deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1892 from LauraKellerGitHub/ConfigRebrand-Seven

Browse Source 
1892 | 7 | Rebrand Configmgr | windows-docs | LK
This commit is contained in:
Gary Moore
2020-01-29 17:24:38 -08:00
committed by GitHub
parent 697e0a5de5 490b570aa4
commit 4dd773a54d
32 changed files with 843 additions and 838 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
View File

@ -35,7 +35,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
> [!NOTE]
> - Bulk-join is not supported in Azure Active Directory Join.
> - Bulk enrollment does not work in Intune standalone environment.
> - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
> - Bulk enrollment works in Microsoft Endpoint Configuration Manager where the ppkg is generated from the Configuration Manager console.
> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
## What you need

42
windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
View File

@ -15,7 +15,7 @@ ms.date: 06/26/2017
# Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using System Center Configuration Manager.
Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using Microsoft Endpoint Configuration Manager.
Here is a table of update path to Windows 10 Mobile.
@ -79,7 +79,7 @@ Down the road, after the upgrade to Windows 10 is complete, if you decide to pus
**Requirements:**
- The test device must be same as the other production devices that are receiving the updates.
- Your test device must be enrolled with System Center Configuration Manager.
- Your test device must be enrolled with Microsoft Endpoint Configuration Manager.
- Your device can connect to the Internet.
- Your device must have an SD card with at least 0.5 GB of free space.
- Ensure that the settings app and PhoneUpdate applet are available via Assigned Access.
@ -93,7 +93,7 @@ The following diagram is a high-level overview of the process.
Define the baseline update set that will be applied to other devices. Use a device that is running the most recent image as the test device.
Trigger the device to check for updates either manually or using System Center Configuration Manager.
Trigger the device to check for updates either manually or using Microsoft Endpoint Configuration Manager.
**Manually**
@ -104,19 +104,19 @@ Trigger the device to check for updates either manually or using System Center C
> **Note**  There is a bug in all OS versions up to GDR2 where the CSP will not set the assigned value. There is no way to change or set this until GDR2 is deployed onto the device.
**Using System Center Configuration Manager**
**Using Microsoft Endpoint Configuration Manager**
1. Remotely trigger a scan of the test device by deploying a Trigger Scan Configuration Baseline.
![device scan using sccm](images/windowsembedded-update2.png)
![device scan using Configuration Manager](images/windowsembedded-update2.png)
2. Set the value of this OMA-URI by browsing to the settings of this Configuration Item and selecting the newly created Trigger Scan settings from the previous step.
![device scan using sccm](images/windowsembedded-update3.png)
![device scan using Configuration Manager](images/windowsembedded-update3.png)
3. Ensure that the value that is specified for this URI is greater than the value on the device(s) and that the Remediate noncompliant rules when supported option is checked. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value.
![device scan using sccm](images/windowsembedded-update4.png)
![device scan using Configuration Manager](images/windowsembedded-update4.png)
4. Create a Configuration Baseline for TriggerScan and Deploy. It is recommended that this Configuration Baseline be deployed after the Controlled Updates Baseline has been applied to the device (the corresponding files are deployed on the device through a device sync session).
5. Follow the prompts for downloading the updates, but do not install the updates on the device.
@ -132,16 +132,16 @@ There are two ways to retrieve this file from the device; one pre-GDR1 and one p
1. Create a Configuration Item using ConfigMgr to look at the registry entry ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/ApprovedUpdatesXml.
> **Note**  In System Center Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
> **Note**  In Microsoft Endpoint Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
If the XML file is greater than 32K you can also use ./Vendor/MSFT/FileSystem/<*filename*>.
2. Set a baseline for this Configuration Item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
The dummy value is not be set; it is only used for comparison.
3. After the report XML is sent to the device, System Center Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
3. After the report XML is sent to the device, Microsoft Endpoint Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
4. Parse this log for the report XML content.
For a step-by-step walkthrough, see [How to retrieve a device update report using System Center Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-system-center-configuration-manager-logs).
For a step-by-step walkthrough, see [How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-microsoft-endpoint-configuration-manager-logs).
**Post-GDR1: Retrieve the report xml file using an SD card**
@ -228,7 +228,7 @@ This process has three parts:
1. Create a configuration item and specify that file path and name on the device as `NonPersistent\DUCustomContentURIs.xml`
2. Check the box **Remediate noncompliant settings**.
![embedded device upate](images/windowsembedded-update21.png)
![embedded device update](images/windowsembedded-update21.png)
3. Click **OK**.
@ -238,11 +238,11 @@ This process has three parts:
1. Create a configuration baseline item and give it a name (such as ControlledUpdates).
2. Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then click **OK**.
![embedded device upate](images/windowsembedded-update22.png)
![embedded device update](images/windowsembedded-update22.png)
3. Deploy the configuration baseline to the appropriate device or device collection.
![embedded device upate](images/windowsembedded-update23.png)
![embedded device update](images/windowsembedded-update23.png)
4. Click **OK**.
@ -252,7 +252,7 @@ Now that the other "production" or "in-store" devices have the necessary informa
### Use this process for unmanaged devices
If the update policy of the device is not managed or restricted by System Center Configuration Manager, an update process can be initiated on the device in one of the following ways:
If the update policy of the device is not managed or restricted by Microsoft Endpoint Configuration Manager, an update process can be initiated on the device in one of the following ways:
- Initiated by a periodic scan that the device automatically performs.
- Initiated manually through **Settings** -> **Phone Update** -> **Check for Updates**.
@ -261,14 +261,14 @@ If the update policy of the device is not managed or restricted by System Center
If the update policy of the device is managed or restricted by MDM, an update process can be initiated on the device in one of the following ways:
- Trigger the device to scan for updates through System Center Configuration Manager.
- Trigger the device to scan for updates through Microsoft Endpoint Configuration Manager.
Ensure that the trigger scan has successfully executed, and then remove the trigger scan configuration baseline.
> **Note**  Ensure that the PhoneUpdateRestriction Policy is set to a value of 0, to ensure that the device will not perform an automatic scan.
- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in System Center Configuration Manager.
- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in Microsoft Endpoint Configuration Manager.
After the installation of updates is completed, the IT Admin can use the DUReport generated in the production devices to determine if the device successfully installed the list of updates. If the device did not, error codes are provided in the DUReport.xml. To retrieve the device update report from a device, perform the same steps defined in [Step 2](#step2).
@ -456,7 +456,7 @@ DownloadFiles $inputFile $downloadCache $localCacheURL
```
<a href="" id="how-to-retrieve"></a>
## How to retrieve a device update report using System Center Configuration Manager logs
## How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs
Use this procedure for pre-GDR1 devices.
@ -465,17 +465,17 @@ Use this procedure for pre-GDR1 devices.
1. Trigger a device scan. Go to **Settings** -&gt; **Phone Update** -&gt; **Check for Updates**.
Since the DUReport settings have not been remedied, you should see a non-compliance.
2. In System Center Configuration Manager under **Assets and Compliance** &gt; **Compliance Settings**, right-click on **Configuration Items**.
2. In Microsoft Endpoint Configuration Manager under **Assets and Compliance** &gt; **Compliance Settings**, right-click on **Configuration Items**.
3. Select **Create Configuration Item**.
![device update using sccm](images/windowsembedded-update5.png)
![device update using Configuration Manager](images/windowsembedded-update5.png)
4. Enter a filename (such as GetDUReport) and then choose **Mobile Device**.
5. In the **Mobile Device Settings** page, check the box **Configure Additional Settings that are not in the default settings group**, and the click **Next**.
![device update using sccm](images/windowsembedded-update6.png)
![device update using Configuration Manager](images/windowsembedded-update6.png)
6. In the **Additional Settings** page, click **Add**.
![device update using sccm](images/windowsembedded-update7.png)
![device update using Configuration Manager](images/windowsembedded-update7.png)
7. In the **Browse Settings** page, click **Create Setting**.
![device update](images/windowsembedded-update8.png)

4
windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
View File

@ -279,7 +279,7 @@ There are a few instances where your device may not be able to connect to work,
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| Your device is already connected to your organizations cloud. | Your device is already connected to either Azure AD, a work or school account, or an AD domain. |
| We could not find your identity in your organizations cloud. | The username you entered was not found on your Azure AD tenant. |
| Your device is already being managed by an organization. | Your device is either already managed by MDM or System Center Configuration Manager. |
| Your device is already being managed by an organization. | Your device is either already managed by MDM or Microsoft Endpoint Configuration Manager. |
| You dont have the right privileges to perform this operation. Please talk to your admin. | You cannot enroll your device into MDM as a standard user. You must be on an administrator account. |
| We couldnt auto-discover a management endpoint matching the username entered. Please check your username and try again. If you know the URL to your management endpoint, please enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. |
@ -359,7 +359,7 @@ The **Info** button can be found on work or school connections involving MDM. Th
Clicking the **Info** button will open a new page in the Settings app that provides details about your MDM connection. Youll be able to view your organizations support information (if configured) on this page. Youll also be able to start a sync session which will force your device to communicate to the MDM server and fetch any updates to policies if needed.
Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screehshot.
Starting in Windows 10, version 1709, clicking the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here is an example screenshot.
![work or school info](images/unifiedenrollment-rs1-35-b.png)

16
windows/client-management/mdm/policy-ddf-file.md
View File

@ -1657,10 +1657,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
@ -11034,10 +11034,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
@ -23032,10 +23032,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
@ -51686,10 +51686,10 @@ If disabled or not configured, extensions defined as part of this policy get ign
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager (https://docs.microsoft.com/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>