Action string indicating place of failure - **hr** Return HRESULT code + ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted Event that indicates secure boot update has started. @@ -2419,22 +2337,6 @@ The following fields are available: - **SecureBootUpdateCaller** Enum value indicating if this is a servicing or an upgrade. -### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState - -This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date. - -The following fields are available: - -- **CV** The correlation vector. -- **GlobalEventCounter** The global event counter for all telemetry on the device. -- **UpdateAssistantStateDownloading** True at the start Downloading. -- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication. -- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates. -- **UpdateAssistantStateInstalling** True at the start of Installing. -- **UpdateAssistantStatePostInstall** True at the start of PostInstall. -- **UpdateAssistantVersion** Current package version of UpdateAssistant. - - ### MicrosoftWindowsCodeIntegrityTraceLoggingProvider.CodeIntegrityHvciSysprepHvciAlreadyEnabled This event fires when HVCI is already enabled so no need to continue auto-enablement. @@ -2670,6 +2572,19 @@ The following fields are available: - **Ver** Schema version. +### Microsoft.Surface.Mcu.Prod.CriticalLog + +Error information from Surface device firmware. + +The following fields are available: + +- **CrashLog** MCU crash log +- **criticalLogSize** Log size +- **CUtility::GetTargetNameA(target)** Product identifier. +- **productId** Product identifier +- **uniqueId** Correlation ID that can be used with Watson to get more details about the failure. + + ### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2 This event sends reason for SAM, PCH and SoC reset. The data collected with this event is used to keep Windows performing properly. @@ -2710,6 +2625,24 @@ The following fields are available: - **UpdateAttempted** Indicates if installation of the current update has been attempted before. +## Update Assistant events + +### Microsoft.Windows.UpdateAssistantApp.UpdateAssistantStartState + +This event marks the start of an Update Assistant State. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **CV** The correlation vector. +- **GlobalEventCounter** The global event counter for all telemetry on the device. +- **UpdateAssistantStateDownloading** True at the start Downloading. +- **UpdateAssistantStateInitializingApplication** True at the start of the state InitializingApplication. +- **UpdateAssistantStateInitializingStates** True at the start of InitializingStates. +- **UpdateAssistantStateInstalling** True at the start of Installing. +- **UpdateAssistantStatePostInstall** True at the start of PostInstall. +- **UpdateAssistantVersion** Current package version of UpdateAssistant. + + ## Update events ### Update360Telemetry.FellBackToDownloadingAllPackageFiles @@ -3574,7 +3507,7 @@ The following fields are available: - **flightMetadata** Contains the FlightId and the build being flighted. - **objectId** Unique value for each Update Agent mode. - **relatedCV** Correlation vector value generated from the latest USO scan. -- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCancelled. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. - **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). - **sessionId** Unique value for each Update Agent mode attempt. @@ -3758,6 +3691,3 @@ The following fields are available: - **SessionId** The UpdateAgent “SessionId” value. - **UpdateId** Unique identifier for the Update. - **WuId** Unique identifier for the Windows Update client. - - - diff --git a/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md new file mode 100644 index 0000000000..cf3ffdba05 --- /dev/null +++ b/windows/privacy/required-diagnostic-events-fields-windows-11-24H2.md @@ -0,0 +1,4266 @@ +--- +description: Learn more about the diagnostic data gathered for Windows 11, version 24H2. +title: Required diagnostic events and fields for Windows 11, version 24H2 +keywords: privacy, telemetry +ms.service: windows-client +ms.subservice: itpro-privacy +ms.localizationpriority: high +author: DHB-MSFT +ms.author: danbrown +manager: laurawi +ms.date: 10/01/2024 +ms.topic: reference +ms.collection: privacy-windows +--- + +# Required diagnostic events and fields for Windows 11, version 24H2 + +**Applies to** + +- Windows 11, version 24H2 + +Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. + +Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. + +Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. + +You can learn more about Windows functional and diagnostic data through these articles: + +- [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) +- [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) +- [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) +- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) +- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) + + +## Appraiser events + +### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount + +This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **DatasourceApplicationFile_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_NI22H2** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceApplicationFile_RS1** The total number of objects of this type present on this device. +- **DatasourceApplicationFile_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFileBackup** The count of the number of this particular object type present on this device. +- **DatasourceBackupApplicationRestore** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_20H1Setup** The total number of objects of this type present on this device. +- **DatasourceDevicePnp_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_NI22H2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DatasourceDevicePnp_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_20H1Setup** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_NI22H2** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_RS1** The total number of objects of this type present on this device. +- **DatasourceDriverPackage_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_NI22H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoBlock_RS1** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoBlock_ZN23H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_NI22H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPassive_RS1** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPassive_ZN23H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_NI22H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total number of objects of this type present on this device. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_20H1Setup** The total number of objects of this type present on this device. +- **DatasourceSystemBios_CO21H2Setup** The total number of objects of this type present on this device. +- **DatasourceSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_NI22H2** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_NI22H2Setup** The total number of objects of this type present on this device. +- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DatasourceSystemBios_ZN23H2** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionApplicationFile_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionApplicationFile_RS1** The total number of objects of this type present on this device. +- **DecisionApplicationFile_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_20H1Setup** The total number of objects of this type present on this device. +- **DecisionDevicePnp_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionDevicePnp_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionDevicePnp_RS1** The total number of objects of this type present on this device. +- **DecisionDevicePnp_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_20H1Setup** The total number of objects of this type present on this device. +- **DecisionDriverPackage_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionDriverPackage_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionDriverPackage_RS1** The total number of objects of this type present on this device. +- **DecisionDriverPackage_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoBlock_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoBlock_RS1** The total number of objects of this type present on this device. +- **DecisionMatchingInfoBlock_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPassive_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPassive_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPostUpgrade_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionMediaCenter_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionMediaCenter_RS1** The total number of objects of this type present on this device. +- **DecisionMediaCenter_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSModeState_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSModeState_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSModeState_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionSModeState_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSModeState_RS1** The total number of objects of this type present on this device. +- **DecisionSModeState_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSModeState_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSModeState_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_20H1Setup** The total number of objects of this type present on this device. +- **DecisionSystemBios_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemBios_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemBios_RS1** The total number of objects of this type present on this device. +- **DecisionSystemBios_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemDiskSize_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemDiskSize_RS1** The total number of objects of this type present on this device. +- **DecisionSystemDiskSize_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemDiskSize_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemMemory_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemMemory_RS1** The total number of objects of this type present on this device. +- **DecisionSystemMemory_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemMemory_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuCores_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuCores_RS1** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuCores_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuCores_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuModel_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuModel_RS1** The total number of objects of this type present on this device. +- **DecisionSystemProcessorCpuModel_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuModel_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessorCpuSpeed_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionSystemProcessorPopCnt** The count of the number of this particular object type present on this device. +- **DecisionTest_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionTest_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionTest_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionTest_RS1** The total number of objects of this type present on this device. +- **DecisionTest_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionTest_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionTest_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionTpmVersion_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionTpmVersion_RS1** The total number of objects of this type present on this device. +- **DecisionTpmVersion_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionTpmVersion_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_CO21H2Setup** The total number of objects of this type present on this device. +- **DecisionUefiSecureBoot_CU23H2Setup** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_NI22H2** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_NI22H2Setup** The total number of objects of this type present on this device. +- **DecisionUefiSecureBoot_RS1** The total number of objects of this type present on this device. +- **DecisionUefiSecureBoot_ZN23H2** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **DecisionUefiSecureBoot_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **InventoryApplicationFile** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryMediaCenter** The count of the number of this particular object type present on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **InventoryTest** The count of the number of this particular object type present on this device. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **PCFP** The count of the number of this particular object type present on this device. +- **SystemMemory** The count of the number of this particular object type present on this device. +- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. +- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPopCnt** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_NI22H2** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_RS1** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_ZN23H2** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **SystemProcessorPopCnt_ZN23H2Setup** The count of the number of this particular object type present on this device. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. +- **SystemProcessorSse2** The total number of objects of this type present on this device. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The total number of objects of this type present on this device. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWlan** The total number of objects of this type present on this device. +- **Wmdrm_CO21H2Setup** The total number of objects of this type present on this device. +- **Wmdrm_CU23H2Setup** The count of the number of this particular object type present on this device. +- **Wmdrm_NI22H2** The count of the number of this particular object type present on this device. +- **Wmdrm_NI22H2Setup** The total number of objects of this type present on this device. +- **Wmdrm_RS1** The total number of objects of this type present on this device. +- **Wmdrm_ZN23H2** The count of the number of this particular object type present on this device. +- **Wmdrm_ZN23H2Exp** The count of the number of this particular object type present on this device. +- **Wmdrm_ZN23H2Setup** The count of the number of this particular object type present on this device. + + +### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove + +This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreAdd + +Represents the basic metadata about the interesting backed up applications to be restored on the system. This event describes whether the backed up applications are incompatible with upcoming Windows Feature updates. Microsoft uses this information to understand and address problems with computers receiving updates. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file that is generating the events. +- **BackupLabel** Indicates compatibility information about the application found on the backup device. +- **CatalogSource** The type of application. +- **CreatePlaceholder** Represents the decision regarding if the application should be restored. +- **Name** Name of the application. +- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it. +- **SdbEntryGuid** Indicates the SDB entry that applies to this file. +- **SdbRestoreAction** Indicates compatibility information about the application found on the backup device. + +### Microsoft.Windows.Appraiser.General.DatasourceBackupApplicationRestoreStartSync + +This event indicates that a new set of DatasourceBackupApplicationRestoreAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser binary generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove + +This event indicates that the DataSourceMatchingInfoPassive object is no longer present. The data collected with this event is used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync + +This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. This event is used to make compatibility decisions about files to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd + +This event sends compatibility decision data about non-blocking entries on the system that aren't keyed by either applications or devices, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks? +- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks. +- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade? + + +### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync + +This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. The data collected with this event is used to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.RestoreContext + +This event indicates the result of the restore appraisal. + +The following fields are available: + +- **AppraiserBranch** The source branch in which the currently-running version of appraiser was built. +- **AppraiserVersion** The version of the appraiser binary generating the events. +- **Context** Indicates what mode appraiser is running in, this should be Restore. +- **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **Result** HRESULT indicating the result of the restore appraisal. +- **Time** The client time of the event. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntAdd + +This event sends data indicating whether the system supports the PopCnt CPU requirement for newer versions of Windows, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** Appraiser version +- **Blocking** Is the upgrade blocked due to the processor missing the PopCnt instruction? +- **PopCntPassed** Whether the machine passes the latest OS hardware requirements or not for the PopCnt instruction. + + +### Microsoft.Windows.Appraiser.General.SystemProcessorPopCntStartSync + +The SystemProcessorPopCntStartSync event indicates that a new set of SystemProcessorPopCntAdd events will be sent. This event is used to understand if the system supports the PopCnt CPU requirement for newer versions of Windows. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** Appraiser version. + + +## Census events + +### Census.Xbox + +This event sends data about the Xbox Console, such as Serial Number and DeviceId, to help keep Windows up to date. + +The following fields are available: + +- **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console. +- **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console. +- **XboxLiveDeviceId** Retrieves the unique device ID of the console. +- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft. + +## Code Integrity events + +### Microsoft.Windows.Security.CodeIntegrity.Driver.AggregatedBlock + +AggregatedBlock is an event with non-PII details on drivers blocked by code integrity. Fires no more than once per 25 days per driver. + +The following fields are available: + +- **CertificateInfo** Non-PII details about the digital signature(s) and digital countersignatures on driver binary files which was blocked from loading. +- **DriverInfo** Non-PII details about the driver binary file and its digital signature(s) and digital countersignature. +- **EventVersion** The version of the schema used in the DriverInfo field. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.AutoEnablementIsBlocked + +Indicates if OEM attempted to block autoenablement via regkey. + +The following fields are available: + +- **BlockHvciAutoenablement** True if auto-enablement was successfully blocked, false otherwise. +- **BlockRequested** Whether an autoenablement block was requested. +- **Scenario** Used to differentiate VBS and HVCI paths. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Compatibility + +Fires when the compatibility check completes. Gives the results from the check. + +The following fields are available: + +- **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement) +- **Scenario** Denotes whether SysPrep is attempting to enable HVCI (0) or VBS (1). + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled + +Fires when auto-enablement is successful and HVCI is being enabled on the device. + +The following fields are available: + +- **Error** Error code if there was an issue during enablement +- **Scenario** Indicates whether enablement was for VBS vs HVCI +- **SuccessfullyEnabled** Indicates whether enablement was successful +- **Upgrade** Indicates whether the event was fired during upgrade (rather than clean install) + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HVCIActivity + +Fires at the beginning and end of the HVCI auto-enablement process in sysprep. + +The following fields are available: + +- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating success or failure. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled + +Fires when HVCI is already enabled so no need to continue auto-enablement. + + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed + +Fires when driver scanning fails to get results. + + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverInSdbError + +Fires when there's an error checking the SDB for a particular driver. + +The following fields are available: + +- **DriverPath** Path to the driver that was being checked in the SDB when checking encountered an error. +- **Error** Error encountered during checking the SDB. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanningDriverNonCompliantError + +Fires when a driver is discovered that is non-compliant with HVCI. + +The following fields are available: + +- **DriverPath** Path to driver. +- **NonComplianceMask** Error code indicating driver violation. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.IsRegionDisabledLanguage + +Fires when an incompatible language pack is detected. + +The following fields are available: + +- **Language** String containing the incompatible language pack detected. + + +### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.KcetHvciDisabled + +This event indicates that kernel-mode Control-flow Enforcement Technology (CET), which is a CPU-based security feature that protects against return address hijacking attacks from malicious software, was unable to be enabled because HVCI (a dependent security feature) wasn't also enabled. + + +### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOff + +This event tracks when Defender turns off Smart App Control via the Cloud. + + +### Microsoft.Windows.Security.CodeIntegrity.State.DefenderSwitchedNWOffIgnored + +This event indicates that a request to switch Smart App Control off by Defender from the cloud was ignored as the device was still within the grace period after OOBE. + +The following fields are available: + +- **Count** Count of events in the aggregation window. +- **CurrentTimeMax** Time of latest event. +- **CurrentTimeMin** Time of first event. +- **NightsWatchDesktopIgnoreAutoOptOut** Value of NightsWatchDesktopIgnoreAutoOptOut in registry. +- **OOBECompleteTime** Value of OOBECompleteTime in registry. +- **OOBESafetyTime** Start of timer set by Smart App Control if OOBECompleteTime wasn't set. + + +### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWOff + +This event tracks when Smart App Control is turned off. + + +### Microsoft.Windows.Security.CodeIntegrity.State.SwitchedNWToEnforcementMode + +This event tracks when Smart App Control is changed from evaluation to enforcement mode. + + + +## Common data extensions + +### Common Data Extensions.app + +Describes the properties of the running application. This extension could be populated by a client app or a web app. + +The following fields are available: + +- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. +- **env** The environment from which the event was logged. +- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. +- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. +- **locale** The locale of the app. +- **name** The name of the app. +- **userId** The userID as known by the application. +- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. + + +### Common Data Extensions.container + +Describes the properties of the container for events logged within a container. + +The following fields are available: + +- **epoch** An ID that's incremented for each SDK initialization. +- **localId** The device ID as known by the client. +- **osVer** The operating system version. +- **seq** An ID that's incremented for each event. +- **type** The container type. Examples: Process or VMHost + + +### Common Data Extensions.device + +Describes the device-related fields. + +The following fields are available: + +- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. +- **localId** A locally-defined unique ID for the device. This isn't the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId +- **make** Device manufacturer. +- **model** Device model. + + +### Common Data Extensions.Envelope + +Represents an envelope that contains all of the common data extensions. + +The following fields are available: + +- **data** Represents the optional unique diagnostic data for a particular event schema. +- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). +- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). +- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv). +- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). +- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). +- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). +- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). +- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). +- **iKey** Represents an ID for applications or other logical groupings of events. +- **name** Represents the uniquely qualified name for the event. +- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.mscv + +Describes the correlation vector-related fields. + +The following fields are available: + +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries. + + +### Common Data Extensions.os + +Describes some properties of the operating system. + +The following fields are available: + +- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. +- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. +- **locale** Represents the locale of the operating system. +- **name** Represents the operating system name. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.sdk + +Used by platform specific libraries to record fields that are required for a specific SDK. + +The following fields are available: + +- **epoch** An ID that is incremented for each SDK initialization. +- **installId** An ID that's created during the initialization of the SDK for the first time. +- **libVer** The SDK version. +- **seq** An ID that is incremented for each event. +- **ver** The version of the logging SDK. + + +### Common Data Extensions.user + +Describes the fields related to a user. + +The following fields are available: + +- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. +- **locale** The language and region. +- **localId** Represents a unique user identity that is created locally and added by the client. This isn't the user's account ID. + + +### Common Data Extensions.utc + +Describes the properties that could be populated by a logging library on Windows. + +The following fields are available: + +- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. +- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number +- **cat** Represents a bitmask of the ETW Keywords associated with the event. +- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. +- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **flags** Represents the bitmap that captures various Windows specific flags. +- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event. +- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence +- **op** Represents the ETW Op Code. +- **pgName** The short form of the provider group name associated with the event. +- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. +- **providerGuid** The ETW provider ID associated with the provider name. +- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It's an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. +- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. +- **wcmp** The Windows Shell Composer ID. +- **wPId** The Windows Core OS product ID. +- **wsId** The Windows Core OS session ID. + + +### Common Data Extensions.xbl + +Describes the fields that are related to XBOX Live. + +The following fields are available: + +- **claims** Any additional claims whose short claim name hasn't been added to this structure. +- **did** XBOX device ID +- **dty** XBOX device type +- **dvr** The version of the operating system on the device. +- **eid** A unique ID that represents the developer entity. +- **exp** Expiration time +- **ip** The IP address of the client device. +- **nbf** Not before time +- **pid** A comma separated list of PUIDs listed as base10 numbers. +- **sbx** XBOX sandbox identifier +- **sid** The service instance ID. +- **sty** The service type. +- **tid** The XBOX Live title ID. +- **tvr** The XBOX Live title version. +- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. +- **xid** A list of base10-encoded XBOX User IDs. + + +## Common data fields + +### Ms.Device.DeviceInventoryChange + +Describes the installation state for all hardware and software components available on a particular device. + +The following fields are available: + +- **action** The change that was invoked on a device inventory object. +- **inventoryId** Device ID used for Compatibility testing +- **objectInstanceId** Object identity which is unique within the device scope. +- **objectType** Indicates the object type that the event applies to. +- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. +- + +## Component-based servicing events + +### CbsServicingProvider.CbsCapabilityEnumeration + +This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date. + +The following fields are available: + +- **architecture** Indicates the scan was limited to the specified architecture. +- **capabilityCount** The number of optional content packages found during the scan. +- **clientId** The name of the application requesting the optional content. +- **duration** The amount of time it took to complete the scan. +- **hrStatus** The HReturn code of the scan. +- **language** Indicates the scan was limited to the specified language. +- **majorVersion** Indicates the scan was limited to the specified major version. +- **minorVersion** Indicates the scan was limited to the specified minor version. +- **namespace** Indicates the scan was limited to packages in the specified namespace. +- **sourceFilter** A bitmask indicating the scan checked for locally available optional content. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + + +### CbsServicingProvider.CbsCapabilitySessionFinalize + +This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **capabilities** The names of the optional content packages that were installed. +- **clientId** The name of the application requesting the optional content. +- **currentID** The ID of the current install session. +- **downloadSource** The source of the download. +- **highestState** The highest final install state of the optional content. +- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version. +- **hrStatus** The HReturn code of the install operation. +- **rebootCount** The number of reboots required to complete the install. +- **retryID** The session ID that will be used to retry a failed operation. +- **retryStatus** Indicates whether the install will be retried in the event of failure. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + + +### CbsServicingProvider.CbsCapabilitySessionPended + +This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date. + +The following fields are available: + +- **clientId** The name of the application requesting the optional content. +- **pendingDecision** Indicates the cause of reboot, if applicable. + + +### CbsServicingProvider.CbsFodInventory + +This event reports on the state of the current optional Windows content obtained from Windows Update. + +The following fields are available: + +- **capabilities** A bitmask with each position indicating if each type of optional Windows content is currently enabled. +- **initiatedOffline** A true or false value indicating if the inventory describes an offline WIM file. +- **stackBuild** The build number of the servicing stack. +- **stackMajorVersion** The major version number of the servicing stack. +- **stackMinorVersion** The minor version number of the servicing stack. +- **stackRevision** The revision number of the servicing stack. + +### CbsServicingProvider.CbsLateAcquisition + +This event sends data to indicate if some Operating System packages couldn't be updated as part of an upgrade, to help keep Windows up to date. + +The following fields are available: + +- **Features** The list of feature packages that couldn't be updated. +- **RetryID** The ID identifying the retry attempt to update the listed packages. + + +### CbsServicingProvider.CbsPackageRemoval + +This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build number of the security update being uninstalled. +- **clientId** The name of the application requesting the uninstall. +- **currentStateEnd** The final state of the update after the operation. +- **failureDetails** Information about the cause of a failure, if applicable. +- **failureSourceEnd** The stage during the uninstall where the failure occurred. +- **hrStatusEnd** The overall exit code of the operation. +- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image. +- **majorVersion** The major version number of the security update being uninstalled. +- **minorVersion** The minor version number of the security update being uninstalled. +- **originalState** The starting state of the update before the operation. +- **pendingDecision** Indicates the cause of reboot, if applicable. +- **primitiveExecutionContext** The state during system startup when the uninstall was completed. +- **revisionVersion** The revision number of the security update being uninstalled. +- **transactionCanceled** Indicates whether the uninstall was canceled. + + +### CbsServicingProvider.CbsPostponedReserveInstallDecision + +This event reports on the scheduling of installs for Windows cumulative security updates. + +The following fields are available: + +- **hardReserveSize** The size of the disk space reserve used to update Windows OS content. +- **hardReserveUsedSpace** The disk space currently in use in the reserve used to update Windows OS content. +- **postponed** A boolean indicating if updating processing has been delayed to shutdown due to low disk space. +- **userFreeSpace** The amount of free disk space available on the OS volume. +- **usingReserves** A boolean indicating whether disk space reserves are being used to install the update. + + +### CbsServicingProvider.CbsQualityUpdateInstall + +This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build version number of the update package. +- **clientId** The name of the application requesting the optional content. +- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device. +- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure. +- **currentStateEnd** The final state of the package after the operation has completed. +- **doqTimeSeconds** The time in seconds spent updating drivers. +- **executeTimeSeconds** The number of seconds required to execute the install. +- **failureDetails** The driver or installer that caused the update to fail. +- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred. +- **hrStatusEnd** The return code of the install operation. +- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file. +- **majorVersion** The major version number of the update package. +- **minorVersion** The minor version number of the update package. +- **originalState** The starting state of the package. +- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation. +- **planTimeSeconds** The time in seconds required to plan the update operations. +- **poqTimeSeconds** The time in seconds processing file and registry operations. +- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update. +- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot. +- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed. +- **rebootCount** The number of reboots required to install the update. +- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update. +- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update. +- **revisionVersion** The revision version number of the update package. +- **rptTimeSeconds** The time in seconds spent executing installer plugins. +- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update. +- **stackRevision** The revision number of the servicing stack. +- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update. + + +### CbsServicingProvider.CbsSelectableUpdateChangeV2 + +This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date. + +The following fields are available: + +- **applicableUpdateState** Indicates the highest applicable state of the optional content. +- **buildVersion** The build version of the package being installed. +- **clientId** The name of the application requesting the optional content change. +- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file. +- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file. +- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations. +- **executionSequence** A counter that tracks the number of servicing operations attempted on the device. +- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable. +- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable. +- **hrDownloadResult** The return code of the download operation. +- **hrStatusUpdate** The return code of the servicing operation. +- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled. +- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows. +- **majorVersion** The major version of the package being installed. +- **minorVersion** The minor version of the package being installed. +- **packageArchitecture** The architecture of the package being installed. +- **packageLanguage** The language of the package being installed. +- **packageName** The name of the package being installed. +- **rebootRequired** Indicates whether a reboot is required to complete the operation. +- **revisionVersion** The revision number of the package being installed. +- **stackBuild** The build number of the servicing stack binary performing the installation. +- **stackMajorVersion** The major version number of the servicing stack binary performing the installation. +- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation. +- **stackRevision** The revision number of the servicing stack binary performing the installation. +- **updateName** The name of the optional Windows Operation System feature being enabled or disabled. +- **updateStartState** A value indicating the state of the optional content before the operation started. +- **updateTargetState** A value indicating the desired state of the optional content. + + +### CbsServicingProvider.CbsUpdateDeferred + +This event reports the results of deferring Windows Content to keep Windows up to date. + + + +## Deployment events + +### Microsoft.Windows.Deployment.Imaging.AppExit + +This event is sent on imaging application exit. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **hr** HResult returned from app exit. +- **totalTimeInMs** Total time taken in Ms. + + +### Microsoft.Windows.Deployment.Imaging.AppInvoked + +This event is sent when the app for image creation is invoked. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **branch** Corresponding branch for the image. +- **isInDbg** Whether the app is in debug mode or not. +- **isWSK** Whether the app is building images using WSK or not. + + +## DISM events + +### Microsoft.Windows.StartRepairCore.DISMPendingInstall + +The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **dismPendingInstallPackageName** The name of the pending package. + + +### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions + +The DISM Pending Install event sends information to report pending package installation found. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **errorCode** The result code returned by the event. + + +### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd + +The SRT Repair Action End event sends information to report repair operation ended for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **errorCode** The result code returned by the event. +- **failedUninstallCount** The number of driver updates that failed to uninstall. +- **failedUninstallFlightIds** The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall. +- **foundDriverUpdateCount** The number of found driver updates. +- **srtRepairAction** The scenario name for a repair. +- **successfulUninstallCount** The number of successfully uninstalled driver updates. +- **successfulUninstallFlightIds** The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates. + + +### Microsoft.Windows.StartRepairCore.SRTRepairActionStart + +The SRT Repair Action Start event sends information to report repair operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **srtRepairAction** The scenario name for a repair. + + +### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd + +The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **errorCode** The result code returned by the event. +- **flightIds** The Flight IDs (identifier of the beta release) of found driver updates. +- **foundDriverUpdateCount** The number of found driver updates. +- **srtRootCauseDiag** The scenario name for a diagnosis event. + + +### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart + +The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **srtRootCauseDiag** The scenario name for a diagnosis event. + + +## DxgKernelTelemetry events + +### DxgKrnlTelemetry.GPUAdapterInventoryV2 + +This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. + +The following fields are available: + +- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. +- **aiSeqId** The event sequence ID. +- **bootId** The system boot ID. +- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. +- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. +- **DDIInterfaceVersion** The device driver interface version. +- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). +- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). +- **Display1UMDFilePath** The file path to the location of the Display User Mode Driver in the Driver Store. +- **DisplayAdapterLuid** The display adapter LUID. +- **DriverDate** The date of the display driver. +- **DriverRank** The rank of the display driver. +- **DriverVersion** The display driver version. +- **DriverWorkarounds** Numeric value indicating the driver workarounds that are enabled for this device. +- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. +- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. +- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. +- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. +- **DxDbCurrentVersion** Version of the DirectX Database on the device. +- **DxDbVersionCheckStatus** Numeric value indicating the result of the last check on the DirectX Database version for the device. +- **GPUDeviceID** The GPU device ID. +- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. +- **GPURevisionID** The GPU revision ID. +- **GPUVendorID** The GPU vendor ID. +- **HwFlipQueueSupportState** Numeric value indicating the adapter's support for hardware flip queues. +- **HwSchSupportState** Numeric value indicating the adapter's support for hardware scheduling. +- **IddPairedRenderAdapterLuid** Identifier for the render adapter paired with this display adapter. +- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided3** Number of device driver interface function pointers provided. +- **InterfaceId** The GPU interface ID. +- **IsCrossAdapterScanOutSupported** Boolean value indicating whether the adapter supports cross-adapter scanout optimization. +- **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwFlipQueueEnabled** Boolean value indicating whether hardware flip queues are enabled. +- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. +- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? +- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? +- **IsLDA** Is the GPU comprised of Linked Display Adapters? +- **IsMiracastSupported** Does the GPU support Miracast? +- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? +- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? +- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? +- **IsPostAdapter** Is this GPU the POST GPU in the device? +- **IsRemovable** TRUE if the adapter supports being disabled or removed. +- **IsRenderDevice** Does the GPU have rendering capabilities? +- **IsSoftwareDevice** Is this a software implementation of the GPU? +- **IsVirtualRefreshRateSupported** Boolean value indicating whether the adapter supports virtual refresh rates. +- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. +- **MdmSupportStatus** Numeric value indicating support for Microsoft Display Mux. +- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? +- **NodeTypes** Types of execution nodes comprising the graphics adapter. +- **NumExecutionNodes** Number of execution nodes comprising the graphics adapter. +- **NumNonVidPnTargets** Number of display targets. +- **NumPhysicalAdapters** Number of physical graphics adapters. +- **NumVidPnSources** The number of supported display output sources. +- **NumVidPnTargets** The number of supported display output targets. +- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). +- **SubSystemID** The subsystem ID. +- **SubVendorID** The GPU sub vendor ID. +- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? +- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) +- **version** The event version. +- **WDDMVersion** The Windows Display Driver Model version. + + +### DxgKrnlTelemetry.GPUStartAdapter + +This event records information about an attempt to start a graphics adapter. + +The following fields are available: + +- **DDIInterfaceVersion** Version of the display driver interface (DDI). +- **DriverDate** Date of the display driver. +- **DriverRank** Rank for the display driver. +- **DriverVersion** Version of the display driver. +- **FailureReason** Numeric value indicating the stage in which the startup attempt failed. +- **GPUDeviceID** Device identifier for the graphics adapter. +- **GPURevisionID** Revision identifier for the graphics adapter. +- **GPUVendorID** Vendor identifier for the graphics adapter. +- **IsSoftwareDevice** Boolean value indicating whether the graphics adapter is implemented in software only. +- **StartAdapterFailedSequenceId** Numeric value indicating the graphics adapter startup attempt count. +- **Status** Numeric value indicating the status of the graphics adapter startup attempt. +- **SubSystemID** Subsystem identifier for the graphics adapter. +- **SubVendorID** Subsystem vendor identifier for the graphics identifier. +- **version** Version of the schema for the event. + + +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it's shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The Win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **rdmaConnectionsForStorage** This specifies the rdma connections for storage. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **securityLevelForStorage** The cluster parameter: security level for storage. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **useRdmaForStorage** The cluster parameter to use rdma for storage. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + +## Fault Reporting events + +### Microsoft.Windows.FaultReporting.AppCrashEvent + +This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (for example, from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (for example, from PLM) that may be considered crashes\" by a user DO NOT emit this event. + +The following fields are available: + +- **AppName** The name of the app that has crashed. +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **AppTimeStamp** The date/time stamp of the app. +- **AppVersion** The version of the app that has crashed. +- **ExceptionCode** The exception code returned by the process that has crashed. +- **ExceptionOffset** The address where the exception had occurred. +- **Flags** Flags indicating how reporting is done. For example, queue the report, don't offer JIT debugging, or don't terminate the process after reporting. +- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name. +- **IsFatal** True/False to indicate whether the crash resulted in process termination. +- **ModName** Exception module name (for example, bar.dll). +- **ModTimeStamp** The date/time stamp of the module. +- **ModVersion** The version of the module that has crashed. +- **PackageFullName** Store application identity. +- **PackageRelativeAppId** Store application identity. +- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. +- **ProcessCreateTime** The time of creation of the process that has crashed. +- **ProcessId** The ID of the process that has crashed. +- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. +- **TargetAppId** The kernel reported AppId of the application being reported. +- **TargetAppVer** The specific version of the application being reported +- **TargetAsId** The sequence number for the hanging process. + + +## Feature quality events + +### Microsoft.Windows.FeatureQuality.Heartbeat + +This event indicates the feature status heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **Features** Array of features. + + +### Microsoft.Windows.FeatureQuality.StateChange + +This event indicates the change of feature state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **flightId** Flight ID. +- **state** New state. + + +### Microsoft.Windows.FeatureQuality.Status + +This event indicates the feature status. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **featureId** Feature ID. +- **flightId** Flight ID. +- **time** Time of status change. +- **variantId** Variant ID. + + +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed + +This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **failureReason** Provides data about the uninstall initialization operation failure. +- **hr** Provides the Win32 error code for the operation failure. + + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. The data collected with this event is used to help keep Windows up to date and performing properly. + + + +## Hang Reporting events + +### Microsoft.Windows.HangReporting.AppHangEvent + +This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It doesn't contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (for example, PLM/RM/EM) as Watson Generics and won't produce AppHang events. + +The following fields are available: + +- **AppName** The name of the app that has hung. +- **AppSessionGuid** GUID made up of process ID used as a correlation vector for process instances in the telemetry backend. +- **AppVersion** The version of the app that has hung. +- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report. +- **PackageFullName** Store application identity. +- **PackageRelativeAppId** Store application identity. +- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64. +- **ProcessCreateTime** The time of creation of the process that has hung. +- **ProcessId** The ID of the process that has hung. +- **ReportId** A GUID used to identify the report. This can used to track the report across Watson. +- **TargetAppId** The kernel reported AppId of the application being reported. +- **TargetAppVer** The specific version of the application being reported. +- **TargetAsId** The sequence number for the hanging process. +- **TypeCode** Bitmap describing the hang type. +- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application. +- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it's waiting. +- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it's waiting. +- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application ID of the package. + + +## Holographic events + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded + +This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **ClassGuid** Windows Mixed Reality device class GUID. +- **DeviceInterfaceId** Windows Mixed Reality device interface ID. +- **DriverVersion** Windows Mixed Reality device driver version. +- **FirmwareVersion** Windows Mixed Reality firmware version. +- **Manufacturer** Windows Mixed Reality device manufacturer. +- **ModelName** Windows Mixed Reality device model name. +- **SerialNumber** Windows Mixed Reality device serial number. + + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceRemoved + +This event indicates Windows Mixed Reality device state. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly. + +The following fields are available: + +- **DeviceInterfaceId** Device Interface ID. + + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated + +This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend. +- **IsForCompositor** True/False to indicate whether the holographic space is for compositor process. +- **Source** An enumeration indicating the source of the log. +- **WindowInstanceId** Unique value for each window instance. + + +### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated + +This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **HmdState** Windows Mixed Reality Headset HMD state. +- **NewHoloShellState** Windows Mixed Reality HoloShell state. +- **PriorHoloShellState** Windows Mixed Reality state prior to entering to HoloShell. +- **SimulationEnabled** Windows Mixed Reality Simulation state. + + +### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated + +This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode. +- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. +- **PackageVersion** Windows Mixed Reality Portal app package version. +- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. +- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. + + +### Microsoft.Windows.Shell.HolographicFirstRun.SomethingWentWrong + +This event is emitted when something went wrong error occurs. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly. + +The following fields are available: + +- **ErrorSource** Source of error, obsoleted always 0. +- **StartupContext** Start up state. +- **StatusCode** Error status code. +- **SubstatusCode** Error sub status code. + + +### TraceLoggingHoloLensSensorsProvider.OnDeviceAdd + +This event provides Windows Mixed Reality device state with new process that hosts the driver. The data collected with this event is used to keep Windows and Windows Mixed Reality performing properly. + +The following fields are available: + +- **Process** Process ID. +- **Thread** Thread ID. + + +### TraceLoggingOasisUsbHostApiProvider.DeviceInformation + +This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **BootloaderMajorVer** Windows Mixed Reality device boot loader major version. +- **BootloaderMinorVer** Windows Mixed Reality device boot loader minor version. +- **BootloaderRevisionNumber** Windows Mixed Reality device boot loader revision number. +- **BTHFWMajorVer** Windows Mixed Reality device BTHFW major version. This event also used to count WMR device. +- **BTHFWMinorVer** Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device. +- **BTHFWRevisionNumber** Windows Mixed Reality device BTHFW revision number. +- **CalibrationBlobSize** Windows Mixed Reality device calibration blob size. +- **CalibrationFwMajorVer** Windows Mixed Reality device calibration firmware major version. +- **CalibrationFwMinorVer** Windows Mixed Reality device calibration firmware minor version. +- **CalibrationFwRevNum** Windows Mixed Reality device calibration firmware revision number. +- **DeviceInfoFlags** Windows Mixed Reality device info flags. +- **DeviceReleaseNumber** Windows Mixed Reality device release number. +- **FirmwareMajorVer** Windows Mixed Reality device firmware major version. +- **FirmwareMinorVer** Windows Mixed Reality device firmware minor version. +- **FirmwareRevisionNumber** Windows Mixed Reality device calibration firmware revision number. +- **FpgaFwMajorVer** Windows Mixed Reality device FPGA firmware major version. +- **FpgaFwMinorVer** Windows Mixed Reality device FPGA firmware minor version. +- **FpgaFwRevisionNumber** Windows Mixed Reality device FPGA firmware revision number. +- **FriendlyName** Windows Mixed Reality device friendly name. +- **HashedSerialNumber** Windows Mixed Reality device hashed serial number. +- **HeaderSize** Windows Mixed Reality device header size. +- **HeaderVersion** Windows Mixed Reality device header version. +- **LicenseKey** Windows Mixed Reality device header license key. +- **Make** Windows Mixed Reality device make. +- **ManufacturingDate** Windows Mixed Reality device manufacturing date. +- **Model** Windows Mixed Reality device model. +- **PresenceSensorHidVendorPage** Windows Mixed Reality device presence sensor HID vendor page. +- **PresenceSensorHidVendorUsage** Windows Mixed Reality device presence sensor HID vendor usage. +- **PresenceSensorUsbVid** Windows Mixed Reality device presence sensor USB VId. +- **ProductBoardRevision** Windows Mixed Reality device product board revision number. +- **SerialNumber** Windows Mixed Reality device serial number. + + +## Inventory events + +### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd + +This event sends basic metadata about an application on the system. The data collected with this event is used to keep Windows performing properly and up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AndroidPackageId** A unique identifier for an Android app. +- **HiddenArp** Indicates whether a program hides itself from showing up in ARP. +- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics). +- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00 +- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. +- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array. +- **InventoryVersion** The version of the inventory file generating the events. +- **Language** The language code of the program. +- **MsiInstallDate** The install date recorded in the program's MSI package. +- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. +- **MsiProductCode** A GUID that describe the MSI Product. +- **Name** The name of the application. +- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. +- **PackageFullName** The package full name for a Store application. +- **ProgramInstanceId** A hash of the file IDs in an app. +- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. +- **RootDirPath** The path to the root directory where the program was installed. +- **Source** How the program was installed (for example, ARP, MSI, Appx). +- **SparkId** Unique ID that represents a Win32 app installed from the Microsoft Store. +- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. +- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it's a service. Application and BOE are the ones most likely seen. +- **Version** The version number of the program. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationKbStartSync + +This event represents the basic metadata about an application updates (KBs) installed on the system. This event is used to understand the applications on a machine to determine if there will be compatibility issues when upgrading Windows. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory components. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove + +This event indicates that a new set of InventoryDevicePnpAdd events will be sent. The data collected with this event is used to keep Windows performing properly. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory file generating the events. + + +## Kernel events + +### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem + +This event is sent when a new problem code is assigned to a device. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **Count** The total number of events. +- **DeviceInstanceId** The unique identifier of the device in the system. +- **LastProblem** The previous problem code that was set on the device. +- **LastProblemStatus** The previous NTSTATUS value that was set on the device. +- **Problem** The new problem code that was set on the device. +- **ProblemStatus** The new NTSTATUS value that was set on the device. +- **ServiceName** The driver or service name that is attached to the device. + + +### Microsoft.Windows.Kernel.Power.AbnormalShutdown + +This event provides diagnostic information of the most recent abnormal shutdown. + +The following fields are available: + +- **BootEnvironment** Errors from boot environment. +- **BootStatValid** Status of bootstat file. +- **Bugcheck** Bugcheck information. +- **CrashDump** Crash dump information. +- **CurrentBootId** ID of this boot. +- **FirmwareReset** System reset by firmware. +- **LastShutdownBootId** BootID of last shutdown. +- **LongPowerButtonHold** Long power button hold information. +- **SystemStateTransition** State transition information. +- **Watchdog** Watchdog information. +- **WheaBootErrorCount** Whea boot error information. + + +### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown + +This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they're expected to. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **temperature** Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit. +- **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits. +- **TotalUpTimeMs** Contains the total system up time in milliseconds. + + +## Microsoft Edge events + +### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **account_type** A number representing the type of the signed in user account, where 0 indicates None, 1 indicates Microsoft Account, 2 indicates Azure Active Directory, 3 indicates On-Prem Active Directory and 4 indicates Azure Active Directory (Degraded). This field is currently only supported on mobile platforms and so the value is set to -1 on non-mobile platforms. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Microsoft Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state wasn't retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **AppSessionGuid** An identifier of a particular application session starting at process creation time and persisting until process end. +- **brandCode** Contains the 4 character brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (for example, Canary/Dev/Beta/Stable). client_id isn't durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **device_sample_rate** A number representing how often the device sends telemetry, expressed as a percentage. Low values indicate that device sends more events and high values indicate that device sends fewer events. The value is rounded to five significant figures for privacy reasons and if an error is hit in getting the device sample number value from the registry then this will be -1; and if client isn't on a UTC-enabled platform, then this value won't be set. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **experimentation_mode** A number representing the value set for the ExperimentationAndConfigurationServiceControl group policy. See [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies#experimentationandconfigurationservicecontrol) for more details on this policy. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSourceName** A string representation of the installation source. +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reactivationBrandCode** Contains the 4 character reactivation brand code or distribution tag that has been assigned to a partner. Not every Windows install will have a brand code. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +This Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate service, Microsoft Edge applications, and the current system environment including app configuration, update configuration, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. One or more events is sent each time any installation, update, or uninstallation occurs with the EdgeUpdate service or with Microsoft Edge applications. This event is used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. This is an indication that the event is designed to keep Windows secure and up to date. + +The following fields are available: + +- **appAp** Any additional parameters for the specified application. Default: ''. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. +- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. +- **appChannel** An integer indicating the channel of the installation (that is, Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (for example, send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. +- **appEdgePreviewDisenrollReason** Reason why Preview was unenrolled. +- **appEdgePreviewPreviousValuesV2** Previous values of the Microsoft Edge Preview. +- **appEdgePreviewState** Specifies if Microsoft Edge is in the preview state. +- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. +- **appFirstFRESeenTime** The earliest time the Microsoft Edge First Run Experience was seen by any user on the device in Windows FILETIME units / 10. Default: undefined. +- **appFirstFRESeenVersion** The earliest Microsoft Edge First Run Experience version that was seen by any user on the device (for example '1.2.3.4'). Default: undefined. +- **appInactivityBadgeApplied** Specifies that the inactivity badge has been applied. +- **appInactivityBadgeCleared** Specifies that the inactivity badge has been cleared. +- **appInactivityBadgeDuration** The duration of the inactivity badge. +- **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appIsPinnedSystem** Specifies is the app is pinned. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appLastLaunchCount** Number of times the app launched last. +- **appLastLaunchTime** The time when browser was last launched. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. +- **appOOBEInstallTime** The time of first recorded successful OOBE Microsoft Edge install in Windows FILETIME units / 10 (that is, the install time of any fully completed OOBE install achieved before OOBE finishes), as recorded by setup.exe. Default: undefined. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply. +- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z. +- **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) For example, HIT from proxy.domain.tld, MISS from proxy.local. +- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. for example: US. +- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2. +- **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. For example, Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z. +- **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. For example, CP=\"CAO PSA OUR\". +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventPackageCacheResult** Whether there's an existing package cached in the system to update or install. 1 means that there's a cache hit under the expected key, 2 means there's a cache hit under a different key, 0 means that there's a cache miss. -1 means the field doesn't apply. +- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. +- **appPingEventSystemUptimeTicks** Number of ticks that the system has been up. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appReferralHash** The hash of the referral code used to install the product. '0' if unknown. Default: '0'. +- **appUpdateCheckIsRollbackAllowed** Check for status showing whether or not rollback is allowed. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't. +- **appUpdateCheckTargetChannel** Check for status showing the target release channel. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it's not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. +- **appUpdateCount** A running total of successful updates recorded by setup.exe. This is used for continuity checking of the Ping data spanning consecutive updates. +- **appUpdatesAllowedForMeteredNetworks** Specifies if the device can receive updates with on a metered network. +- **appVersion** The version of the product install. shouldn't Default: '0.0.0.0'. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **eventType** A string indicating the type of the event. shouldn't +- **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. +- **hwDiskType** Device’s hardware disk type. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware doesn't support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware doesn't support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware doesn't support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware doesn't support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware doesn't support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware doesn't support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwLogicalCpus** Number of logical CPUs of the device. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isCTADevice** Specifies if the device is CTA. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **oemProductManufacturer** The device manufacturer name. +- **oemProductName** The product name of the device defined by device manufacturer. +- **osArch** The architecture of the operating system (for example, 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osIsDefaultNetworkConnectionMetered** States if the default network connection is metered. +- **osIsInLockdownMode** Is the OS in lockdown mode. +- **osIsWIP** Whether the OS is in preview. +- **osPlatform** The operating system family that the within which the Omaha client is running (for example 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osProductType** Type associated with the operating system. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **osWIPBranch** WIP branch of the operating system. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (for example, update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and shouldn't be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.PingXml + +The PingXml event sends detailed information pertaining to a specific instance of an update process in MicrosoftEdgeUpdate. This event contains Device Connectivity and Configuration, Product and Service Performance, and Software Setup and Inventory data. Each PingXml event can contain update logs from multiple different applications, and each application node in the XML payload can contain multiple different ping events. This event is sent whenever an update process occurs in the MicrosoftEdgeUpdate, regardless of the exit status. This event is used to track the reliability and performance of the MicrosoftEdgeUpdate process. The payload of this event is defined in the protocol definition header file. + +The following fields are available: + +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **Xml** XML-encoded string representing the request payload of the ping event. The request payload includes data and metadata for four nodes: the request itself, the hardware of the device, the OS of the device, and each updated application. Each application node includes additional nodes for individual ping events. + + +## Migration events + +### Microsoft.Windows.MigrationCore.MigObjectCountDLSys + +This event is used to indicate object count for system paths during different phases of Windows feature update. + +The following fields are available: + +- **migDiagSession->CString** Indicates the phase of the update. +- **objectCount** Number of files being tracked for the corresponding phase of the update. +- **sfInfo.Name** This indicates well know folder location path (Ex: PUBLIC_downloads etc.) + + +### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr + +This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios. + +The following fields are available: + +- **currentSid** Indicates the user SID for which the migration is being performed. +- **migDiagSession->CString** The phase of the upgrade where migration occurs. (for example: Validate tracked content) +- **objectCount** The count for the number of objects that are being transferred. +- **sfInfo.Name** This event identifies the phase of the upgrade where migration happens. + + +### Microsoft.Windows.MigrationCore.MigObjectCountKFSys + +This event returns data about the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios. + +The following fields are available: + +- **migDiagSession->CString** Identifies the phase of the upgrade where migration happens. +- **objectCount** The count of the number of objects that are being transferred. +- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads + + +### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr + +This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios. + +The following fields are available: + +- **currentSid** Indicates the user SID for which the migration is being performed. +- **migDiagSession->CString** The phase of the upgrade where the migration occurs. (For example, Validate tracked content.) +- **objectCount** The number of objects that are being transferred. +- **sfInfo.Name** The predefined folder path locations. For example, FOLDERID_PublicDownloads. + + +## OneSettings events + +### Microsoft.Windows.OneSettingsClient.Heartbeat + +This event indicates the config state heartbeat. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **Configs** Array of configs. + + +### Microsoft.Windows.OneSettingsClient.StateChange + +This event indicates the change in config state. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **flightId** Flight id. +- **state** New state. + + +### Microsoft.Windows.OneSettingsClient.Status + +This event indicates the config usage of status update. The data collected with this event is used to help keep Windows up to date, secure, and performing properly. + +The following fields are available: + +- **flightId** Flight id. +- **time** Time. + + +## OOBE events + +### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateNthLogonDisplayStatus + +NthLogon NDUP evaluated whether it should launch or not. + +The following fields are available: + +- **nthSkippedReasonFlag** Flag indicating skip reason. +- **reason** Skip reason string. + + +### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdatePageSkipped + +This event provides information about skipping expedited update page. The data collected with this event is used to help keep Windows secure, up to date, and performing properly. + +The following fields are available: + +- **reason** Reason for skip. +- **skippedReasonFlag** Flag representing reason for skip. + + +### Microsoft.Windows.Shell.Oobe.ExpeditedUpdate.ExpeditedUpdateStatusResult + +This event provides status of expedited update. The data collected with this event is used to help keep Windows secure, up to date, and performing properly. + +The following fields are available: + +- **oobeExpeditedUpdateStatus** Expedited update status. +- **reason** Reason for the status. +- **resultCode** HR result of operation. + + +## Other events + +### Microsoft.Windows.Analog.HolographicDriverClient.TelemetryUserPresenceChanged + +This event sends data indicating the state detected by user presence sensor. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **correlationGuid** Unique correlation Guid Id. +- **isPresent** State detected by user presence sensor. + + +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered + +This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. + + +### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave + +This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **EventHistory** Unique number of event history. +- **ExternalComponentState** State of external component. +- **LastEvent** Unique number of last event. +- **SessionID** Unique value for each attempt. +- **TargetAsId** The sequence number for the process. +- **windowInstanceId** Unique value for each window instance. + + +### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeyFinalize + +This event traces Windows Hello key creation finalize. + + +The following fields are available: + +- **accountType** The account type of the user. +- **cacheType** The cache type of the key. +- **finalizeStatus** Returned status code after the finalize operation. +- **gestureRequired** The operation requires a gesture. +- **isIsoContainer** Indicates if it's using IsoContainer. +- **isVsm** Indicates if Container is in Vsm. +- **keyAccountId** Key account ID. +- **keyAlgId** Key Algorithm ID. +- **keyDomain** Key domain name. +- **keyImplType** Key implementation type. +- **keyTenant** Key tenant name. +- **keyType** Key type. +- **signStatus** Returned status code after the finalize operation. +- **silentByCaller** Indicates whether the caller wanted to finalize silently. +- **silentByProperty** Indicates whether the key property specified to finalize silently. + + +### Microsoft.Windows.Security.NGC.KspSvc.NgcUserIdKeySignHash + +This event traces Windows Hello key signing details. + +The following fields are available: + +- **accountType** The account type of the user. +- **cacheType** The cache type of the key. +- **callerCmdLine** Caller process command line string. +- **didPrompt** Whether a UI prompt was triggered. +- **gestureRequired** The operation requires a gesture. +- **isCacheWithTimedCounterEnabled** New caching mechanism is enabled. +- **isCallerProcessQueryLimited** Indicates if caller process failed to be opened with PROCESS_VM_READ privilege. +- **isUnlockTimeSet** We have a valid unlock time to use. +- **keyAccountId** Hashed key account ID. +- **keyDomain** Hashed key domain name. +- **keyImplType** The implementation type of the key. +- **keyTenant** Hashed key tenant name. +- **keyType** Key type. +- **numSignatures** Number of signatures made since logon or unlock. +- **persistedInPinCache** The PIN was persisted in the cache. +- **protectionLevel** Specifies whether the caller process is a PPL and at what level. +- **sessionGuid** Unique identifier for the current user session. +- **signStatus** Returned status code after the sign operation. +- **silentByCaller** Indicates whether the caller wanted to sign silently. +- **silentByProperty** Indicates whether the key property specified to sign silently. +- **timeSinceUnlockMs** Time since logon or unlock in milliseconds. +- **usedPinCache** The PIN cache was used to attempt to sign. +- **validTicket** The provided ticket doesn't match the default or invalid auth ticket. + +### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateFailed + +Event that indicates that an attempt to apply secure boot updates failed + +The following fields are available: + +- **Action** Action string when error occurred +- **hr** Error code in HRESULT +- **IsRejectedByFirmware** Bool value to indicate if firmware has rejected the update. +- **IsResealNeeded** BOOL value to indicate if TPM Reseal was needed +- **RevokedBootmanager** BOOL value to indicate if current bootmgr is revoked. +- **SecureBootUpdateCaller** Scenario in which function was called. Could be Update or Upgrade +- **UpdateType** Indicates if it's DB or DBX update +- **WillResealSucceed** Indicates if TPM reseal operation is expected to succeed + + +### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted + +Event that indicates secure boot update has started. + +The following fields are available: + +- **AvailableUpdates** Number of available secure boot updates. +- **SecureBootUpdateCaller** Enum value indicating if this is a servicing or an upgrade. + + +### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateSucceeded + +This event indicates if the Secure Boot Update succeded. + +The following fields are available: + +- **Action** Indicates the stage for success. +- **IsRebootRequiredBeforeUpdate** Indicates if reboot is required for before re-attempting the update. +- **IsResealNeeded** Indicates if BitLocker reseal is needed. +- **RevokedBootmanager** Indicates if there's a revoked bootmgr on the machine. +- **SecureBootUpdateCaller** Info about the caller of the update. +- **UpdateType** VariableMask like DB, DBX. +- **WillResealSucceed** Inform if reseal will succeed. + + +### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateCompleted + +This event logs when the installer completes Secureboot update. + +The following fields are available: + +- **Action** String that tells us the failure stage if any. +- **hr** error code. +- **IsResealNeeded** Is BitLocker reseal was needed on this machine. +- **sbServicingFailureReason** Enum containing failure details. +- **SecureBootUpdateCaller** Caller of the update like Secureboot AI, tpmtask or dbupdater. +- **UpdateType** Update type DB or DBX. +- **WillResealSucceed** If BitLocker reseal will succeed on this machine. + + +### Microsoft.Windows.Security.SBServicingCore.ApplySecureBootUpdateStarted + +This event logs when Secureboot updating containing DB/DBX payload starts. + +The following fields are available: + +- **SecureBootUpdateCaller** Caller of the update like Secureboot AI, TPMTask or DBUpdater. +- **UpdateType** Update type like DB or DBX. + + +### Microsoft.Windows.Security.SBServicingCore.SBServicingCoreFunctionFailed + +This event logs when some core function of Secureboot AI fails. + +The following fields are available: + +- **Action** stage at which the failure occurred. +- **Function** name of the function where the failure occurred. +- **hr** error code. + + +### Microsoft.Windows.Shell.CortanaSearch.WebView2ProcessFailed + +This event tracks if the WebView2 process failed. + +The following fields are available: + +- **ExitCode** WebView2 exit code. +- **ProcessFailedKind** WebView2 process failure kind. +- **Reason** WebView2 process failure reason. +- **SessionId** WebView2 sessionId. + + +### Microsoft.Windows.Shell.SystemSettings.SettingsAppActivity.GetUserAccountState + +This event keeps track of if the user's account is in a good state upon loading the Settings Accounts L1 page. + +The following fields are available: + +- **CassService** Version of the Cass service. +- **componentName** Name of the Settings component. +- **correlationVector** Identifier for correlating events. +- **currentPageGroupId** Identifier for the current page group. +- **currentPageId** Identifier for the current page. +- **experienceId** Identifier for the Settings experience. +- **experienceVersion** Version of the experience. +- **isExperienceInbox** Is the experience present by default (Comes with the system). +- **pageId** Identifier for the Setting page. +- **pageSessionId** Identifier for the page session. +- **processSessionId** Identifier for the process. +- **state** State that determines if the account has required backup proofs (eg. email and phone) + + +### Microsoft.Windows.WinRE.Agent.CreateWinRePartitionFailed + +This event emits failure of the Creation of the WinRE partition operation. + +The following fields are available: + +- **ErrorCode** Error code. + + +### Microsoft.Windows.WinRE.Agent.ExtendOsPartitionSucceed + +This event emits success for the extending OS Partition operation. + + +### Microsoft.Windows.WinRE.Agent.ShrinkOsPartitionFailed + +This event captures OS partition shrink operation failures during the WinRE servicing. + +The following fields are available: + +- **HRESULT** Error code. + + +### Microsoft.Windows.WinRE.Agent.WinreFormatPartition + +This event fires when WinRE partition is formatted. + + + +### Microsoft.Windows.WinRE.Agent.WinreFormatPartitionSucceed + +This vvent fires when WinRE partition attempts to format and succeeds. + + +## Privacy consent logging events + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted + +This event is used to determine whether the user successfully completed the privacy consent experience. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **presentationVersion** Which display version of the privacy consent experience the user completed +- **privacyConsentState** The current state of the privacy consent experience +- **settingsVersion** Which setting version of the privacy consent experience the user completed +- **userOobeExitReason** The exit reason of the privacy consent experience + + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus + +This event provides the effectiveness of new privacy experience. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **isAdmin** whether the person who is logging in is an admin +- **isExistingUser** whether the account existed in a downlevel OS +- **isLaunching** Whether or not the privacy consent experience will be launched +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience +- **userRegionCode** The current user's region setting + + +## Setup events + +### Microsoft.Windows.Setup.WinSetupMon.ProtectionViolation + +This event provides information about move or deletion of a file or a directory which is being monitored for data safety during feature updates. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **Mode** The kind of monitoring mode enforced for the given path (this is one of a fixed set of strings). +- **Path** Path to the file or the directory which is being moved or deleted. +- **Process** Path to the process which is requesting the move or the deletion. +- **SessionId** Identifier to correlate this component's telemetry with that of others. +- **TargetPath** (Optional) If the operation is a move, the target path to which the file or directory is being moved. + + +### Microsoft.Windows.Setup.WinSetupMon.TraceError + +Provides details about error in the functioning of upgrade data safety monitoring filter driver. + +The following fields are available: + +- **Message** Text string describing the error condition. +- **SessionId** Identifier to correlate this component's telemetry with that of others. +- **Status** NTSTATUS code related to the error. + + +### Microsoft.Windows.Setup.WinSetupMon.TraceErrorVolume + +Provides details about error in the functioning of upgrade data safety monitoring filter driver, related to a specific volume (drive). + +The following fields are available: + +- **Message** Text string describing the error condition. +- **SessionId** Identifier to correlate this component's telemetry with that of others. +- **Status** NTSTATUS code related to the error. +- **Volume** Path of the volume on which the error occurs + + +## Surface events + +### Microsoft.Surface.Battery.Prod.BatteryInfoEvent + +This event includes the hardware level data about battery performance. The data collected with this event is used to help keep Windows products and services performing properly. + +The following fields are available: + +- **batteryData** Battery Performance data. +- **batteryData.data()** Battery performance data. +- **BatteryDataSize:** Size of the battery performance data. +- **batteryInfo.data()** Battery performance data. +- **BatteryInfoSize:** Size of the battery performance data. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_BPM + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **BPMCurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device. +- **BPMExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC? +- **BPMHvtCountA** Current HVT count for BPM counter A. +- **BPMHvtCountB** Current HVT count for BPM counter B. +- **bpmOptOutLifetimeCount** BPM OptOut Lifetime Count. +- **BPMRsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMRsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMRsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMRsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMTotalEngagedMinutes** Total time that BPM was engaged. +- **BPMTotalEntryEvents** Total number of times entering BPM. +- **BPMv4CurrentlyEngaged** Instantaneous snapshot if BPM is engaged on device. +- **BPMv4ExitCriteria** What is the BPM exit criteria - 20%SOC or 50%SOC?. +- **BPMv4HvtCountA** Current HVT count for BPM counter A. +- **BPMv4HvtCountB** Current HVT count for BPM counter B. +- **BPMv4RsocBucketsHighTemp_Values** Time in temperature range 46°C -60°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4RsocBucketsLowTemp_Values** Time in temperature range 0°C -20°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4RsocBucketsMediumHighTemp_Values** Time in temperature range 36°C -45°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4RsocBucketsMediumLowTemp_Values** Time in temperature range 21°C-35°C and in the following true RSOC ranges: 0%-49%; 50%-79%; 80%-89%; 90%-94%; 95%-100%. +- **BPMv4TotalEngagedMinutes** Total time that BPM was engaged. +- **BPMv4TotalEntryEvents** Total number of times entering BPM. +- **ComponentId** Component ID. +- **FwVersion** FW version that created this log. +- **LogClass** Log Class. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** Log MGR version. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. +- **ProductId** Product ID. +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_CTT + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **batteryPresent** Battery present on device. +- **BPMKioskModeStartDateInSeconds** First time Battery Limit was turned on. +- **BPMKioskModeTotalEngagedMinutes** Total time Battery Limit was on (SOC value at 50%). +- **ComponentId** Component ID. +- **CTTEqvTimeat35C** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 80% SOC. +- **CTTEqvTimeat35CinBPM** Poll time every minute. Add to lifetime counter based on temperature. Only count time above 55% SOC and when device is in BPM. Round up. +- **CTTMinSOC1day** Rolling 1 day minimum SOC. Value set to 0 initially. +- **CTTMinSOC28day** Rolling 28 day minimum SOC. Value set to 0 initially. +- **CTTMinSOC3day** Rolling 3 day minimum SOC. Value set to 0 initially. +- **CTTMinSOC7day** Rolling 7 day minimum SOC. Value set to 0 initially. +- **CTTReduction** Current CTT reduction in mV +- **CTTStartDateInSeconds** Start date from when device was starting to be used. +- **currentAuthenticationState** Current Authentication State. +- **FwVersion** FW version that created this log. +- **LogClass** LOG CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG MGR VERSION. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. +- **newSnFruUpdateCount** New Sn FRU Update Count. +- **newSnUpdateCount** New Sn Update Count. +- **ProductId** Product ID. +- **ProtectionPolicy** Battery limit engaged. True (0 False). +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. +- **VoltageOptimization** Current CTT reduction in mV. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GG + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **cbTimeCell_Values** cb time for different cells. +- **ComponentId** Component ID. +- **cycleCount** Cycle Count. +- **deltaVoltage** Delta voltage. +- **eocChargeVoltage_Values** EOC Charge voltage values. +- **fullChargeCapacity** Full Charge Capacity. +- **FwVersion** FW version that created this log. +- **lastCovEvent** Last Cov event. +- **lastCuvEvent** Last Cuv event. +- **LogClass** LOG_CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG_MGR_VERSION. +- **manufacturerName** Manufacturer name. +- **maxChargeCurrent** Max charge current. +- **maxDeltaCellVoltage** Max delta cell voltage. +- **maxDischargeCurrent** Max discharge current. +- **maxTempCell** Max temp cell. +- **maxVoltage_Values** Max voltage values. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. +- **minTempCell** Min temp cell. +- **minVoltage_Values** Min voltage values. +- **numberOfCovEvents** Number of Cov events. +- **numberOfCuvEvents** Number of Cuv events. +- **numberOfOCD1Events** Number of OCD1 events. +- **numberOfOCD2Events** Number of OCD2 events. +- **numberOfQmaxUpdates** Number of Qmax updates. +- **numberOfRaUpdates** Number of Ra updates. +- **numberOfShutdowns** Number of shutdowns. +- **pfStatus_Values** pf status values. +- **ProductId** Product ID. +- **qmax_Values** Qmax values for different cells. +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV2_GGExt + +This event includes the hardware level data about battery performance. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **avgCurrLastRun** Average current last run. +- **avgPowLastRun** Average power last run. +- **batteryMSPN** BatteryMSPN +- **batteryMSSN** BatteryMSSN. +- **cell0Ra3** Cell0Ra3. +- **cell1Ra3** Cell1Ra3. +- **cell2Ra3** Cell2Ra3. +- **cell3Ra3** Cell3Ra3. +- **ComponentId** Component ID. +- **currentAtEoc** Current at Eoc. +- **firstPFstatusA** First PF status-A. +- **firstPFstatusB** First PF status-B. +- **firstPFstatusC** First PF status-C. +- **firstPFstatusD** First PF status-D. +- **FwVersion** FW version that created this log. +- **lastQmaxUpdate** Last Qmax update. +- **lastRaDisable** Last Ra disable. +- **lastRaUpdate** Last Ra update. +- **lastValidChargeTerm** Last valid charge term. +- **LogClass** LOG CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG MGR VERSION. +- **maxAvgCurrLastRun** Max average current last run. +- **maxAvgPowLastRun** Max average power last run. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. +- **mfgInfoBlockB01** MFG info Block B01. +- **mfgInfoBlockB02** MFG info Block B02. +- **mfgInfoBlockB03** MFG info Block B03. +- **mfgInfoBlockB04** MFG info Block B04. +- **numOfRaDisable** Number of Ra disable. +- **numOfValidChargeTerm** Number of valid charge term. +- **ProductId** Product ID. +- **qmaxCycleCount** Qmax cycle count. +- **SeqNum** Sequence Number. +- **stateOfHealthEnergy** State of health energy. +- **stateOfHealthFcc** State of health Fcc. +- **stateOfHealthPercent** State of health percent. +- **TimeStamp** UTC seconds when log was created. +- **totalFwRuntime** Total FW runtime. +- **updateStatus** Update status. +- **Ver** Schema version. + + +### Microsoft.Surface.Battery.Prod.BatteryInfoEventV3 + +Hardware level data about battery performance. + +The following fields are available: + +- **BatteryTelemetry** Hardware Level Data about battery performance. +- **ComponentId** Component ID. +- **FwVersion** FW version that created this log. +- **LogClass** LOG CLASS. +- **LogInstance** Log instance within class (1..n). +- **LogVersion** LOG MGR VERSION. +- **MCUInstance** Instance ID used to identify multiple MCUs in a product. +- **ProductId** ProductId ID. +- **SeqNum** Sequence Number. +- **TimeStamp** UTC seconds when log was created. +- **Ver** Schema version. + + +## Update Assistant events + +### Microsoft.Windows.RecommendedTroubleshootingService.MitigationFailed + +This event is raised after an executable delivered by Mitigation Service has run and failed. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. Failure data will also be used for root-cause investigation by feature teams, as signal to halt mitigation rollout and, possible follow-up action on specific devices still impacted by the problem because the mitigation failed (that is, reoffer it to impacted devices). The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **activeProcesses** Number of active processes. +- **atleastOneMitigationSucceeded** Bool flag indicating if at least one mitigation succeeded. +- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter. +- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service. +- **countDownloadedPayload** Count instances of payload downloaded. +- **description** Description of failure. +- **devicePreference** Recommended Troubleshooting Setting on the device. +- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe. +- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab. +- **executionHR** HR code of the execution of the mitigation. +- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option. +- **exitCode** Exit code of the execution of the mitigation. +- **experimentFeatureId** Experiment feature ID. +- **experimentFeatureState** Config state of the experiment. +- **hr** HRESULT for error code. +- **isActiveSessionPresent** If an active user session is present on the device. +- **isCriticalMitigationAvailable** If a critical mitigation is available to this device. +- **isFilteringSuccessful** If the filtering operation was successful. +- **isReApply** reApply status for the mitigation. +- **mitigationId** ID value of the mitigation. +- **mitigationProcessCycleTime** Process cycle time used by the mitigation. +- **mitigationRequestWithCompressionFailed** Boolean flag indicating if HTTP request with compression failed for this device. +- **mitigationServiceResultFetched** Boolean flag indicating if mitigation details were fetched from the admin service. +- **mitigationVersion** String indicating version of the mitigation. +- **oneSettingsMetadataParsed** If OneSettings metadata was parsed successfully. +- **oneSettingsSchemaVersion** Schema version used by the OneSettings parser. +- **onlyNoOptMitigationsPresent** Checks if all mitigations were no opt. +- **parsedOneSettingsFile** Indicates if OneSettings parsing was successful. +- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter. +- **SessionId** Random GUID used for grouping events in a session. +- **subType** Error type. +- **totalKernelTime** Total kernel time used by the mitigation. +- **totalNumberOfApplicableMitigations** Total number of applicable mitigations. +- **totalProcesses** Total number of processes assigned to the job object. +- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object. +- **totalUserTime** Total user mode time used by the job object. + + +### Microsoft.Windows.RecommendedTroubleshootingService.MitigationSucceeded + +This event is raised after an executable delivered by Mitigation Service has successfully run. Data from this event is used to measure the health of mitigations used by engineers to solve in-market problems on internal, insider, and retail devices. The data collected with this event is used to keep Windows performing properly. + +The following fields are available: + +- **activeProcesses** Number of active processes. +- **callerId** Identifier (GUID) of the caller requesting a system initiated troubleshooter. +- **contactTSServiceAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to get Troubleshooter metadata from the Troubleshooting cloud service. +- **devicePreference** Recommended troubleshooting setting on the device. +- **downloadBinaryAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download Troubleshooter Exe. +- **downloadCabAttempts** Number of attempts made by TroubleshootingSvc in a single Scanner session to download PrivilegedActions Cab. +- **executionPreference** Current Execution level Preference. This may not be same as devicePreference, for example, when executing Critical troubleshooters, the executionPreference is set to the Silent option. +- **exitCode** Exit code of the execution of the mitigation. +- **exitCodeDefinition** String describing the meaning of the exit code returned by the mitigation (that is, ProblemNotFound). +- **experimentFeatureId** Experiment feature ID. +- **experimentFeatureState** Feature state for the experiment. +- **mitigationId** ID value of the mitigation. +- **mitigationProcessCycleTime** Process cycle time used by the mitigation. +- **mitigationVersion** String indicating version of the mitigation. +- **sessionAttempts** Number of Scanner sessions attempted so far by TroubleshootingSvc for this troubleshooter. +- **SessionId** Random GUID used for grouping events in a session. +- **totalKernelTime** Total kernel time used by the mitigation. +- **totalProcesses** Total number of processes assigned to the job object. +- **totalTerminatedProcesses** Total number of processes in terminated state assigned to the job object. +- **totalUserTime** Total user mode time used by the job object. + + +## Update events + +### Update360Telemetry.FellBackToDownloadingAllPackageFiles + +This event indicates whether a failure occurred during Missing File List generation and is applicable to Quality Update downloads. + +The following fields are available: + +- **ErrorCode** Error code returned during Missing File List generation. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique ID for each flight. +- **Package** Name of the package for which Missing File List generation failed and we fell back to downloading all package files. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases). +- **UpdateId** Unique ID for each Update. + + +### Update360Telemetry.UpdateAgentCommit + +This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CancelRequested** Boolean that indicates whether cancel was requested. +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentPostRebootResult + +This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **ErrorCode** The error code returned for the current post reboot phase. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **ObjectId** Unique value for each Update Agent mode. +- **PostRebootResult** Indicates the Hresult. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **RollbackFailureReason** Indicates the cause of the rollback. +- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. +- **UpdateOutputState** A numeric value indicating the state of the update at the time of reboot. + + +## Windows Error Reporting events + +### Microsoft.Windows.WERVertical.OSCrash + +This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event. + +The following fields are available: + +- **BootId** Uint32 identifying the boot number for this device. +- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check. +- **BugCheckParameter1** Uint64 parameter providing additional information. +- **BugCheckParameter2** Uint64 parameter providing additional information. +- **BugCheckParameter3** Uint64 parameter providing additional information. +- **BugCheckParameter4** Uint64 parameter providing additional information. +- **DumpFileAttributes** Codes that identify the type of data contained in the dump file +- **DumpFileSize** Size of the dump file +- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise +- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). + + +## Windows Hardware Error Architecture events + +### WheaProvider.WheaDriverErrorExternal + +This event is sent when a common platform hardware error is recorded by an external WHEA error source driver. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **creatorId** A GUID that identifies the entity that created the error record. +- **errorFlags** Flags set on the error record. +- **notifyType** A GUID that identifies the notification mechanism by which an error condition is reported to the operating system. +- **partitionId** A GUID that identifies the partition on which the hardware error occurred. +- **platformId** A GUID that identifies the platform on which the hardware error occurred. +- **record** A binary blob containing the full error record. Due to the nature of common platform error records we have no way of fully parsing this blob for any given record. +- **recordId** The identifier of the error record. This identifier is unique only on the system that created the error record. +- **sectionFlags** The flags for each section recorded in the error record. +- **sectionTypes** A GUID that represents the type of sections contained in the error record. +- **severityCount** The severity of each individual section. +- **timeStamp** Error time stamp as recorded in the error record. + + +### WheaProvider.WheaDriverExternalLogginLimitReached + +This event indicates that WHEA has reached the logging limit for critical events from external drivers. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **timeStamp** Time at which the logging limit was reached. + + +## Windows Store events + +### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation + +This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** Number of retry attempts before it was canceled. +- **BundleId** The Item Bundle ID. +- **CategoryId** The Item Category ID. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed before this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Was this requested by a user? +- **IsMandatory** Was this a mandatory update? +- **IsRemediation** Was this a remediation install? +- **IsRestore** Is this automatically restoring a previously acquired product? +- **IsUpdate** Flag indicating if this is an update. +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The product family name of the product being installed. +- **ProductId** The identity of the package or packages being installed. +- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled. +- **UserAttemptNumber** The total number of user attempts at installation before it was canceled. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginAcquireLicense + +During App Installs and updates, a license is acquired to ensure the app/machine has an entitlement to the app. + +The following fields are available: + +- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** Client App Id (different in case of auto updates or interactive updates from the app). +- **IsBundle** The identity of the app that initiated this operation. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The Product ID of the parent if this product is part of a bundle. +- **PFN** Product Family Name of this product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install before cancellation. +- **UserAttemptNumber** Total number of user attempts to install before cancellation. +- **WUContentId** Licensing identity of this package. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginDownload + +This event is fired during the app update or install process when actual bits are being downloaded, this particular event is fired at the beginning of the process to indicate a state change to "Downloading". StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we won't be able to track the success/failure and fix any future vulnerabilities related to these built-in Windows Apps. + +The following fields are available: + +- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** True if this is a bundle. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The product ID of the parent if this product is part of a bundle. +- **PFN** Product Family Name of app being downloaded. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install before cancellation. +- **UserAttemptNumber** Total number of user attempts to install before cancellation. +- **WUContentId** NLicensing identity of this package. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginGetFreeEntitlement + +Tracks the beginning of the call to get a free app entitlement. + +The following fields are available: + +- **CampaignId** Marketing Campaign Identifier. +- **StoreId** App Store Catalog Id. +- **UseDeviceId** Boolean value to select whether the entitlement should be a device versus a user entitlement. + + +### Microsoft.Windows.StoreAgent.Telemetry.BeginInstall + +This event is fired near the end stage of a new app install or update after the bits have been downloaded. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we won't be able to track the success/failure and fix any future vulnerabilities related to these built-in Windows Apps. + +The following fields are available: + +- **AggregatedPackageFullNames** The name(s) of all packages to be downloaded and installed. +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** True if this is a bundle. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The product ID of the parent if this product is part of a bundle. +- **PFN** The name(s) of the package(s) requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install. +- **UserAttemptNumber** Total number of user attempts to install. +- **WUContentId** Licensing identity of this package. + +### Microsoft.Windows.StoreAgent.Telemetry.BeginSearchUpdatePackages + +This event is fired when looking for app updates. + +The following fields are available: + +- **AttemptNumber** Total number of install attempts before this operation. +- **BundleId** The identity of the flight associated with this product. +- **CategoryId** The identity of the package(s) being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** True if this is a bundle. +- **IsInteractive** True if this operation was requested by a user. +- **IsMandatory** True if this is a mandatory update. +- **IsRemediation** True if this install is repairing a previous install. +- **IsRestore** True when automatically restoring a previously acquired product. +- **IsUpdate** True if this is a product update. +- **ParentBundleId** The product ID of the parent if this product is part of a bundle. +- **PFN** The name(s) of the package(s) requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** Total number of automatic attempts to install. +- **UserAttemptNumber** Total number of user attempts to install. +- **WUContentId** Licensing identity of this package. + + +### Microsoft.Windows.StoreAgent.Telemetry.BlockLowPriorityWorkItems + +This event is fired when the BlockLowPriorityWorkItems method is called, stopping the queue from installing LowPriority work items. + +The following fields are available: + +- **ClientId** Client ID of the caller. + + +### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation + +This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all package or packages to be downloaded and installed. +- **AttemptNumber** Total number of installation attempts. +- **BundleId** The identity of the Windows Insider build that is associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Was this requested by a user? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this an automatic restore of a previously acquired product? +- **IsUpdate** Is this a product update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of all packages to be downloaded and installed. +- **PreviousHResult** The previous HResult code. +- **PreviousInstallState** Previous installation state before it was canceled. +- **ProductId** The name of the package or packages requested for installation. +- **RelatedCV** Correlation Vector of a previous performed action on this product. +- **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled. +- **UserAttemptNumber** Total number of user attempts to install before it was canceled. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense + +This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. +- **AttemptNumber** The total number of attempts to acquire this product. +- **BundleId** The bundle ID +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** HResult code to show the result of the operation (success/failure). +- **IsBundle** Is this a bundle? +- **IsInteractive** Did the user initiate the installation? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this happening after a device restore? +- **IsUpdate** Is this an update? +- **ParentBundleId** The parent bundle ID (if it's part of a bundle). +- **PFN** Product Family Name of the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The number of attempts by the system to acquire this product. +- **UserAttemptNumber** The number of attempts by the user to acquire this product +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndDownload + +This event is sent after an app is downloaded to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. +- **AttemptNumber** Number of retry attempts before it was canceled. +- **BundleId** The identity of the Windows Insider build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **DownloadSize** The total size of the download. +- **ExtendedHResult** Any extended HResult error codes. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this initiated by the user? +- **IsMandatory** Is this a mandatory installation? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this a restore of a previously acquired product? +- **IsUpdate** Is this an update? +- **ParentBundleId** The parent bundle ID (if it's part of a bundle). +- **PFN** The Product Family Name of the app being download. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The number of attempts by the system to download. +- **UserAttemptNumber** The number of attempts by the user to download. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate + +This event is sent when an app update requires an updated Framework package and the process starts to download it. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **HResult** The result code of the last action performed before this operation. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndGetFreeEntitlement + +Telemetry is fired at the end of the call to request a free app entitlement, which will make a server call to get the entitlement. + +The following fields are available: + +- **CampaignId** Campaign marketing Id. +- **HResult** Error result. +- **StoreId** Store Catalog Id of item requesting ownership. +- **UseDeviceId** Boolean value to select whether the entitlement should be a device versus a user entitlement. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndInstall + +This event is sent after a product has been installed to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **ExtendedHResult** The extended HResult error code. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this an interactive installation? +- **IsMandatory** Is this a mandatory installation? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this automatically restoring a previously acquired product? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** Product Family Name of the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates + +This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AutoUpdateWorkScheduledWithUOTime** The time when work was first scheduled with UO. Value deleted when UO calls UnblockLowPriorityWorkItems. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsApplicability** Is this request to only check if there are any applicable packages to install? +- **IsInteractive** Is this user requested? +- **IsOnline** Is the request doing an online check? +- **NumberOfApplicableUpdates** The number of packages returned by this operation. +- **PFN** The PackageFullName of the app currently installed on the machine. This operation is scanning for an update for this app. Value will be empty if operation is scanning for updates for more than one app. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages + +This event is sent after searching for update packages to install. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData + +This event is sent after restoring user data (if any) that needs to be restored following a product install. It's used to keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **ProductId** The Store Product ID for the product being installed. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of system attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete + +This event is sent at the end of an app install or update to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The name of the product catalog from which this app was chosen. +- **FailedRetry** Indicates whether the installation or update retry was successful. +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate + +This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The name of the product catalog from which this app was chosen. +- **ClientAppId** The identity of the app that initiated this operation. +- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. +- **InstalledPFuN** Package Full Name of the app that is installed and will be updated. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. +- **PluginWorkCreationHr** Resulting HResult error/success code from plugin work creation. +- **ProductId** The product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest + +This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **BundleId** The identity of the build associated with this product. +- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SkuId** Specific edition ID being installed. +- **VolumePath** The disk path of the installation. + + +### Microsoft.Windows.StoreAgent.Telemetry.InstallRequestReceived + +This event is sent when a product install request is received by AppInstallManager. + +The following fields are available: + +- **ClientId** Client ID of the caller. +- **StoreId** The Store ID for the product being installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation + +This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The total number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The Product Full Name. +- **PreviousHResult** The result code of the last action performed before this operation. +- **PreviousInstallState** Previous state before the installation or update was paused. +- **ProductId** The Store Product ID for the product being installed. +- **RelatedCV** Correlation Vector of a previous performed action on this product. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.QueueStuckError + +This event indicates that the Install Queue is in a stuck state. + +The following fields are available: + +- **ItemLifetimeInSeconds** The amount of time elapsed since the item had been created in seconds at the time of the error. +- **OpenSlots** The number of open slots in the queue at the time of the error. +- **PendingItems** The number of pending items in the queue at the time of the error. +- **QueueItems** The number of items in the queue at the time of the error. + + +### Microsoft.Windows.StoreAgent.Telemetry.RestoreDeviceMetrics + +This event provides an informational summary of the apps returned from the restorable apps data store. + +The following fields are available: + +- **DeferredAppIds** The number of backed-up apps that will be auto-installed at an optimal time for the machine, determined by the policies of a Windows component called the Universal Orchestrator. +- **DelayedAppIds** The number of backed-up apps that will be auto-installed one hour after device setup. +- **NumBackupApps** The number of apps returned from the restorable apps data store. +- **NumCompatibleApps** The number of backed-up apps reported by compatibility service to be compatible. +- **NumIncompatibleApps** The number of backed-up apps reported by compatibility service to be incompatible. +- **NumProcessedBackupApps** The number of backed-up apps for which we have instructed AppRestore Service to create a placeholder. + + +### Microsoft.Windows.StoreAgent.Telemetry.RestoreError + +This event indicates a blocking error occurred during the restore compatibility check. + +The following fields are available: + +- **ErrorCode** The error code associated with the error. +- **ErrorLocation** The location of the error. +- **ErrorMessage** The message associated with the error. +- **ErrorMethod** The method the error occurred in. +- **ErrorName** The name of the error. +- **ErrorType** The type of the error. +- **LineNumber** The line number the error occurred on. +- **Severity** The severity level of the error. + + +### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation + +This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure. + +The following fields are available: + +- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed. +- **AttemptNumber** The number of retry attempts before it was canceled. +- **BundleId** The identity of the build associated with this product. +- **CategoryId** The identity of the package or packages being installed. +- **ClientAppId** The identity of the app that initiated this operation. +- **HResult** The result code of the last action performed before this operation. +- **IsBundle** Is this a bundle? +- **IsInteractive** Is this user requested? +- **IsMandatory** Is this a mandatory update? +- **IsRemediation** Is this repairing a previous installation? +- **IsRestore** Is this restoring previously acquired content? +- **IsUpdate** Is this an update? +- **IsUserRetry** Did the user initiate the retry? +- **ParentBundleId** The product ID of the parent (if this product is part of a bundle). +- **PFN** The name of the package or packages requested for install. +- **PreviousHResult** The previous HResult error code. +- **PreviousInstallState** Previous state before the installation was paused. +- **ProductId** The Store Product ID for the product being installed. +- **RelatedCV** Correlation Vector for the original install before it was resumed. +- **ResumeClientId** The ID of the app that initiated the resume operation. +- **SystemAttemptNumber** The total number of system attempts. +- **UserAttemptNumber** The total number of user attempts. +- **WUContentId** The Windows Update content ID. + + +### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest + +This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ProductId** The Store Product ID for the product being installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.ScheduleWorkWithUO + +This event is fired when we schedule installs and/or updates with UO. + +The following fields are available: + +- **ClientId** Client ID of the caller. + + +### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest + +This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **CatalogId** The Store Catalog ID for the product being installed. +- **ProductId** The Store Product ID for the product being installed. +- **SkuId** Specific edition of the app being updated. + + +### Microsoft.Windows.StoreAgent.Telemetry.StateTransition + +Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there's a change in a product's fulfillment status (pending, working, paused, canceled, or complete), to help keep Windows up to date and secure. + +The following fields are available: + +- **CatalogId** The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog. +- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. +- **HResult** The resulting HResult error/success code of this operation. +- **NewState** The current fulfillment state of this product. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **PluginLastStage** The most recent product fulfillment step that the plug-in has reported (different than its state). +- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. +- **Prevstate** The previous fulfillment state of this product. +- **ProductId** Product ID of the app that is being updated or installed. + + +### Microsoft.Windows.StoreAgent.Telemetry.UnblockLowPriorityWorkItems + +This event is fired when the UnblockLowPriorityWorkItems method is called, changing the state of all LowPriority work items to working if AutoUpdateState is enabled. + +The following fields are available: + +- **ClientId** Client ID of the caller. + + +### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest + +This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure. + +The following fields are available: + +- **PFamN** The name of the app that is requested for update. + + +## Windows Update Delivery Optimization events + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled + +This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Is the download being done in the background? +- **bytesFromCacheServer** Bytes received from a cache host. +- **bytesFromCDN** The number of bytes received from a CDN source. +- **bytesFromGroupPeers** The number of bytes received from a peer in the same group. +- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group. +- **bytesFromLedbat** The number of bytes received from a source using an Ledbat enabled connection. +- **bytesFromLinkLocalPeers** The number of bytes received from local peers. +- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. +- **bytesFromPeers** The number of bytes received from a peer in the same LAN. +- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. +- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. +- **cdnIp** The IP Address of the source CDN (Content Delivery Network). +- **cdnUrl** The URL of the source CDN (Content Delivery Network). +- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. +- **errorCode** The error code that was returned. +- **experimentId** When running a test, this is used to correlate events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **predefinedCallerName** The name of the API Caller. +- **reasonCode** Reason the action or event occurred. +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the file download session. +- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds. +- **totalTimeMs** The duration of the download, in milliseconds. +- **updateID** The ID of the update being downloaded. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted + +This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Is the download a background download? +- **bytesFromCacheServer** Bytes received from a cache host. +- **bytesFromCDN** The number of bytes received from a CDN source. +- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group. +- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group. +- **bytesFromLedbat** The number of bytes received from source using an Ledbat enabled connection. +- **bytesFromLinkLocalPeers** The number of bytes received from local peers. +- **bytesFromLocalCache** Bytes copied over from local (on disk) cache. +- **bytesFromPeers** The number of bytes received from a peer in the same LAN. +- **bytesRequested** The total number of bytes requested for download. +- **cacheServerConnectionCount** Number of connections made to cache hosts. +- **cdnConnectionCount** The total number of connections made to the CDN. +- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event. +- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. +- **cdnIp** The IP address of the source CDN. +- **cdnUrl** Url of the source Content Distribution Network (CDN). +- **congestionPrevention** Indicates a download may have been suspended to prevent network congestion. +- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. +- **downlinkBps** The maximum measured available download bandwidth (in bytes per second). +- **downlinkUsageBps** The download speed (in bytes per second). +- **downloadMode** The download mode used for this file download session. +- **downloadModeReason** Reason for the download. +- **downloadModeSrc** Source of the DownloadMode setting. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **expiresAt** The time when the content will expire from the Delivery Optimization Cache. +- **fileID** The ID of the file being downloaded. +- **fileSize** The size of the file being downloaded. +- **groupConnectionCount** The total number of connections made to peers in the same group. +- **groupID** A GUID representing a custom group of devices. +- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. +- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. +- **isThrottled** Event Rate throttled (event represents aggregated data). +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **lanConnectionCount** The total number of connections made to peers in the same LAN. +- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network. +- **numPeers** The total number of peers used for this download. +- **numPeersLocal** The total number of local peers used for this download. +- **predefinedCallerName** The name of the API Caller. +- **restrictedUpload** Is the upload restricted? +- **routeToCacheServer** The cache server setting, source, and value. +- **rttMs** Min, Max, Avg round-trip time to the source. +- **rttRLedbatMs** Min, Max, Avg round-trip time to a Ledbat enabled source. +- **sessionID** The ID of the download session. +- **sessionTimeMs** The duration of the session, in milliseconds. +- **totalTimeMs** Duration of the download (in seconds). +- **updateID** The ID of the update being downloaded. +- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second). +- **uplinkUsageBps** The upload speed (in bytes per second). + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused + +This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Is the download a background download? +- **cdnUrl** The URL of the source CDN (Content Delivery Network). +- **errorCode** The error code that was returned. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being paused. +- **isVpn** Is the device connected to a Virtual Private Network? +- **jobID** Identifier for the Windows Update job. +- **predefinedCallerName** The name of the API Caller object. +- **reasonCode** The reason for pausing the download. +- **routeToCacheServer** The cache server setting, source, and value. +- **sessionID** The ID of the download session. +- **sessionTimeMs** The duration of the download session, spanning multiple jobs, in milliseconds. +- **totalTimeMs** The duration of the download, in milliseconds. +- **updateID** The ID of the update being paused. + + +### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted + +This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **background** Indicates whether the download is happening in the background. +- **bytesRequested** Number of bytes requested for the download. +- **callerAppPackageName** The caller app package name. +- **cdnUrl** The URL of the source Content Distribution Network (CDN). +- **costFlags** A set of flags representing network cost. +- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). +- **diceRoll** Random number used for determining if a client will use peering. +- **doClientVersion** The version of the Delivery Optimization client. +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadModeReason** Reason for the download. +- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). +- **errorCode** The error code that was returned. +- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. +- **fileID** The ID of the file being downloaded. +- **filePath** The path to where the downloaded file will be written. +- **fileSize** Total file size of the file that was downloaded. +- **fileSizeCaller** Value for total file size provided by our caller. +- **groupID** ID for the group. +- **isEncrypted** Indicates whether the download is encrypted. +- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data). +- **isVpn** Indicates whether the device is connected to a Virtual Private Network. +- **jobID** The ID of the Windows Update job. +- **peerID** The ID for this delivery optimization client. +- **predefinedCallerName** Name of the API caller. +- **routeToCacheServer** Cache server setting, source, and value. +- **sessionID** The ID for the file download session. +- **setConfigs** A JSON representation of the configurations that have been set, and their sources. +- **updateID** The ID of the update being downloaded. +- **UusVersion** The version of the undocked update stack. + + +### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication + +This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads. The data collected with this event is used to help keep Windows up to date. + +The following fields are available: + +- **cdnHeaders** The HTTP headers returned by the CDN. +- **cdnIp** The IP address of the CDN. +- **cdnUrl** The URL of the CDN. +- **errorCode** The error code that was returned. +- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered. +- **experimentId** When running a test, this is used to correlate with other events that are part of the same test. +- **fileID** The ID of the file being downloaded. +- **httpStatusCode** The HTTP status code returned by the CDN. +- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET +- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.). +- **requestOffset** The byte offset within the file in the sent request. +- **requestSize** The size of the range requested from the CDN. +- **responseSize** The size of the range response received from the CDN. +- **sessionID** The ID of the download session. + + +## Windows Update events + +### Microsoft.Windows.Update.Aggregator.UusCoreHealth.HealthAggregatorSummary + +This event is a summary of UUS health indicators. + +The following fields are available: + +- **Fallback** Failover information. +- **FlightId** Payload that is being sent. +- **IsStable** Boolean if the payload is in image. +- **Lock** Lock identifier. +- **UpdateId** Update identifier. +- **UusVersion** Version of the undocked payload. +- **VersionActivationsSinceLastBoot** Number of activations since last reboot. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize + +This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **flightMetadata** Contains the FlightId and the build being flighted. +- **objectId** Unique value for each Update Agent mode. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. + + +### Microsoft.Windows.Update.Orchestrator.Client.AppUpdateInstallResult + +This event reports installation result details of expedited apps. + +The following fields are available: + +- **Completed** Whether the installation completed. +- **DeploymentAttempted** Whether the deployment was attempted. +- **DeploymentErrorCode** The error code resulting from the deployment attempt. +- **DeploymentExtendedErrorCode** The extended error code resulting from the deployment attempt. +- **InstallFailureReason** On failure, the InstallFailureReason reported. +- **OperationStatus** OperationStatus result reported by the installation attempt. +- **Succeeded** Whether the installation succeeded. +- **updaterId** The UpdaterId associated with this expedited app. +- **UusVersion** The version of the UUS stack currently active. +- **VelocityEnabled** Whether the velocity tag for the expedited app is enabled. + + +### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallAlreadyRunning + +This event indicates that another instance is currently attempting to install business critical store updates. + +The following fields are available: + +- **UusVersion** The version of the UUS Stack currently active. + + +### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallResult + +This event returns the result after installing a business critical store application. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **AppInstallState** The application installation state. +- **HRESULT** The result code (HResult) of the install. +- **PFN** The package family name of the package being installed. +- **updaterId** The Id of the updater. +- **UusVersion** The version of the UUS stack currently active. + + +### Microsoft.Windows.Update.Orchestrator.Client.EdgeUpdateResult + +This event sends data indicating the result of invoking the edge updater. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **ExitCode** The exit code that was returned. +- **HRESULT** The result code (HResult) of the operation. +- **UusVersion** The version of the UUS stack currently active. +- **VelocityEnabled** A flag that indicates if velocity is enabled. +- **WorkCompleted** A flag that indicates if work is completed. + + +### Microsoft.Windows.Update.Orchestrator.Client.MACUpdateInstallResult + +This event reports the installation result details of the MACUpdate expedited application. + +The following fields are available: + +- **Completed** Indicates whether the installation is complete. +- **DeploymentAttempted** Whether the deployment was attempted. +- **DeploymentErrorCode** The error code resulting from the deployment attempt. +- **DeploymentExtendedErrorCode** The extended error code resulting from the deployment attempt. +- **InstallFailureReason** Indicates the reason an install failed. +- **IsRetriableError** Indications whether the error is retriable. +- **OperationStatus** Returns the operation status result reported by the installation attempt. +- **Succeeded** Indicates whether the installation succeeded. +- **UusVersion** The version of the UUS stack currently active. +- **VelocityEnabled** Indicates whether the velocity tag for MACUpdate is enabled. + + +### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh + +This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows secure and up to date. + +The following fields are available: + +- **configuredPoliciescount** Number of policies on the device. +- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM, or flight). +- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. +- **UusVersion** Active version of UUS. + + +### Microsoft.Windows.Update.Orchestrator.Worker.EulaAccepted + +Indicates that EULA for an update has been accepted. + +The following fields are available: + +- **HRESULT** Was the EULA acceptance successful. +- **publisherIntent** Publisher Intent ID associated with the update. +- **reason** Reason for EULA acceptance. +- **update** Update for which EULA has been accepted. +- **UusVersion** The version of the UUS stack currently active. + + +### Microsoft.Windows.Update.Orchestrator.Worker.OobeUpdateApproved + +This event signifies an update being approved around the OOBE time period. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **approved** Flag to determine if it's approved or not. +- **provider** The provider related to which the update is approved. +- **publisherIntent** The publisher intent of the Update. +- **update** Additional information about the Update. +- **UusVersion** The version of the UUS Stack currently active. + + +### Microsoft.Windows.Update.Orchestrator.Worker.SetIpuMode + +This event indicates that a provider is setting the inplace upgrade mode. + +The following fields are available: + +- **flightId** Flight Identifier. +- **mode** The value being set. +- **provider** The provider that is getting the value. +- **reason** The reason the value is being set. +- **uniqueId** Update Identifier. +- **UusVersion** The version of the UUS Stack currently active. + + +### Microsoft.Windows.Update.Orchestrator.Worker.UpdateActionCritical + +This event informs the update related action being performed around the OOBE timeframe. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **action** The type of action being performed (Install or download etc.). +- **connectivity** Informs if the device is connected to network while this action is performed. +- **freeDiskSpaceInMB** Amount of free disk space. +- **freeDiskSpaceInMBDelta** Amount of free disk space. +- **interactive** Informs if this action is caused due to user interaction. +- **nextAction** Next action to be performed. +- **priority** The CPU and IO priority this action is being performed on. +- **provider** The provider that is being invoked to perform this action (WU, Legacy UO Provider etc.). +- **publisherIntent** ID for the metadata associated with the update. +- **scenario** The result of the action being performed. +- **update** Update related metadata including UpdateId. +- **uptimeMinutes** Duration USO for up for in the current boot session. +- **uptimeMinutesDelta** The change in device uptime while this action was performed. +- **UusVersion** The version of the UUS stack currently active. +- **wilActivity** Wil Activity related information. + +### Microsoft.Windows.Update.SIHClient.CheckForUpdatesStarted + +Scan event for Server Initiated Healing client. + +The following fields are available: + +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded. +- **UusVersion** UUS version. +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). + + +### Microsoft.Windows.Update.SIHClient.CheckForUpdatesSucceeded + +Scan event for Server Initiated Healing client + +The following fields are available: + +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. +- **CachedEngineVersion** The engine DLL version that is being used. +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Launch event for Server Initiated Healing client. +- **TargetMetadataVersion** The detected version of the self healing engine that is currently downloading or downloaded. +- **UusVersion** Active UUS Version. +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). + + +### Microsoft.Windows.Update.SIHClient.DownloadSucceeded + +Download process event for target update on SIH Client. + +The following fields are available: + +- **CachedEngineVersion** Version of the Cache Engine. +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **DownloadType** Type of Download. +- **EventInstanceID** ID of the Event Instance being fired. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **TargetMetadataVersion** Version of the Metadata which is being targeted for an update. +- **UpdateID** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. +- **WUDeviceID** Global Device ID utilized to identify Device. + + +### Microsoft.Windows.Update.SIHClient.TaskRunCompleted + +This event is a launch event for Server Initiated Healing client. + +The following fields are available: + +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **CmdLineArgs** Command line arguments passed in by the caller. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UusVersion** The version of the Update Undocked Stack. +- **WUDeviceID** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). + + +### Microsoft.Windows.Update.SIHClient.TaskRunStarted + +This event is a launch event for Server Initiated Healing client. + +The following fields are available: + +- **CallerApplicationName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **CmdLineArgs** Command line arguments passed in by the caller. +- **EventInstanceID** A globally unique identifier for event instance. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UusVersion** The version of the Update Undocked Stack. +- **WUDeviceID** Unique device ID controlled by the software distribution client. + + +### Microsoft.Windows.Update.Undocked.Brain.ActiveVersionUpdated + +This event gets fired when the active version of the Undocked Update Stack is being updated/ + +The following fields are available: + +- **Fallback** Initiated Process. +- **FlightID** FlightID associated. +- **Lock** Lock Group Name. +- **MinutesSinceInstall** Time to complete process. +- **Stable** Is VersionActive from stable. +- **UpdateID** Update identifier. +- **VersionActive** The now active version of the UUS stack. +- **VersionPrevious** The previous active version of the UUS stack. + + +### Microsoft.Windows.Update.Undocked.Brain.FailoverVersionExcluded + +This event indicates Failover tried to exclude an UUS Version. + +The following fields are available: + +- **AlreadyExcluded** Boolean. +- **Exception** The exception encountered during exclusion. +- **ExclusionReason** Reason for the exclusion. +- **Success** Success or failure indicator. +- **VerFailover** The actual UUS Version that failover was running for. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.DownloadRequest + +Download request for undocked update agent + +The following fields are available: + +- **errorCode** Error code. +- **flightId** FlightID of the package. +- **rangeRequestState** State of request for download range. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.Initialize + +Initialization event of undocked update agent. + +The following fields are available: + +- **errorCode** Error code. +- **flightId** FlightID of the package. +- **flightMetadata** Metadata. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **sessionData** Additional logging. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.Install + +Install event of undocked update agent. + +The following fields are available: + +- **errorCode** Error code. +- **flightId** FlightID of the package. +- **folderExists** Boolean. +- **packageNewer** version of newer package. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **retryCount** result count. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.ModeStart + +Undocked update agent mode start event. + +The following fields are available: + +- **flightId** FlightID of the package. +- **mode** Install or Download mode. +- **relatedCV** CV for telemetry mapping. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. + + +### Microsoft.Windows.Update.Undocked.UpdateAgent.Payload + +Payload event of undocked update agent. + +The following fields are available: + +- **errorCode** Error code. +- **fileCount** Number of files to download. +- **flightId** FlightID of the package. +- **mode** Install or Download mode. +- **relatedCV** CV for telemetry mapping. +- **result** Result code. +- **sessionId** Logging identification. +- **updateId** Identifier for payload. +- **uusVersion** Version of the UUS stack being installed. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesCanceled + +This event checks for updates canceled on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumFailedAudienceMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesFailed + +This event checks for failed updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FailedUpdateInfo** Information about the update failure. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Name of Handler. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. +- **Props** A bitmask for additional flags associated with the Windows Update request (IsInteractive, IsSeeker, AllowCachedResults, DriverSyncPassPerformed, IPv4, IPv6, Online, ExtendedMetadataIncl, WUfb). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult.). +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UusVersion** Active UUSVersion. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesRetry + +This event checks for update retries on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesScanInitFailed + +This event checks for failed update initializations on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **SyncType** Describes the type of scan the event was. +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UusVersion** Active UUS version. + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesServiceRegistrationFailed + +This event checks for updates for failed service registrations the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. +- **CallerName** For drivers targeted to a specific device model, this is the version release of the drivers being distributed to the device. +- **Context** Context of failure. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumFailedAudienceMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced. +- **NumFailedMetadataSignatures** Number of audience Publisher Intent metadata signatures checks which failed for new metadata synced download. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **SyncType** Describes the type of scan the event was. +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.CheckForUpdatesSucceeded + +This event checks for successful updates on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **AADDeviceTicketInfo** Identifies result of AAD Device Token Acquisition. +- **AADDeviceTicketResult** Identifies result of AAD Device Token Acquisition. +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **HandlerInfo** HandlerInfo Blob. +- **HandlerType** HandlerType blob. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **NumberOfApplicableUpdates** Number of updates which were ultimately deemed applicable to the system after detection process is complete. +- **NumFailedAudienceMetadataSignatures** Number of audience PublisherIntent metadata signatures checks which failed for new metadata synced. +- **NumFailedMetadataSignatures** Number of metadata signatures checks which failed for new metadata synced download. +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **ServiceUrl** Environment URL for which a device is configured to scan. +- **SyncType** Describes the type of scan for this event (1-Full Sync, 2-Delta Sync, 3-Full CatScan Sync, 4-Delta CatScan Sync). +- **UusVersion** Active UUS version. +- **WUFBInfo** WufBinfoBlob. + + +### Microsoft.Windows.Update.WUClient.CommitFailed + +This event checks for failed commits on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **ExtendedStatusCode** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.CommitStarted + +This event tracks the commit started event on the Windows Update client. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Current active UUS version. + + +### Microsoft.Windows.Update.WUClient.CommitSucceeded + +This event is used to track the commit succeeded process, after the update installation, when the software update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Indicates the purpose of the event - whether scan started, succeeded, failed, etc. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **HandlerType** The specific ID of the flight the device is getting. +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.DownloadCanceled + +This event tracks the download canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Name of application making the Windows Update request. Used to identify context of request. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **DownloadPriority** Indicates the priority of the download activity. +- **DownloadStartTimeUTC** Download start time to measure the length of the session. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerInfo** HandlerInfo Blob. +- **HandlerType** HandlerType Blob. +- **HostName** Identifies the hostname. +- **NetworkCost** Identifies the network cost. +- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. +- **Props** A bitmask for additional flags associated with the download request. +- **Reason** Cancel reason information. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.DownloadFailed + +This event tracks the download failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Name of application making the Windows Update request. Used to identify context of request. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Provides context about distribution stack for reporting. +- **DownloadPriority** Indicates the priority of the download activity. +- **DownloadStartTimeUTC** Start time to measure length of session. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerInfo** HandlerInfo Blob. +- **HandlerType** HandlerType Blob. +- **HostName** Identifies the hostname. +- **NetworkCost** Identifies the network cost. +- **NetworkRestrictionStatus** When download is done, identifies whether network switch happened to restricted. +- **Props** Commit Props (MergedUpdate). +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.DownloadPaused + +This event is fired when the Download stage is paused. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **DownloadPriority** Indicates the priority of the download activity. +- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate) +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClient.DownloadQueued + +This event tracks the download queued event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **DownloadPriority** Indicates the priority of the download activity. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate) +- **QueuedReason** The reason in which a download has been queued. +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClient.DownloadResumed + +This event is fired when the Download of content is continued from a pause state. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **DownloadPriority** Indicates the priority of the download activity. +- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **FlightId** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **HandlerInfo** Blob of Handler related information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate) +- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClient.InstallCanceled + +This event tracks the install canceled event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) +- **Reason** Install canceled reason. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.InstallFailed + +This event tracks the install failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerInfo** Handler specific information. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UndockedComponents** Information about the undocked components. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** UUS version. + + +### Microsoft.Windows.Update.WUClient.InstallRebootPending + +This event tracks the install reboot pending event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + +### Microsoft.Windows.Update.WUClient.InstallStarted + +The event tracks the install started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.InstallSucceeded + +The event tracks the successful install event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerInfo** Handler specific datapoints. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Install props (UsedSystemVolume, MergedUpdate, IsSuccessFailurePostReboot, isInteractive) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UndockedComponents** Information about the undocked components. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.RevertFailed + +This event tracks the revert failed event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Commit Props (MergedUpdate) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClient.RevertStarted + +This event tracks the revert started event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Revert props (MergedUpdate) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClient.RevertSucceeded + +The event tracks the successful revert event when the update client is trying to update the device. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BundleId** Identifier associated with the specific content bundle; shouldn't be all zeros if the bundleID was found. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ClassificationId** Classification identifier of the update content. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **Props** Revert props (MergedUpdate) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **UndockedComponents** Information consisting of Id, HR, ModuleVer, LoadProps, Path relating to the Undocked component. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClientExt.DownloadCheckpoint + +This is a checkpoint event between the Windows Update download phases for UUP content. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **FileId** Unique identifier for the downloaded file. +- **FileName** Name of the downloaded file. +- **FlightId** The specific ID of the flight the device is getting. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClientExt.DownloadHeartbeat + +This event allows tracking of ongoing downloads and contains data to explain the current state of the download. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **BytesTotal** Total bytes to transfer for this content. +- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat. +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat. +- **CurrentError** Last (transient) error encountered by the active download. +- **DownloadHBFlags** Flags indicating if power state is ignored. +- **DownloadState** Current state of the active download for this content (queued, suspended, progressing). +- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **FlightId** The specific ID of the flight the device is getting. +- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any. +- **MOUpdateDownloadLimit** Mobile operator cap on size of OS update downloads, if any. +- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, Connected Standby). +- **Props** Commit Props (MergedUpdate) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **ResumeCount** Number of times this active download has resumed from a suspended state. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SuspendCount** Number of times this active download has entered a suspended state. +- **SuspendReason** Last reason for which this active download has entered suspended state. +- **UpdateId** Identifier associated with the specific piece of content. +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityFragmentSigning + +This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **LeafCertId** IntegralIDfrom the FragmentSigning data for certificate which failed. +- **ListOfSHA256OfIntermediateCerData** List of Base64 string of hash of intermediate cert data. +- **MetadataIntegrityMode** Base64 string of the signature associated with the update metadata (specified by revision id). +- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. +- **RawValidityWindowInDays** Raw unparsed string of validity window in effect when verifying the timestamp. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SHA256OfLeafCerData** Base64 string of hash of the leaf cert data. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UusVersion** Active UUS version. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityGeneral + +Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. + +The following fields are available: + +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EndpointUrl** Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.) +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult) +- **UusVersion** The version of the Update Undocked Stack + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegritySignature + +This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **LeafCertId** IntegralIDfrom the FragmentSigning data for certificate which failed. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce. +- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id). +- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. +- **RevisionId** Identifies the revision of this specific piece of content. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SHA256OfLeafCertPublicKey** Base64 string of hash of the leaf cert public key. +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob. +- **SignatureAlgorithm** Hash algorithm for the metadata signature. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is malformed and decoding failed. +- **UpdateID** String of update ID and version number. +- **UusVersion** The version of the Update Undocked Stack. + + +### Microsoft.Windows.Update.WUClientExt.UpdateMetadataIntegrityTimestamp + +This event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. The data collected with this event is used to help keep Windows secure and up to date. + +The following fields are available: + +- **CallerName** Name of the application making the Windows Update Request. Used to identify context of the request. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode wasn't specific enough. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **RawMode** Raw unparsed mode string from the SLS response. Null if not applicable. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. +- **UusVersion** Active UUS Version. +- **ValidityWindowInDays** Validity window in effect when verifying the timestamp. + + +### Microsoft.Windows.Update.WUClientExt.UUSLoadModuleFailed + +This is the UUSLoadModule failed event and is used to track the failure of loading an undocked component. The data collected with this event is used to help keep Windows up to date and secure. + +The following fields are available: + +- **ModulePath** Path of the undocked module. +- **ModuleVersion** Version of the undocked module. +- **Props** A bitmask for flags associated with loading the undocked module. +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one. +- **StatusCode** Result of the undocked module loading operation. +- **UusSessionID** Unique ID used to create the UUS session. +- **UusVersion** Active UUS version. + + +## Winlogon events + +### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon + +This event signals the completion of the setup process. It happens only once during the first logon. \ No newline at end of file diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 15649caaf5..8b37f691d4 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 04/24/2024 +ms.date: 10/01/2024 ms.collection: privacy-windows ms.topic: reference --- @@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) - [Required diagnostic events and fields for Windows 10, versions 22H2 and 21H2](required-windows-diagnostic-data-events-and-fields-2004.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) @@ -167,7 +168,6 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser binary generating the events. - ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove This event indicates that the DatasourceApplicationFile object is no longer present. The data collected with this event is used to help keep Windows up to date. @@ -438,7 +438,7 @@ The following fields are available: - **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? - **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? - **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden? +- **DriverBlockOverridden** Is there a driver block on the device that has been overridden? - **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? - **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? - **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? @@ -1475,7 +1475,7 @@ The following fields are available: - **AzureOSIDPresent** Represents the field used to identify an Azure machine. - **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. - **CDJType** Represents the type of cloud domain joined for the machine. -- **CommercialId** Represents the GUID for the commercial entity that the device is a member of.  Will be used to reflect insights back to customers. +- **CommercialId** Represents the GUID for the commercial entity that the device is a member of. Will be used to reflect insights back to customers. - **ContainerType** The type of container, such as process or virtual machine hosted. - **EnrollmentType** Defines the type of MDM enrollment on the device. - **HashedDomain** The hashed representation of the user domain used for login. @@ -1490,7 +1490,6 @@ The following fields are available: - **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier - ### Census.Firmware This event sends data about the BIOS and startup embedded in the device. The data collected with this event is used to help keep Windows secure and up to date. @@ -1956,6 +1955,7 @@ The following fields are available: Fires when HVCI is already enabled so no need to continue auto-enablement. + ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed Fires when driver scanning fails to get results. @@ -2197,6 +2197,7 @@ The following fields are available: - **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. - **xid** A list of base10-encoded XBOX User IDs. + ## Common data fields ### Ms.Device.DeviceInventoryChange @@ -2212,6 +2213,7 @@ The following fields are available: - **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. + ## Component-based servicing events ### CbsServicingProvider.CbsCapabilityEnumeration @@ -2985,6 +2987,7 @@ The following fields are available: - **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. - **wilActivity** Windows Mixed Reality Portal app wilActivity ID. + ### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. The data collected with this event is used to keep Windows performing properly. @@ -3570,7 +3573,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd -This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly. +This event provides data on Unified Update Platform (UUP) products and what version they're at. The data collected with this event is used to keep Windows performing properly. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3753,7 +3756,7 @@ This Ping event sends a detailed inventory of software and hardware information The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. See the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. - **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. @@ -3761,13 +3764,13 @@ The following fields are available: - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. See the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. - **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appLastLaunchTime** The time when browser was last launched. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. See the wiki for additional information. Default: '0.0.0.0'. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply. - **appPingEventDownloadMetricsCdnCCC** ISO 2 character country or region code that matches to the country or region updated binaries are delivered from. E.g.: US. @@ -3781,8 +3784,8 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. See the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. See the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. @@ -3794,9 +3797,9 @@ The following fields are available: - **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they haven't. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. See the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. See the wiki for additional information. +- **eventType** A string indicating the type of the event. - **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. - **hwDiskType** Device’s hardware disk type. - **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware doesn't support the AVX instruction set. '-1' if unknown. Default: '-1'. @@ -3996,7 +3999,6 @@ The following fields are available: - **extendedData** GTL extended data section for each app to add its own extensions. - **timeToActionMs** Time in MS for this Page Action. - ### Microsoft.Surface.Mcu.Prod.CriticalLog Error information from Surface device firmware. @@ -4312,7 +4314,7 @@ The following fields are available: - **DownloadState** Current state of the active download for this content (queued, suspended, or progressing) - **EventType** Possible values are "Child", "Bundle", or "Driver" - **FlightId** The unique identifier for each flight -- **IsNetworkMetered** Indicates whether Windows considered the current network to be metered" +- **IsNetworkMetered** Indicates whether Windows considered the current network to be "metered" - **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any - **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any - **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) @@ -6355,7 +6357,7 @@ The following fields are available: - **flightMetadata** Contains the FlightId and the build being flighted. - **objectId** Unique value for each Update Agent mode. - **relatedCV** Correlation vector value generated from the latest USO scan. -- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Canceled, 3 = Blocked, 4 = BlockCancelled. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. - **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). - **sessionId** Unique value for each Update Agent mode attempt. @@ -6589,6 +6591,15 @@ The following fields are available: - **WasPresented** True if the user interaction campaign is displayed to the user. +### Microsoft.Windows.WindowsUpdate.RUXIM.IHExit + +This event is generated when the RUXIM Interaction Handler (RUXIMIH.EXE) exits. The data collected with this event is used to help keep Windows up to date and performing properly. + +The following fields are available: + +- **InteractionCampaignID** GUID identifying the interaction campaign that RUXIMIH processed. + + ## Windows Update mitigation events ### Microsoft.Windows.Mitigations.AllowInPlaceUpgrade.ApplyTroubleshootingComplete @@ -6840,7 +6851,4 @@ The following fields are available: - **Disposition** The parameter for the hard reserve adjustment function. - **Flags** The flags passed to the hard reserve adjustment function. - **PendingHardReserveAdjustment** The final change to the hard reserve size. -- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. - - - +- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. \ No newline at end of file diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md index 4fb9beb260..e008b7598b 100644 --- a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 04/24/2024 +ms.date: 10/01/2024 ms.collection: privacy-windows ms.topic: reference --- @@ -31,6 +31,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Required diagnostic events and fields for Windows 11, version 24H2](required-diagnostic-events-fields-windows-11-24H2.md) - [Required diagnostic events and fields for Windows 11, versions 23H2 and 22H2](required-diagnostic-events-fields-windows-11-22H2.md) - [Required diagnostic events and fields for Windows 11, version 21H2](required-windows-11-diagnostic-events-and-fields.md) - [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) @@ -873,7 +874,7 @@ The following fields are available: - **DriverAvailableInbox** Is a driver included with the operating system for this PNP device? - **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update? - **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device? -- **DriverBlockOverridden** Is there's a driver block on the device that has been overridden? +- **DriverBlockOverridden** Is there a driver block on the device that has been overridden? - **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device? - **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS? - **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade? @@ -2476,7 +2477,8 @@ Fires when the compatibility check completes. Gives the results from the check. The following fields are available: - **IsRecommended** Denotes whether all compatibility checks have passed and, if so, returns true. Otherwise returns false. -- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-hvci-default-enablement). +- **Issues** If compatibility checks failed, provides bit indexed indicators of issues detected. Table located here: [Check results of HVCI default enablement](/windows-hardware/design/device-experiences/oem-hvci-enablement#check-results-of-memory-integrity-default-enablement). + ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.Enabled @@ -4334,6 +4336,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory binary generating the events. + ### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd This event sends basic metadata about ACPI PHAT Health Record structure on the machine. The data collected with this event is used to help keep Windows up to date. @@ -4608,6 +4611,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. + ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows. @@ -4858,7 +4862,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd -This event provides data on Unified Update Platform (UUP) products and what version they are at. The data collected with this event is used to keep Windows performing properly. +This event provides data on Unified Update Platform (UUP) products and what version they're at. The data collected with this event is used to keep Windows performing properly. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -5148,7 +5152,7 @@ This Ping event sends a detailed inventory of software and hardware information The following fields are available: - **appAp** Any additional parameters for the specified application. Default: ''. -- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Default: undefined. - **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. - **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). - **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. @@ -5156,13 +5160,13 @@ The following fields are available: - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. -- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Please see the wiki for additional information. Default: '-2'. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value isn't known. Default: '-2'. - **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client shouldn't transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. - **appInstallTime** The product install time in seconds. '0' if unknown. Default: '-1'. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appLastLaunchTime** The time when browser was last launched. -- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. - **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. - **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event wasn't completed before OOBE finishes; -1 means the field doesn't apply. - **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z. @@ -5180,8 +5184,8 @@ The following fields are available: - **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. -- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. -- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventEventResult** An enum indicating the result of the event. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. - **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. @@ -5195,9 +5199,9 @@ The following fields are available: - **appUpdateCheckTargetChannel** Check for status showing the target release channel. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server shouldn't return an update instruction to a version number that doesn't match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it isn't a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. -- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appVersion** The version of the product install. Default: '0.0.0.0'. - **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. -- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **eventType** A string indicating the type of the event. - **expDeviceId** A non-unique resettable device ID to identify a device in experimentation. - **expEtag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. - **expETag** An identifier representing all service applied configurations and experiments when current update happens. Used for testing only. @@ -5618,6 +5622,7 @@ The following fields are available: - **criticalLogSize** Log size - **CUtility::GetTargetNameA(target)** Product identifier. - **productId** Product identifier +- **SurfaceTelemetry_EventType** Required vs. Optional event - **uniqueId** Correlation ID that can be used with Watson to get more details about the failure. @@ -5639,6 +5644,7 @@ This event sends information about the Operating System image name to Microsoft. The following fields are available: +- **SurfaceTelemetry_EventType** Required vs. Optional event - **szOsImageName** This is the image name that is running on the device. @@ -5691,6 +5697,7 @@ The following fields are available: - **UpdateType** Indicates if it's DB or DBX update - **WillResealSucceed** Indicates if TPM reseal operation is expected to succeed + ### Microsoft.Windows.Security.SBServicing.ApplySecureBootUpdateStarted Event that indicates secure boot update has started. @@ -5746,9 +5753,7 @@ The following fields are available: - **touchKeyboardDesktop** Touch keyboard desktop - **touchKeyboardTablet** Touch keyboard tablet - **triggerType** Trigger type -- **usePowershell** Use PowerShell - - +- **usePowershell** Use PowerShell. ## Privacy consent logging events @@ -6558,8 +6563,9 @@ The following fields are available: - **CUtility::GetTargetNameA(Target)** Sub component name. - **HealthLog** Health indicator log. - **healthLogSize** 4KB. +- **PartA_PrivacyProduct** Product tag - **productId** Identifier for product model. - +- **SurfaceTelemetry_EventType** Required vs. Optional event ### Microsoft.Surface.SystemReset.Prod.ResetCauseEventV2 @@ -6568,9 +6574,25 @@ This event sends reason for SAM, PCH and SoC reset. The data collected with this The following fields are available: - **ControllerResetCause** The cause for the controller reset. +- **EcResetCause** EC reset cause. +- **FaultReset1Cause** Fault 1 reset cause. +- **FaultReset2Cause** Fault 2 reset cause. - **HostResetCause** Host reset cause. +- **OffResetCause** Off reset cause. +- **OnResetCause** On reset cause. +- **PartA_PrivacyProduct** Product tag - **PchResetCause** PCH reset cause. +- **PoffResetCause** Power Off reset cause. +- **PonResetCause** Power On reset cause. +- **S3ResetCause** S3 reset cause. - **SamResetCause** SAM reset cause. +- **SamResetCauseExtBacklightState** SAM Reset Display Backlight state. +- **SamResetCauseExtLastPowerButtonTime** SAM Reset Last Power Button time. +- **SamResetCauseExtLastSshCommunicationTime** SAM Reset Last SSH Communication time. +- **SamResetCauseExtPostureStateReason** SAM Reset Last Posture State reason. +- **SamResetCauseExtRestartReason** SAM Reset Extended Restart reason. +- **SurfaceTelemetry_EventType** Required vs. Optional event. +- **WarmResetCause** Warm reset cause. ## Update Assistant events @@ -10018,7 +10040,4 @@ The following fields are available: - **videoResolution** Video resolution to use. - **virtualMachineName** VM name. - **waitForClientConnection** True if we should wait for client connection. -- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. - - - +- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. \ No newline at end of file diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml index 9c47130eca..e177a03cd3 100644 --- a/windows/privacy/toc.yml +++ b/windows/privacy/toc.yml @@ -13,6 +13,8 @@ href: diagnostic-data-viewer-powershell.md - name: Required Windows diagnostic data events and fields items: + - name: Windows 11, version 24H2 + href: required-diagnostic-events-fields-windows-11-24H2.md - name: Windows 11, versions 23H2 and 22H2 href: required-diagnostic-events-fields-windows-11-22H2.md - name: Windows 11, version 21H2 From 511d529eeb80374ab20613d6a8396762fe9e8ada Mon Sep 17 00:00:00 2001 From: David Strome <21028455+dstrome@users.noreply.github.com> Date: Mon, 30 Sep 2024 10:56:18 -0700 Subject: [PATCH 127/164] Set stale debug to false --- .github/workflows/Stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Stale.yml b/.github/workflows/Stale.yml index 101ee8ba9c..82b6875e28 100644 --- a/.github/workflows/Stale.yml +++ b/.github/workflows/Stale.yml @@ -13,7 +13,7 @@ jobs: stale: uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod with: - RunDebug: true + RunDebug: false RepoVisibility: ${{ github.repository_visibility }} secrets: AccessToken: ${{ secrets.GITHUB_TOKEN }} From ed653f33ab6db1ef5102ecd903e144816ca3fb54 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 30 Sep 2024 10:58:37 -0700 Subject: [PATCH 128/164] update gp link for 24h2 --- windows/hub/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/hub/index.yml b/windows/hub/index.yml index a7c884a207..a20075e2cf 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -31,7 +31,7 @@ highlightedContent: - title: Windows 11, version 24H2 group policy settings reference itemType: download - url: https://www.microsoft.com/download/details.aspx?id=105668 + url: https://www.microsoft.com/download/details.aspx?id=106255 - title: Windows administrative tools itemType: concept From dbc5ead65d237f167e8121a8eeef11caea9ecccd Mon Sep 17 00:00:00 2001 From: Padma Jayaraman Date: Tue, 1 Oct 2024 00:46:57 +0530 Subject: [PATCH 129/164] Fixed alignment issues --- .../per-user-services-in-windows.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index 19044b7c4c..f1cf07572c 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -229,14 +229,14 @@ If you can't use group policy preferences to manage the per-user services, you c 1. The following example includes multiple commands that disable the specified Windows services by changing their **Start** value in the Windows Registry to `4`: -```cmd -REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f -REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f -REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f -REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f -REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f -REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f -``` + ```cmd + REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f + REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f + REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f + REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f + REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f + REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f + ``` #### Example 2: Use the Registry Editor user interface to edit the registry @@ -248,7 +248,7 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE 1. Change the **Value data** to `4`. -:::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4."::: + :::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4."::: #### Example 3: Prevent the creation of per-user services From 2f4082801eafa36558bd4152339732ce7a4611b3 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 30 Sep 2024 15:23:36 -0400 Subject: [PATCH 130/164] updates from Rafal --- .../data-protection/bitlocker/operations-guide.md | 3 +++ .../data-protection/bitlocker/recovery-overview.md | 1 + .../data-protection/bitlocker/recovery-process.md | 3 +++ 3 files changed, 7 insertions(+) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md index 7bf6e12c5a..645cf45add 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md @@ -462,6 +462,9 @@ From the **BitLocker Drive Encryption** Control Panel applet, select the OS driv ### Resume BitLocker +> [!NOTE] +> Resuming protection only works on devices that have accepted the Windows EULA. + #### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell) ```powershell diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md index 4625b2f5e0..d49761fd5d 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md @@ -21,6 +21,7 @@ The following list provides examples of common events that cause a device to ent - Docking or undocking a portable computer - Changes to the NTFS partition table on the disk - Changes to the boot manager +- PXE booting, unless BitLocker uses the *Network Unlock* feature - Turning off, disabling, deactivating, or clearing the TPM - TPM self-test failure - Upgrading the motherboard to a new one with a new TPM diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md index 4b1498edf5..a3cded5a34 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md @@ -180,6 +180,9 @@ When a volume is unlocked using a recovery password: After the volume is unlocked, BitLocker behaves the same way, regardless of how the access was granted. +> [!NOTE] +> If you move an OS volume with a TPM protector to a different device and unlock it using a recovery protector, BitLocker will bind to the new TPM. Returning the volume to the original device will prompt for the recovery protector due to the TPM mismatch. Once unlocked using recovery protector again, the volume will re-bind to the original device. + If a device experiences multiple recovery password events, an administrator should perform post-recovery analysis to determine the root cause of the recovery. Then, refresh the BitLocker platform validation to prevent entering a recovery password each time that the device starts up. ### Determine the root cause of the recovery From c1e3b3dd0067b762b357b6f873713bc7d8c342db Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 1 Oct 2024 07:49:27 -0400 Subject: [PATCH 131/164] updates --- .../data-protection/bitlocker/recovery-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md index d49761fd5d..808550018a 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md @@ -21,7 +21,7 @@ The following list provides examples of common events that cause a device to ent - Docking or undocking a portable computer - Changes to the NTFS partition table on the disk - Changes to the boot manager -- PXE booting, unless BitLocker uses the *Network Unlock* feature +- Using PXE boot - Turning off, disabling, deactivating, or clearing the TPM - TPM self-test failure - Upgrading the motherboard to a new one with a new TPM From 575d5d29e8d4fb7d09ff1f1365d4bc2807bd5244 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 1 Oct 2024 09:45:21 -0500 Subject: [PATCH 132/164] Update security-compliance-toolkit-10.md Added Windows 11 24H2 --- .../security-compliance-toolkit-10.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md index a1a1d93059..60779c7848 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -16,6 +16,7 @@ The SCT enables administrators to effectively manage their enterprise's Group Po The Security Compliance Toolkit consists of: - Windows 11 security baseline + - Windows 11, version 24H2 - Windows 11, version 23H2 - Windows 11, version 22H2 - Windows 11, version 21H2 From 21fc7371cf08bfea25e838b1fb7f56da91849f84 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 1 Oct 2024 09:47:12 -0500 Subject: [PATCH 133/164] Update get-support-for-security-baselines.md Updated for Windows 11 24H2 --- .../get-support-for-security-baselines.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md index c652900182..e71ff593d3 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -47,6 +47,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t | Name | Build | Baseline release date | Security tools | |--|--|--|--| +| Windows 11 | [24H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-24h2-security-baseline/ba-p/4252801)
          | October 2024
          | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows 11 | [23H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-23h2-security-baseline/ba-p/3967618)
          | October 2023
          | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520)
          | September 2022
          | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724)
          [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703)
          [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393)
          [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082)
          [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
          [1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update) | October 2022
          December 2021
          December 2020
          October 2018
          October 2016
          January 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | From 0f67c5ca89f94e312f0c5bf872b8003406aaac9d Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 1 Oct 2024 07:50:32 -0700 Subject: [PATCH 134/164] bump date --- .../security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md index 60779c7848..ced5288d21 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -2,7 +2,7 @@ title: Microsoft Security Compliance Toolkit Guide description: This article describes how to use Security Compliance Toolkit in your organization. ms.topic: conceptual -ms.date: 07/10/2024 +ms.date: 10/01/2024 --- # Microsoft Security Compliance Toolkit - How to use From 9a53b7d51c748f950263e01f8f996d0007132125 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 1 Oct 2024 07:53:04 -0700 Subject: [PATCH 135/164] bump date --- .../get-support-for-security-baselines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md index e71ff593d3..05f61ccf78 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -3,7 +3,7 @@ title: Get support for security baselines description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 07/10/2024 +ms.date: 10/01/2024 --- # Get Support From 424e2e96b0b5b52fd8ba07307079a33ee352bf71 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 1 Oct 2024 08:38:38 -0700 Subject: [PATCH 136/164] fix pde comment --- windows/whats-new/whats-new-windows-11-version-24h2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md index 795ddf0bd1..5c492a24d8 100644 --- a/windows/whats-new/whats-new-windows-11-version-24h2.md +++ b/windows/whats-new/whats-new-windows-11-version-24h2.md @@ -153,7 +153,7 @@ There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win ### Personal Data Encryption (PDE) for folders PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be [enabled from a policy in Intune](/mem/intune/protect/endpoint-security-disk-encryption-policy). IT admins can select all of the folders, or a subset, then apply the policy to a group of users in their organization. -PDE for Folders settings is available on Intune under **Endpoint Security** > **Disk encryption**. +PDE for Folders settings is available on Intune under **Endpoint Security** > **Disk encryption**. For more information about PDE, see [PDE overview](/windows/security/operating-system-security/data-protection/personal-data-encryption) From caaa541183a57f1044e08903bcfcf2d68dbfee1e Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Oct 2024 16:17:36 -0600 Subject: [PATCH 137/164] Fix broken redirections --- ...blishing.redirection.windows-security.json | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index 94caccffcb..25701bb0a1 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -1427,12 +1427,12 @@ }, { "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md", - "redirect_url": "https:/support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { "source_path": "windows/security/identity-protection/password-support-policy.md", - "redirect_url": "https:/support.microsoft.com/help/4490115", + "redirect_url": "https://support.microsoft.com/help/4490115", "redirect_document_id": false }, { @@ -3202,7 +3202,7 @@ }, { "source_path": "windows/security/threat-protection/device-guard/memory-integrity.md", - "redirect_url": "https:/support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78", + "redirect_url": "https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78", "redirect_document_id": false }, { @@ -5857,7 +5857,7 @@ }, { "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md", - "redirect_url": "https:/feedback.smartscreen.microsoft.com/smartscreenfaq.aspx", + "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx", "redirect_document_id": false }, { @@ -6762,12 +6762,12 @@ }, { "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md", - "redirect_url": "https:/www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/", + "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md", - "redirect_url": "https:/support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", + "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5", "redirect_document_id": false }, { @@ -7802,7 +7802,7 @@ }, { "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md", - "redirect_url": "https:/aka.ms/AzureCodeSigning", + "redirect_url": "https://aka.ms/AzureCodeSigning", "redirect_document_id": false }, { @@ -9322,7 +9322,7 @@ }, { "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md", - "redirect_url": "https:/feedback.smartscreen.microsoft.com/smartscreenfaq.aspx", + "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx", "redirect_document_id": false }, { @@ -9937,27 +9937,27 @@ }, { "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md", - "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md", + "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md", - "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md", + "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md", - "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md", + "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md", - "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md", + "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md", "redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md", - "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md", + "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md", "redirect_document_id": false }, { @@ -9967,7 +9967,7 @@ }, { "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md", - "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md", + "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md", "redirect_document_id": false }, { From 6f78d4975a7660f5fe4fd821c007ac71212e63f9 Mon Sep 17 00:00:00 2001 From: Tanaka Date: Thu, 3 Oct 2024 11:54:44 -0700 Subject: [PATCH 138/164] Update default and global release policies OS version and dates to latest release values --- ...topatch-windows-feature-update-policies.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md index 37b1203eff..47810fe194 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-feature-update-policies.md @@ -42,12 +42,12 @@ These policies control the minimum target version of Windows that a device is me You can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431): -| Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date | -| ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | -| Windows Autopatch - DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023 | N/A | N/A | June 11, 2024 | -| Windows Autopatch - DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023 | N/A | N/A | June 11, 2024 | -| Windows Autopatch - DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023 | N/A | N/A | June 11, 2024 | -| Windows Autopatch - DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023 | N/A | N/A | June 11, 2024 | +| Policy name | Phase mapping | Feature update version | Rollout options | Support end date | +| ----- | ----- | ----- | ----- | ----- | +| Windows Autopatch - DSS Policy [Test] | Phase 1 | Windows 10 22H2 | Make update available as soon as possible | October 14, 2025 | +| Windows Autopatch - DSS Policy [First] | Phase 2 | Windows 10 22H2 | Make update available as soon as possible | October 14, 2025 | +| Windows Autopatch - DSS Policy [Fast] | Phase 3 | Windows 10 22H2 | Make update available as soon as possible | October 14, 2025 | +| Windows Autopatch - DSS Policy [Broad] | Phase 4 | Windows 10 22H2 | Make update available as soon as possible | October 14, 2025 | > [!NOTE] > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually). @@ -56,9 +56,9 @@ You can see the following default policies created by the service in the [Micros Windows Autopatch configures the values for its global Windows feature update policy. See the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431): -| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date | -| ----- | ----- | ----- | ----- | ----- | ----- | ----- | -| Windows Autopatch - Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024 | +| Policy name | Feature update version | Rollout options | Support end date | +| ----- | ----- | ----- | ----- | +| Windows Autopatch - Global DSS Policy [Test] | Windows 10 22H2 | Make update available as soon as possible | October 14, 2025 | > [!NOTE] > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually). @@ -101,11 +101,11 @@ These policies can be viewed in the [Microsoft Intune admin center](https://go.m The following table is an example of the Windows feature update policies that were created for phases within a release: -| Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date | -| ----- | ----- | ----- | ----- | ----- | ----- | ----- | -| Windows Autopatch - DSS Policy - My feature update release - Phase 1 | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release - Phase 2 | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release - Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release - Phase 4 | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 | -| Windows Autopatch - DSS Policy - My feature update release - Phase 5 | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 | +| Policy name | Feature update version | Rollout options| Day between groups | Support end date | +| ----- | ----- | ----- | ----- | ----- | +| Windows Autopatch - DSS Policy - My feature update release - Phase 1 | Windows 10 22H2 | Make update available as soon as possible| N/A | October 14, 2025 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 2 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 3 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 4 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 | +| Windows Autopatch - DSS Policy - My feature update release - Phase 5 | Windows 10 22H2 | Make update available as soon as possible | 7 | October 14, 2025 | From 8529085ff524efddf676cfa0cd6331d9fc43af14 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 4 Oct 2024 15:45:50 -0400 Subject: [PATCH 139/164] Update broken link Update broken link --- windows/deployment/update/waas-restart.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 9d859d31c3..46c69eb5b6 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium appliesto: - ✅ Windows 11 - ✅ Windows 10 -ms.date: 10/10/2023 +ms.date: 10/04/2024 --- # Manage device restarts after updates @@ -215,4 +215,4 @@ There are three different registry combinations for controlling restart behavior - [Configure Windows Update for Business](waas-configure-wufb.md) - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) \ No newline at end of file +- [Manage Windows 10 and Windows 11 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure) From b75015593d4f2d04010d52eec1e2bf07f5e97853 Mon Sep 17 00:00:00 2001 From: Davide Piccinini Date: Fri, 4 Oct 2024 21:55:25 +0200 Subject: [PATCH 140/164] Update windows-sandbox-configure-using-wsb-file.md Update `HostFolder` value description in `MappedFolder`, specifying that the path could be absolute or relative, not only absolute as, instead, is for the `SandboxFolder` value. --- .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 29d6d96ecb..0de253e2e9 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -87,7 +87,7 @@ An array of folders, each representing a location on the host machine that is sh ```xml - absolute path to the host folder + absolute or relative path to the host folder absolute path to the sandbox folder value From 2df6965672618b15cf301293d0ed362c1ac00bda Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 4 Oct 2024 16:09:10 -0400 Subject: [PATCH 141/164] Remove bad link Removed bad link. There is already a second link referring to content so no need to replace the link. --- windows/deployment/upgrade/windows-edition-upgrades.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index f09b8e67cc..b1fc50c67b 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -11,7 +11,7 @@ ms.collection: - highpri - tier2 ms.subservice: itpro-deploy -ms.date: 10/02/2023 +ms.date: 10/04/2024 appliesto: - ✅ Windows 10 - ✅ Windows 11 @@ -56,7 +56,7 @@ The following table shows the methods and paths available to change the edition > > - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods. > -> - Edition upgrades via Microsoft Store for Business are no longer available with the retirement of the Microsoft Store for Business. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring) and [Microsoft Store for Business and Microsoft Store for Education overview](/microsoft-store/microsoft-store-for-business-overview). +> - Edition upgrades via Microsoft Store for Business are no longer available with the retirement of the Microsoft Store for Business. For more information, see [Microsoft Store for Business and Education retiring March 31, 2023](/lifecycle/announcements/microsoft-store-for-business-education-retiring). > [!TIP] > Edition upgrade is also possible using edition upgrade policy in Microsoft Configuration Manager. For more information, see [Upgrade Windows devices to a new edition with Configuration Manager](/mem/configmgr/compliance/deploy-use/upgrade-windows-version). From 194b82d5a183ddefa9188c8127512f25ea47d2b2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 4 Oct 2024 17:13:33 -0400 Subject: [PATCH 142/164] docfx update for security book --- windows/security/docfx.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/docfx.json b/windows/security/docfx.json index 1a7808e2b1..b2eefb6943 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -101,6 +101,12 @@ "security-foundations/certification/**/*.md": "mike-grimm", "security-foundations/certification/**/*.yml": "mike-grimm" }, + "feedback_system": { + "book/*.md": "none" + }, + "hideEdit": { + "book/*.md": "true" + }, "ms.author": { "application-security//**/*.md": "vinpa", "application-security//**/*.yml": "vinpa", From 34e4612847343aeea4681e56db4b14899d650243 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 4 Oct 2024 18:32:29 -0400 Subject: [PATCH 143/164] Correct TOC entry changing Windows 10 to Windows --- windows/deployment/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 99c636d922..e816d252d7 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -317,7 +317,7 @@ items: href: configure-a-pxe-server-to-load-windows-pe.md - name: Windows Deployment Services (WDS) boot.wim support href: wds-boot-support.md - - name: Windows ADK for Windows 10 scenarios for IT Pros + - name: Windows ADK for Windows scenarios for IT Pros href: windows-adk-scenarios-for-it-pros.md - name: User State Migration Tool (USMT) technical reference items: From 76b8e94f6182a31c6907a6116794a3eb0814cb36 Mon Sep 17 00:00:00 2001 From: Phil Garcia Date: Sat, 5 Oct 2024 02:39:45 -0700 Subject: [PATCH 144/164] Update whats-new-do.md - Vpn to VPN - Minor improvements --- windows/deployment/do/whats-new-do.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md index 0b167097fa..496d1240c1 100644 --- a/windows/deployment/do/whats-new-do.md +++ b/windows/deployment/do/whats-new-do.md @@ -43,8 +43,8 @@ There are two different versions: ### Windows 11 22H2 -- New setting: Customize vpn detection by choosing custom keywords. Now, you don't have to rely on Delivery Optimization keywords to detect your Vpn. By using the new VpnKeywords configuration you can add keywords for Delivery Optimization to use when detecting a Vpn when in use. You can find this configuration **[VPN Keywords](waas-delivery-optimization-reference.md#vpn-keywords)** in Group Policy or MDM under **DOVpnKeywords**. -- New setting: Use the disallow downloads from a connected cache server, when a Vpn is detected and you want to prevent the download from the connected cache server. You can find this configuration **[Disallow download from MCC over VPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn) in Group Policy or MDM under **DODisallowCacheServerDownloadsOnVPN**. +- New setting: Customize VPN detection by choosing custom keywords. Now, you don't have to rely on Delivery Optimization keywords to detect your VPN. By using the new VpnKeywords setting, you can add keywords for Delivery Optimization to use to detect when a VPN is in use. You can find this configuration **[VPN Keywords](waas-delivery-optimization-reference.md#vpn-keywords)** in Group Policy or MDM under **DOVpnKeywords**. +- New setting: Use the disallow downloads from a connected cache server, when a VPN is detected and you want to prevent the download from the connected cache server. You can find this configuration **[Disallow download from MCC over VPN](waas-delivery-optimization-reference.md#disallow-cache-server-downloads-on-vpn)** in Group Policy or MDM under **DODisallowCacheServerDownloadsOnVPN**. - Delivery Optimization introduced support for receiver side ledbat (rLEDBAT). - New setting: Local Peer Discovery, a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** in Group Policy or MDM **DORestrictPeerSelectionBy**. This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization restricts peer selection to peers that are locally discovered (using DNS-SD). From 089fa58e8426afd775c3438e63617af71a1cca4c Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 7 Oct 2024 11:03:43 -0700 Subject: [PATCH 145/164] Updated date for freshness reporting --- .../whats-new/windows-autopatch-whats-new-2023.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index 5492f63c14..c4cac7212b 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -1,7 +1,7 @@ --- title: What's new 2023 description: This article lists the 2023 feature releases and any corresponding Message center post numbers. -ms.date: 12/14/2023 +ms.date: 10/07/2024 ms.service: windows-client ms.subservice: autopatch ms.topic: whats-new From d299d8bca3105f2fe3859e0ffa93f72d593fbbb2 Mon Sep 17 00:00:00 2001 From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com> Date: Mon, 7 Oct 2024 11:33:34 -0700 Subject: [PATCH 146/164] Add EOS callout Fix some obvious Acrolinx issues --- ...ed-windows-11-diagnostic-events-and-fields.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md index 8b37f691d4..dc34bef60a 100644 --- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md +++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md @@ -7,7 +7,7 @@ ms.localizationpriority: high author: DHB-MSFT ms.author: danbrown manager: laurawi -ms.date: 10/01/2024 +ms.date: 10/08/2024 ms.collection: privacy-windows ms.topic: reference --- @@ -19,6 +19,8 @@ ms.topic: reference - Windows 11, version 21H2 +> [!IMPORTANT] +> This version of Windows 11 has reached its end of servicing date. For more information, see [Microsoft Product Lifecyle](/lifecycle/products). Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. @@ -1947,7 +1949,7 @@ Fires at the beginning and end of the HVCI auto-enablement process in sysprep. The following fields are available: -- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure. +- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating success or failure. ### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled @@ -5187,7 +5189,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentMitigationSummary -This event sends a summary of all the update agent mitigations available for an this update. The data collected with this event is used to help keep Windows secure and up to date. +This event sends a summary of all the update agent mitigations available for an update. The data collected with this event is used to help keep Windows secure and up to date. The following fields are available: @@ -5620,7 +5622,7 @@ The following fields are available: - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. - **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. @@ -5667,7 +5669,7 @@ The following fields are available: - **pluginFailureCount** The number of plugins that have failed. - **pluginsCount** The number of plugins. - **qualityAssessmentImpact** WaaS Assessment impact for quality updates. -- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on. +- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn it back on. - **usingBackupFeatureAssessment** Relying on backup feature assessment. - **usingBackupQualityAssessment** Relying on backup quality assessment. - **usingCachedFeatureAssessment** WaaS Medic run didn't get OS build age from the network on the previous run. @@ -5680,7 +5682,7 @@ The following fields are available: ### Microsoft.Windows.WERVertical.OSCrash -This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. +This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. This is the OneCore version of this event. The following fields are available: @@ -6110,7 +6112,7 @@ The following fields are available: - **CatalogId** The Store Catalog ID for the product being installed. - **ProductId** The Store Product ID for the product being installed. -- **SkuId** Specfic edition of the app being updated. +- **SkuId** Specific edition of the app being updated. ### Microsoft.Windows.StoreAgent.Telemetry.StateTransition From f150dba83442896d336e26ee4ed8fe0046b0fe1c Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 7 Oct 2024 12:44:56 -0700 Subject: [PATCH 147/164] Fixed typo added clarity --- ...ws-autopatch-windows-quality-update-end-user-exp.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md index 665fc298c0..8e56b5f267 100644 --- a/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md +++ b/windows/deployment/windows-autopatch/manage/windows-autopatch-windows-quality-update-end-user-exp.md @@ -1,7 +1,7 @@ --- title: Windows quality update end user experience description: This article explains the Windows quality update end user experience -ms.date: 09/16/2024 +ms.date: 10/07/2024 ms.service: windows-client ms.subservice: autopatch ms.topic: conceptual @@ -32,9 +32,7 @@ In this section we review what an end user would see in the following three scen ### Typical update experience -The Windows quality update is published and devices in the Broad ring have a deferral period of nine days. Devices wait nine days before downloading the latest quality update. - -In the following example, the user: +In the following example, the Windows quality update is published and devices in the Broad ring have a deferral period of seven days. Devices wait seven days before downloading the latest quality update. | Day | Description | | --- | --- | @@ -46,7 +44,7 @@ In the following example, the user: ### Quality update deadline forces an update -In the following example, the user: +In the following example: | Day | Description | | --- | --- | @@ -58,7 +56,7 @@ In the following example, the user: ### Quality update grace period -In the following example, the user: +In the following example: | Day | Description | | --- | --- | From 71d6e655dab246a05a9fb456e049e9ddc5e3d636 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 7 Oct 2024 15:53:52 -0600 Subject: [PATCH 148/164] Update policy-csp-localpoliciessecurityoptions.md --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 003ef5efa1..031f151e0e 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1450,12 +1450,12 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time Interactive logon: Message text for users attempting to log on This security setting specifies a text message that's displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. -> [!IMPORTANT] -> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) +> [!IMPORTANT] +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. For more information, see [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot). @@ -1501,12 +1501,12 @@ Interactive logon: Message text for users attempting to log on This security set Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. -> [!IMPORTANT] -> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot) +> [!IMPORTANT] +> Windows Autopilot pre-provisioning doesn't work when this policy setting is enabled. For more information, see [Windows Autopilot troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-policy-conflicts-with-windows-autopilot). From 8cf820e9890b7029fbfe98b7c551c527d35fa1e0 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 7 Oct 2024 17:00:06 -0700 Subject: [PATCH 149/164] refresh --- windows/client-management/mdm/index.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/index.yml b/windows/client-management/mdm/index.yml index f1b84cf506..632aec5fb8 100644 --- a/windows/client-management/mdm/index.yml +++ b/windows/client-management/mdm/index.yml @@ -9,7 +9,7 @@ metadata: ms.topic: landing-page ms.collection: - tier1 - ms.date: 10/25/2023 + ms.date: 10/07/2024 ms.localizationpriority: medium # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new @@ -27,8 +27,8 @@ landingContent: url: configuration-service-provider-support.md - text: Device description framework (DDF) files url: configuration-service-provider-ddf.md - - text: BitLocker CSP - url: bitlocker-csp.md + - text: Contribute to CSP reference + url: contribute-csp-reference.md - text: Declared Configuration protocol url: ../declared-configuration.md @@ -42,8 +42,8 @@ landingContent: url: policy-configuration-service-provider.md - text: Policy DDF file url: configuration-service-provider-ddf.md - - text: Policy CSP - Start - url: policy-csp-start.md + - text: Policy CSP - Defender + url: policy-csp-defender.md - text: Policy CSP - Update url: policy-csp-update.md From 54e47642cf96a7bd064a5ee676fbc4f85bbde248 Mon Sep 17 00:00:00 2001 From: Gary Moore <5432776+garycentric@users.noreply.github.com> Date: Mon, 7 Oct 2024 18:14:01 -0700 Subject: [PATCH 150/164] Remove redirection and final bits of store-for-business store-for-business, AKA /microsoft-store/, is retired, and the content is archived in officearchive-pr. This archival was for ADO task 9268422. --- .openpublishing.publish.config.json | 1 - ...ishing.redirection.store-for-business.json | 299 ------------------ store-for-business/breadcrumb/toc.yml | 7 - store-for-business/docfx.json | 81 ----- 4 files changed, 388 deletions(-) delete mode 100644 .openpublishing.redirection.store-for-business.json delete mode 100644 store-for-business/breadcrumb/toc.yml delete mode 100644 store-for-business/docfx.json diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 0015a87b88..ca6ed75b69 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -251,7 +251,6 @@ ".openpublishing.redirection.browsers.json", ".openpublishing.redirection.education.json", ".openpublishing.redirection.json", - ".openpublishing.redirection.store-for-business.json", ".openpublishing.redirection.windows-application-management.json", ".openpublishing.redirection.windows-client-management.json", ".openpublishing.redirection.windows-configuration.json", diff --git a/.openpublishing.redirection.store-for-business.json b/.openpublishing.redirection.store-for-business.json deleted file mode 100644 index f825112907..0000000000 --- a/.openpublishing.redirection.store-for-business.json +++ /dev/null @@ -1,299 +0,0 @@ -{ - "redirections": [ - { - "source_path": "store-for-business/acquire-apps-windows-store-for-business.md", - "redirect_url": "/microsoft-store/acquire-apps-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/app-inventory-managemement-windows-store-for-business.md", - "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/app-inventory-management-windows-store-for-business.md", - "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/apps-in-windows-store-for-business.md", - "redirect_url": "/microsoft-store/apps-in-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/configure-mdm-provider-windows-store-for-business.md", - "redirect_url": "/microsoft-store/configure-mdm-provider-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/device-guard-signing-portal.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md", - "redirect_url": "/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-apps-windows-store-for-business-overview.md", - "redirect_url": "/microsoft-store/manage-apps-microsoft-store-for-business-overview", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md", - "redirect_url": "/microsoft-store/index", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-orders-windows-store-for-business.md", - "redirect_url": "/microsoft-store/manage-orders-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-settings-windows-store-for-business.md", - "redirect_url": "/microsoft-store/manage-settings-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-users-and-groups-windows-store-for-business.md", - "redirect_url": "/microsoft-store/manage-users-and-groups-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/prerequisites-windows-store-for-business.md", - "redirect_url": "/microsoft-store/prerequisites-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/roles-and-permissions-windows-store-for-business.md", - "redirect_url": "/microsoft-store/roles-and-permissions-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/settings-reference-windows-store-for-business.md", - "redirect_url": "/microsoft-store/settings-reference-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md", - "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/sign-up-microsoft-store-for-business.md", - "redirect_url": "/microsoft-store", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/sign-up-windows-store-for-business-overview.md", - "redirect_url": "/microsoft-store/sign-up-microsoft-store-for-business-overview", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/sign-up-windows-store-for-business.md", - "redirect_url": "/microsoft-store/index", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/troubleshoot-windows-store-for-business.md", - "redirect_url": "/microsoft-store/troubleshoot-microsoft-store-for-business", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/update-windows-store-for-business-account-settings.md", - "redirect_url": "/microsoft-store/update-microsoft-store-for-business-account-settings", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/windows-store-for-business-overview.md", - "redirect_url": "/microsoft-store/microsoft-store-for-business-overview", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/work-with-partner-microsoft-store-business.md", - "redirect_url": "/microsoft-365/commerce/manage-partners", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/acquire-apps-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/add-profile-to-devices.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/app-inventory-management-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/apps-in-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/assign-apps-to-employees.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/billing-payments-overview.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/billing-profile.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/billing-understand-your-invoice-msfb.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/configure-mdm-provider-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/distribute-apps-from-your-private-store.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/distribute-apps-with-management-tool.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/distribute-offline-apps.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/find-and-acquire-apps-overview.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/index.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-access-to-private-store.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-apps-microsoft-store-for-business-overview.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-orders-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-private-store-settings.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-settings-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/manage-users-and-groups-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/microsoft-store-for-business-education-powershell-module.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/microsoft-store-for-business-overview.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/notifications-microsoft-store-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/payment-methods.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/prerequisites-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/release-history-microsoft-store-business-education.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/roles-and-permissions-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/settings-reference-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/sfb-change-history.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/sign-up-microsoft-store-for-business-overview.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/troubleshoot-microsoft-store-for-business.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/update-microsoft-store-for-business-account-settings.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/whats-new-microsoft-store-business-education.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - }, - { - "source_path": "store-for-business/working-with-line-of-business-apps.md", - "redirect_url": "/microsoft-365/admin/", - "redirect_document_id": false - } - ] -} diff --git a/store-for-business/breadcrumb/toc.yml b/store-for-business/breadcrumb/toc.yml deleted file mode 100644 index 4b1853471b..0000000000 --- a/store-for-business/breadcrumb/toc.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / - items: - - name: Microsoft Store for Business - tocHref: /microsoft-store - topicHref: /microsoft-store/index \ No newline at end of file diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json deleted file mode 100644 index e29e3bfdae..0000000000 --- a/store-for-business/docfx.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "adobe-target": true, - "ms.collection": [ - "tier2" - ], - "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json", - "uhfHeaderId": "MSDocsHeader-Archive", - "is_archived": true, - "is_retired": true, - "ROBOTS": "NOINDEX,NOFOLLOW", - "ms.author": "trudyha", - "audience": "ITPro", - "ms.service": "store-for-business", - "ms.topic": "article", - "ms.date": "05/09/2017", - "searchScope": [ - "Store" - ], - "feedback_system": "None", - "hideEdit": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.store-for-business", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "dstrome2", - "rjagiewich", - "American-Dipper", - "claydetels19", - "jborsecnik", - "v-stchambers", - "shdyas", - "Stacyrch140", - "garycentric", - "dstrome", - "alekyaj", - "aditisrivastava07", - "padmagit77" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "store-for-business", - "markdownEngineName": "markdig" - } -} From 3ba6eaeddc98955987ec15a0dfd6d2d426f6ff0f Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 9 Oct 2024 08:37:54 -0700 Subject: [PATCH 151/164] Updated device reg policy and group information --- .../deploy/windows-autopatch-device-registration-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md index b484ef3547..b65c4701ea 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md @@ -41,7 +41,7 @@ The overall device registration process is as follows: :::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png"::: 1. IT admin reviews [Windows Autopatch device registration prerequisites](#prerequisites-for-device-registration) before registering devices with Windows Autopatch. -2. IT admin identifies and adds devices or nests other Microsoft Entra device groups into any Microsoft Entra group used with an Autopatch group, imported (WUfB) policies, or direct membership to the **Modern Workplace Devices-Windows-Autopatch-X-groups**. +2. IT admin identifies and adds devices, or nests other Microsoft Entra device groups when you [create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group), [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group), or import Windows Update for Business (WUfB) policies. 3. Windows Autopatch then: 1. Performs device readiness prior registration (prerequisite checks). 2. Calculates the deployment ring distribution. @@ -77,7 +77,7 @@ The deployment ring distribution is designed to release software update deployme ### Device record and deployment ring assignment -Registering your devices with Windows Autopatch does the following: +When you register your devices, Windows Autopatch: 1. Makes a record of devices in the service. 2. Assign devices to the [deployment ring set](#default-deployment-ring-calculation-logic) and other groups required for software update management. From 8f6609daee5b0178fed27c08f8db991d1f5f1817 Mon Sep 17 00:00:00 2001 From: Caitlin Hart Date: Wed, 9 Oct 2024 16:41:49 -0700 Subject: [PATCH 152/164] Update delivery-optimization-endpoints.md Added a line item in MCC table for Outlook *res.cdn.office.net requirement --- windows/deployment/do/delivery-optimization-endpoints.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md index aa1c2a6abf..79e8211757 100644 --- a/windows/deployment/do/delivery-optimization-endpoints.md +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -32,6 +32,7 @@ Use the table below to reference any particular content types or services endpoi | *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Both | | *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80
          HTTPs / 443 | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Both | | *.statics.teams.cdn.office.net | HTTP / 80
          HTTPs / 443 | Teams | Future support is planned for peering and Connected Cache | TBD | +| *.res.cdn.office.net | HTTP / 80
          HTTPs / 443 | Outlook | Future support is planned for peering and Connected Cache | TBD | | *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Both | | *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Both | | *.do.dsp.mp.microsoft.com | HTTP / 80
          HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only. | Connected Cache Managed in Azure | From c4fe6e69884ee6895ff7788ae73f27e63bf4bfc7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 10 Oct 2024 12:49:20 -0400 Subject: [PATCH 153/164] freshness review --- education/windows/index.yml | 12 +++--------- education/windows/windows-11-se-faq.yml | 6 +++--- education/windows/windows-11-se-overview.md | 6 +++--- education/windows/windows-11-se-settings-list.md | 2 +- .../identity-protection/hello-for-business/faq.yml | 2 +- 5 files changed, 11 insertions(+), 17 deletions(-) diff --git a/education/windows/index.yml b/education/windows/index.yml index 4bc8fe8393..981e1d8466 100644 --- a/education/windows/index.yml +++ b/education/windows/index.yml @@ -12,22 +12,16 @@ metadata: author: paolomatarazzo ms.author: paoloma manager: aaroncz - ms.date: 07/22/2024 + ms.date: 10/10/2024 highlightedContent: items: - - title: Get started with Windows 11 SE - itemType: get-started - url: windows-11-se-overview.md - - title: Windows 11, version 23H2 + - title: Windows 11, version 24H2 itemType: whats-new - url: /windows/whats-new/whats-new-windows-11-version-23h2 + url: /windows/whats-new/whats-new-windows-11-version-24h2 - title: Explore all Windows trainings and learning paths for IT pros itemType: learn url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator - - title: Deploy applications to Windows 11 SE with Intune - itemType: how-to-guide - url: /education/windows/tutorial-deploy-apps-winse productDirectory: title: Get started diff --git a/education/windows/windows-11-se-faq.yml b/education/windows/windows-11-se-faq.yml index 4a9b022c07..c33dec8686 100644 --- a/education/windows/windows-11-se-faq.yml +++ b/education/windows/windows-11-se-faq.yml @@ -1,9 +1,9 @@ ### YamlMime:FAQ metadata: title: Windows 11 SE Frequently Asked Questions (FAQ) - description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE. + description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE. ms.topic: faq - ms.date: 01/16/2024 + ms.date: 10/10/2024 appliesto: - ✅ Windows 11 SE @@ -30,7 +30,7 @@ sections: - Express yourself and celebrate accomplishments with the *emoji and GIF panel* and *Stickers* - name: Deployment questions: - - question: Can I load Windows 11 SE on any hardware? + - question: Can I load Windows 11 SE on any hardware? answer: | Windows 11 SE is only available on devices that are built for education. To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview). - question: Can I PXE boot a Windows SE device? diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index e5fd11df2b..3c0a5f8d93 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -2,7 +2,7 @@ title: Windows 11 SE Overview description: Learn about Windows 11 SE, and the apps that are included with the operating system. ms.topic: overview -ms.date: 01/09/2024 +ms.date: 10/10/2024 appliesto: - ✅ Windows 11 SE ms.collection: @@ -96,9 +96,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us | `CKAuthenticator` | 3.6+ | `Win32` | `ContentKeeper` | | `Class Policy` | 116.0.0 | `Win32` | `Class Policy` | | `Classroom.cloud` | 1.40.0004 | `Win32` | `NetSupport` | -| `Clipchamp` | 2.5.2. | `Store` | `Microsoft` | +| `Clipchamp` | 2.5.2. | `Store` | `Microsoft` | | `CoGat Secure Browser` | 11.0.0.19 | `Win32` | `Riverside Insights` | -| `ColorVeil` | 4.0.0.175 | `Win32` | `East-Tec` | +| `ColorVeil` | 4.0.0.175 | `Win32` | `East-Tec` | | `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` | | `DigiExam` | 14.1.0 | `Win32` | `Digiexam` | | `Digital Secure testing browser` | 15.0.0 | `Win32` | `Digiexam` | diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md index 1c973e2035..5e09c2f2d1 100644 --- a/education/windows/windows-11-se-settings-list.md +++ b/education/windows/windows-11-se-settings-list.md @@ -2,7 +2,7 @@ title: Windows 11 SE settings list description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change. ms.topic: reference -ms.date: 05/06/2024 +ms.date: 10/10/2024 appliesto: - ✅ Windows 11 SE ms.collection: diff --git a/windows/security/identity-protection/hello-for-business/faq.yml b/windows/security/identity-protection/hello-for-business/faq.yml index c17a99f819..9a2ac25742 100644 --- a/windows/security/identity-protection/hello-for-business/faq.yml +++ b/windows/security/identity-protection/hello-for-business/faq.yml @@ -5,7 +5,7 @@ metadata: author: paolomatarazzo ms.author: paoloma ms.topic: faq - ms.date: 01/03/2024 + ms.date: 10/10/2024 title: Common questions about Windows Hello for Business summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business. From c49d960cb146dfe4b9a2de948cbd9f011f6307b3 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 10 Oct 2024 12:26:38 -0600 Subject: [PATCH 154/164] Fix broken links --- windows/client-management/mdm/office-csp.md | 4 ++-- windows/client-management/mdm/policy-csp-audit.md | 4 ++-- .../provisioning-packages/provision-pcs-with-apps.md | 2 +- windows/security/includes/mdag-edge-deprecation-notice.md | 2 +- .../microsoft-defender-smartscreen/available-settings.md | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 70692efc8b..5cc4980bd6 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -1,7 +1,7 @@ --- title: Office CSP description: Learn more about the Office CSP. -ms.date: 01/18/2024 +ms.date: 10/10/2024 --- @@ -11,7 +11,7 @@ ms.date: 01/18/2024 -The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365). +The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows devices with Microsoft Intune](/mem/intune/apps/apps-add-office365). diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 3e7b9cbfee..a3a20cf60a 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -1,7 +1,7 @@ --- title: Audit Policy CSP description: Learn more about the Audit Area in Policy CSP. -ms.date: 08/06/2024 +ms.date: 10/10/2024 --- @@ -846,7 +846,7 @@ Volume: Low. -This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged-on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). +This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged-on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md index 3ffeaa9b73..97c7612c30 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md +++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md @@ -12,7 +12,7 @@ You can install multiple Universal Windows Platform (UWP) apps and Windows deskt When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#add-a-windows-desktop-application-using-advanced-editor). > [!IMPORTANT] -> If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise. Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to add Microsoft 365 Apps to Windows devices with Microsoft Intune.](/intune/apps-add-office365) +> If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise. Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to add Microsoft 365 Apps to Windows devices with Microsoft Intune.](/mem/intune/apps/apps-add-office365) ## Settings for UWP apps diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md index 150cffe43f..69454f1d18 100644 --- a/windows/security/includes/mdag-edge-deprecation-notice.md +++ b/windows/security/includes/mdag-edge-deprecation-notice.md @@ -6,5 +6,5 @@ ms.topic: include --- > [!NOTE] -> - Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. +> - Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). To learn more about Microsoft Edge security capabilities, see [Microsoft Edge For Business Security](/deployedge/ms-edge-security-for-business). > - Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding browser extensions and associated Windows Store app are no longer available. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). \ No newline at end of file diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md index d53d8c5dc7..9824baf8c1 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md +++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md @@ -1,7 +1,7 @@ --- title: Available Microsoft Defender SmartScreen settings description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings. -ms.date: 07/10/2024 +ms.date: 10/10/2024 ms.topic: reference --- @@ -9,7 +9,7 @@ ms.topic: reference Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show users a warning page and let them continue to the site, or you can block the site entirely. -See [Windows settings to protect devices using Intune](/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune. +See [Windows settings to protect devices using Intune](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-smartscreen-settings) for the controls you can use in Intune. > [!NOTE] > For a list of settings available for Enhanced phishing protection, see [Enhanced phishing protection](enhanced-phishing-protection.md#configure-enhanced-phishing-protection-for-your-organization). From 6a15bdbf5c17eb4d934f6051258781c370ff25f0 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 10 Oct 2024 12:38:07 -0600 Subject: [PATCH 155/164] Minor change --- windows/client-management/mdm/office-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 5cc4980bd6..61e0edcec6 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -11,7 +11,7 @@ ms.date: 10/10/2024 -The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows devices with Microsoft Intune](/mem/intune/apps/apps-add-office365). +The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [Add Microsoft 365 Apps to Windows devices with Microsoft Intune](/mem/intune/apps/apps-add-office365). From 0f794b9de8f0eba5addc4d06a245ce9e59b904ac Mon Sep 17 00:00:00 2001 From: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com> Date: Thu, 10 Oct 2024 17:50:03 -0400 Subject: [PATCH 156/164] pencil edit --- windows/client-management/mdm/office-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 61e0edcec6..5dc08b8a09 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -587,7 +587,7 @@ To get the current status of Office 365 on the device. | 17001 | ERROR_QUEUE_SCENARIO
          Failed to queue installation scenario in C2RClient | Failure | | 17002 | ERROR_COMPLETING_SCENARIO
          Failed to complete the process. Possible reasons:
        • Installation canceled by user
        • Installation canceled by another installation
        • Out of disk space during installation
        • Unknown language ID | Failure | | 17003 | ERROR_ANOTHER_RUNNING_SCENARIO
          Another scenario is running | Failure | -| 17004 | ERROR_COMPLETING_SCENARIO_NEED_CLEAN_UP
          Possible reasons:
        • Unknown SKUs
        • Content does't exist on CDN
          • Such as trying to install an unsupported LAP, like zh-sg
          • CDN issue that content is not available
        • Signature check issue, such as failed the signature check for Office content
        • User canceled | Failure | +| 17004 | ERROR_COMPLETING_SCENARIO_NEED_CLEAN_UP
          Possible reasons:
        • Unknown SKUs
        • Content doesn't exist on CDN
          • Such as trying to install an unsupported LAP, like zh-sg
          • CDN issue that content is not available
        • Signature check issue, such as failed the signature check for Office content
        • User canceled | Failure | | 17005 | ERROR_SCENARIO_CANCELLED_AS_PLANNED | Failure | | 17006 | ERROR_SCENARIO_CANCELLED
          Blocked update by running apps | Failure | | 17007 | ERROR_REMOVE_INSTALLATION_NEEDED
          The client is requesting client clean-up in a "Remove Installation" scenario | Failure | From 751343f849b2992edaaf132118ff1baddacee57c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 14 Oct 2024 09:00:19 -0700 Subject: [PATCH 157/164] add copilot exps link --- windows/client-management/manage-windows-copilot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md index d48ca50d9a..d2904f504a 100644 --- a/windows/client-management/manage-windows-copilot.md +++ b/windows/client-management/manage-windows-copilot.md @@ -16,7 +16,7 @@ appliesto: # Updated Windows and Microsoft Copilot experience ->**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0). +>**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0). **Looking for more information on Microsoft Copilot experiences?** See [Understanding the different Microsoft Copilot experiences](https://support.microsoft.com/topic/cfff4791-694a-4d90-9c9c-1eb3fb28e842). ## Enhanced data protection with enterprise data protection From 15a139e5a9034c6963923a332fce6da474a564bb Mon Sep 17 00:00:00 2001 From: Harman Thind <63820404+hathin@users.noreply.github.com> Date: Tue, 15 Oct 2024 10:48:17 -0700 Subject: [PATCH 158/164] Update windows-autopatch-configure-network.md Adding a new network endpoint required for the service 'device.autopatch.microsoft.com' @tiaraquan --- .../prepare/windows-autopatch-configure-network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md index 6666b1fe35..8ba74fe797 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md @@ -63,7 +63,7 @@ The following URLs must be on the allowed list of your proxy and firewall so tha | Microsoft service | URLs required on allowlist | | ----- | ----- | -| Windows Autopatch |
          • mmdcustomer.microsoft.com
          • mmdls.microsoft.com
          • logcollection.mmd.microsoft.com
          • support.mmd.microsoft.com
          • devicelistenerprod.microsoft.com
          • login.windows.net
          • payloadprod*.blob.core.windows.net
          | +| Windows Autopatch |
          • mmdcustomer.microsoft.com
          • mmdls.microsoft.com
          • logcollection.mmd.microsoft.com
          • support.mmd.microsoft.com
          • devicelistenerprod.microsoft.com
          • login.windows.net
          • payloadprod*.blob.core.windows.net
          • device.autopatch.microsoft.com
          | ## Delivery Optimization From 92002fe7a5590b639ab486ea1b666f48c9c455a1 Mon Sep 17 00:00:00 2001 From: "[cmknox]" <[cmknox@gmail.com]> Date: Tue, 15 Oct 2024 12:26:03 -0600 Subject: [PATCH 159/164] Clarify some points and remove data that is confusing to customers. --- windows/deployment/do/waas-delivery-optimization-faq.yml | 8 +++++++- .../deployment/do/waas-delivery-optimization-reference.md | 8 ++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 4ccc887ab2..72721d3338 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -17,7 +17,7 @@ metadata: - ✅ Windows 10 - ✅ Windows Server 2019, and later - ✅ Delivery Optimization - ms.date: 08/06/2024 + ms.date: 10/15/2024 title: Frequently Asked Questions about Delivery Optimization summary: | This article answers frequently asked questions about Delivery Optimization. @@ -42,6 +42,7 @@ summary: | **Peer-to-peer related questions**: - [How does Delivery Optimization determine which content is available for peering?](#how-does-delivery-optimization-determine-which-content-is-available-for-peering) + - [Where does Delivery Optimization get content from first?](#where-delivery-optimization-gets-content-from-first) - [Does Delivery Optimization use multicast?](#does-delivery-optimization-use-multicast) - [How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?](#how-does-delivery-optimization-deal-with-congestion-on-the-router-from-peer-to-peer-activity-on-the-lan) - [How does Delivery Optimization handle VPNs?](#how-does-delivery-optimization-handle-vpns) @@ -130,6 +131,11 @@ sections: - question: How does Delivery Optimization determine which content is available for peering? answer: | Delivery Optimization uses the cache content on the device to determine what's available for peering. For the upload source device, there's a limited number (4) of slots for cached content that's available for peering at a given time. Delivery Optimization contains logic that rotates the cached content in those slots. + - question: Where does Delivery Optimization get content from first? + answer: | + When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC) the client connects to both MCC and peers in parallel. There is no prioritization between the two. Once downloading starts in parallel Delivery Optimization + will taper off requests to the HTTP source (CDN or MCC) as and when the peer connections are able to reach the target download speed. For background downloads, we will drop HTTP connections if peers are meeting the minimum QoS speed. To manage delaying the default behavior + there are a collection of policies that can be used. For more information see [Delivery Optimization delay policies](waas-delivery-optimization-reference.md#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources). - question: Does Delivery Optimization use multicast? answer: | No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index f43982a7c5..a8f8a4b517 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -14,7 +14,7 @@ appliesto: - ✅ Windows 11 - ✅ Windows 10 - ✅ Delivery Optimization -ms.date: 05/23/2024 +ms.date: 10/15/2024 --- # Delivery Optimization reference @@ -106,7 +106,7 @@ When Delivery Optimization client is configured to use peers and Microsoft Conne ##### Microsoft Connected Cache (MCC) delay fallback settings - [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use a cache server. -- [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) allows you to delay the use of an HTTP source in a background download that is allowed to use a cache server. +- [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) allows you to delay the use of an HTTP source in a background download that is allowed to use a cache server. **If both peer-to-peer and MCC are configured, the peer-to-peer delay settings will take precedence over the cache server delay settings.** This setting allows Delivery Optimization to discover peers first then recognize the fallback setting for the MCC cache server. @@ -245,13 +245,13 @@ The default behaviors differ between Windows 10 and Windows 11. In Windows 10, t MDM Setting: **DODelayForegroundDownloadFromHttp** -Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't configured.** +Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. **By default, this policy isn't configured.** ### Delay background download from HTTP (in secs) MDM Setting: **DODelayBackgroundDownloadFromHttp** -Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't configured.** +Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. **By default, this policy isn't configured.** ### Delay foreground download cache server fallback (in secs) From 731b18740a9a73e37ea43ab44e16e83f945066c3 Mon Sep 17 00:00:00 2001 From: "[cmknox]" <[cmknox@gmail.com]> Date: Wed, 16 Oct 2024 11:45:33 -0600 Subject: [PATCH 160/164] fix syntax --- windows/deployment/do/waas-delivery-optimization-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 72721d3338..3dc3c55b64 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -42,7 +42,7 @@ summary: | **Peer-to-peer related questions**: - [How does Delivery Optimization determine which content is available for peering?](#how-does-delivery-optimization-determine-which-content-is-available-for-peering) - - [Where does Delivery Optimization get content from first?](#where-delivery-optimization-gets-content-from-first) + - [Where does Delivery Optimization get content from first?](#where-does-delivery-optimization-get-content-from-first) - [Does Delivery Optimization use multicast?](#does-delivery-optimization-use-multicast) - [How does Delivery Optimization deal with congestion on the router from peer-to-peer activity on the LAN?](#how-does-delivery-optimization-deal-with-congestion-on-the-router-from-peer-to-peer-activity-on-the-lan) - [How does Delivery Optimization handle VPNs?](#how-does-delivery-optimization-handle-vpns) From ec2c777f392a1daa35d59d36301eede90939fdd6 Mon Sep 17 00:00:00 2001 From: "[cmknox]" <[cmknox@gmail.com]> Date: Wed, 16 Oct 2024 12:53:59 -0600 Subject: [PATCH 161/164] Sentence correction --- windows/deployment/do/waas-delivery-optimization-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index ccd218065b..9e207445cc 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -132,7 +132,7 @@ sections: - question: Where does Delivery Optimization get content from first? answer: | When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC) the client connects to both MCC and peers in parallel. There is no prioritization between the two. Once downloading starts in parallel Delivery Optimization - will taper off requests to the HTTP source (CDN or MCC) as and when the peer connections are able to reach the target download speed. For background downloads, we will drop HTTP connections if peers are meeting the minimum QoS speed. To manage delaying the default behavior + will taper off requests to the HTTP source (CDN or MCC) when the peer connections are able to reach the target download speed. For background downloads, Delivery Optimization will drop HTTP connections if peers are meeting the minimum QoS speed. To manage delaying the default behavior there are a collection of policies that can be used. For more information see [Delivery Optimization delay policies](waas-delivery-optimization-reference.md#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources). - question: Does Delivery Optimization use multicast? answer: | From 4b9d995cb3a02f19b963b76660295438bd5c0cfc Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 16 Oct 2024 14:57:45 -0600 Subject: [PATCH 162/164] Update windows/deployment/do/waas-delivery-optimization-faq.yml Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> --- windows/deployment/do/waas-delivery-optimization-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 9e207445cc..02e5f05971 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -133,7 +133,7 @@ sections: answer: | When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC) the client connects to both MCC and peers in parallel. There is no prioritization between the two. Once downloading starts in parallel Delivery Optimization will taper off requests to the HTTP source (CDN or MCC) when the peer connections are able to reach the target download speed. For background downloads, Delivery Optimization will drop HTTP connections if peers are meeting the minimum QoS speed. To manage delaying the default behavior - there are a collection of policies that can be used. For more information see [Delivery Optimization delay policies](waas-delivery-optimization-reference.md#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources). + there are a collection of policies that can be used. For more information, see [Delivery Optimization delay policies](waas-delivery-optimization-reference.md#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources). - question: Does Delivery Optimization use multicast? answer: | No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. From 4c583d9a04628da9f1997af112cf09f29c02b75f Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 16 Oct 2024 14:58:08 -0600 Subject: [PATCH 163/164] Update windows/deployment/do/waas-delivery-optimization-faq.yml Co-authored-by: Meghan Stewart <33289333+mestew@users.noreply.github.com> --- windows/deployment/do/waas-delivery-optimization-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 02e5f05971..cda14c3e5e 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -131,7 +131,7 @@ sections: Delivery Optimization uses the cache content on the device to determine what's available for peering. For the upload source device, there's a limited number (4) of slots for cached content that's available for peering at a given time. Delivery Optimization contains logic that rotates the cached content in those slots. - question: Where does Delivery Optimization get content from first? answer: | - When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC) the client connects to both MCC and peers in parallel. There is no prioritization between the two. Once downloading starts in parallel Delivery Optimization + When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), the client connects to both MCC and peers in parallel. There is no prioritization between the two. Once downloading starts in parallel, Delivery Optimization will taper off requests to the HTTP source (CDN or MCC) when the peer connections are able to reach the target download speed. For background downloads, Delivery Optimization will drop HTTP connections if peers are meeting the minimum QoS speed. To manage delaying the default behavior there are a collection of policies that can be used. For more information, see [Delivery Optimization delay policies](waas-delivery-optimization-reference.md#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources). - question: Does Delivery Optimization use multicast? From 7a39003b0814cf2bbb7ef25c89afce72f36ef938 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 17 Oct 2024 09:45:17 -0400 Subject: [PATCH 164/164] moved shortcuts under policy settings article --- .../configuration/assigned-access/overview.md | 29 ------------------- .../assigned-access/policy-settings.md | 29 +++++++++++++++++++ 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/windows/configuration/assigned-access/overview.md b/windows/configuration/assigned-access/overview.md index 12ed03cf42..29d6b948b2 100644 --- a/windows/configuration/assigned-access/overview.md +++ b/windows/configuration/assigned-access/overview.md @@ -298,35 +298,6 @@ To change the default time for Assigned Access to resume, add *IdleTimeOut* (DWO The Breakout Sequence of Ctrl + Alt + Del is the default, but this sequence can be configured to be a different sequence of keys. The breakout sequence uses the format **modifiers + keys**. An example breakout sequence is CTRL + ALT + A, where CTRL + ALT are the modifiers, and A is the key value. To learn more, see [Create an Assigned Access configuration XML file](configuration-file.md). -### Keyboard shortcuts - -The following keyboard shortcuts are blocked for the user accounts with Assigned Access: - -| Keyboard shortcut | Action | -|------------------------------------------------------|-----------------------------------------------------------------------------------------------| -| Ctrl + Shift + Esc | Open Task Manager | -| WIN + , (comma) | Temporarily peek at the desktop | -| WIN + A | Open Action center | -| WIN + Alt + D | Display and hide the date and time on the desktop | -| WIN + Ctrl + F | Find computer objects in Active Directory | -| WIN + D | Display and hide the desktop | -| WIN + E | Open File Explorer | -| WIN + F | Open Feedback Hub | -| WIN + G | Open Game bar when a game is open | -| WIN + I | Open Settings | -| WIN + J | Set focus to a Windows tip when one is available | -| WIN + O | Lock device orientation | -| WIN + Q | Open search | -| WIN + R | Open the Run dialog box | -| WIN + S | Open search | -| WIN + Shift + C | Open Cortana in listening mode | -| WIN + X | Open the Quick Link menu | -| LaunchApp1 | Open the app that is assigned to this key | -| LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator | -| LaunchMail | Open the default mail client | - -For information on how to customize keyboard shortcuts, see [Assigned Access recommendations](recommendations.md#keyboard-shortcuts). - ## Remove Assigned Access Deleting the restricted user experience removes the policy settings associated with the users, but it can't revert all the configurations. For example, the Start menu configuration is maintained. diff --git a/windows/configuration/assigned-access/policy-settings.md b/windows/configuration/assigned-access/policy-settings.md index 0bf8a93e30..9e9794304b 100644 --- a/windows/configuration/assigned-access/policy-settings.md +++ b/windows/configuration/assigned-access/policy-settings.md @@ -112,3 +112,32 @@ The deny list is used to prevent the user from accessing the apps, which are cur 1. The default rule is to allow all users to launch the desktop programs signed with *Microsoft Certificate* for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. 1. There's a predefined inbox desktop app deny list for the Assigned Access user account, which is updated based on the *desktop app allow list* that you defined in the Assigned Access configuration 1. Enterprise-defined allowed desktop apps are added in the AppLocker allow list + +## Keyboard shortcuts + +The following keyboard shortcuts are blocked for the user accounts with Assigned Access: + +| Keyboard shortcut | Action | +|------------------------------------------------------|-----------------------------------------------------------------------------------------------| +| Ctrl + Shift + Esc | Open Task Manager | +| WIN + , (comma) | Temporarily peek at the desktop | +| WIN + A | Open Action center | +| WIN + Alt + D | Display and hide the date and time on the desktop | +| WIN + Ctrl + F | Find computer objects in Active Directory | +| WIN + D | Display and hide the desktop | +| WIN + E | Open File Explorer | +| WIN + F | Open Feedback Hub | +| WIN + G | Open Game bar when a game is open | +| WIN + I | Open Settings | +| WIN + J | Set focus to a Windows tip when one is available | +| WIN + O | Lock device orientation | +| WIN + Q | Open search | +| WIN + R | Open the Run dialog box | +| WIN + S | Open search | +| WIN + Shift + C | Open Cortana in listening mode | +| WIN + X | Open the Quick Link menu | +| LaunchApp1 | Open the app that is assigned to this key | +| LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator | +| LaunchMail | Open the default mail client | + +For information on how to customize keyboard shortcuts, see [Assigned Access recommendations](recommendations.md#keyboard-shortcuts).