deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into nimishasatapathy-5556913-printers

Browse Source
This commit is contained in:
Diana Hanson 2022-01-27 09:36:50 -07:00 committed by GitHub
commit 4e48378edf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1087 changed files with 34782 additions and 97407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.acrolinx-config.edn
View File

@ -1,4 +1,4 @@
{:allowed-branchname-matches ["master"]
{:allowed-branchname-matches ["master" "main"]
:allowed-filename-matches ["windows/"]
:targets
@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi
Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
| Article | Score | Issues | Scorecard | Processed |
| ------- | ----- | ------ | --------- | --------- |
| Article | Score | Issues | Spelling<br>issues | Scorecard | Processed |
| ------- | ----- | ------ | ------ | --------- | --------- |
"
:template-change
"| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} |
"| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/spelling} | [link](${acrolinx/scorecard}) | ${s/status} |
"
:template-footer

124
.openpublishing.redirection.json
View File

@ -1,5 +1,105 @@
{
"redirections": [
{
"source_path": "windows/client-management/mdm/browserfavorite-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/remotelock-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/remotelock-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/registry-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/registry-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/maps-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/maps-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/hotspot-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/filesystem-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseext-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseext-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
@ -5072,7 +5172,7 @@
},
{
"source_path": "windows/device-security/windows-10-mobile-security-guide.md",
"redirect_url": "/windows/security/threat-protection/windows-10-mobile-security-guide",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@ -5377,7 +5477,7 @@
},
{
"source_path": "windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md",
"redirect_url": "/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@ -11987,7 +12087,7 @@
},
{
"source_path": "windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md",
"redirect_url": "/windows/access-protection/installing-digital-certificates-on-windows-10-mobile",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@ -13477,7 +13577,7 @@
},
{
"source_path": "windows/keep-secure/windows-10-mobile-security-guide.md",
"redirect_url": "/windows/device-security/windows-10-mobile-security-guide",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
@ -16411,7 +16511,7 @@
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md",
"source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/gov",
"redirect_document_id": false
},
@ -19198,10 +19298,14 @@
},
{
"source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
"redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
"redirect_document_id": true
"source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
"redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
"redirect_document_id": true
},
{
"source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
"redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
"redirect_document_id": false
}
]
]
}

2
browsers/edge/group-policies/index.yml
View File

@ -9,7 +9,7 @@ metadata:
keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
ms.prod: edge
author: shortpatti
author: dougeby
ms.author: pashort
ms.topic: landing-page
ms.devlang: na

2
browsers/edge/index.yml
View File

@ -11,7 +11,7 @@ metadata:
ms.localizationpriority: medium
ms.topic: landing-page # Required
ms.collection: collection # Optional; Remove if no collection is used.
author: shortpatti #Required; your GitHub user alias, with correct capitalization.
author: dougeby #Required; your GitHub user alias, with correct capitalization.
ms.author: pashort #Required; microsoft alias of author; optional team alias.
ms.date: 07/07/2020 #Required; mm/dd/yyyy format.

2
browsers/edge/microsoft-edge-faq.yml
View File

@ -62,7 +62,7 @@ sections:
- question: Will Internet Explorer 11 continue to receive updates?
answer: |
We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](/lifecycle/faq/internet-explorer-microsoft-edge). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
- question: How do I find out which version of Microsoft Edge I have?
answer: |

6
browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
View File

@ -14,9 +14,7 @@ ms.author: dansimp
[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)<br>
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
<p>
<img src="images/docmode-decisions-lg.png" alt="Full-sized flowchart detailing how document modes are chosen in IE11" width="1355" height="1625" style="max-width:none;">
</p>
:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png":::

9
browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
View File

@ -36,11 +36,4 @@ Use the topics in this section to learn about how to auto detect your settings,
|------|------------|
|[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. |
|[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. | 
|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |

1
browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
View File

@ -34,6 +34,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manage
| Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.<p>If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.<p>**In Internet Explorer 9 and 10:**<br>If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.<p>**In at least IE11:**<br>If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.<p>If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
| Don't run antimalware programs against ActiveX controls<br>(Internet, Restricted Zones) | <ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone</li></ul> | IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
| Don't run antimalware programs against ActiveX controls<br>(Intranet, Trusted, Local Machine Zones) | <ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone</li></ul> | IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
| Hide Internet Explorer 11 Application Retirement Notification | Administrative Templates\Windows Components\Internet Explorer | Internet Explorer 11 on Windows 10 20H2 & newer | This policy setting allows you to prevent the notification bar that informs users of Internet Explorer 11s retirement from showing up. <br>If you disable or dont configure this setting, the notification will be shown. |
| Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.<p>If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.<p>If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.<p>If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
| Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.<p>If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but dont specify a report location, Enterprise Mode will still be available to your users, but you wont get any reports.<p>If you disable or dont configure this policy setting, the menu option wont appear and users wont be able to turn on Enterprise Mode locally. |
| Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.<p>If you disable or dont configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.<p>**Note:**<br>You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |

5
browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
View File

@ -24,9 +24,6 @@ summary: |
sections:
- name: Ignored
questions:
- question: |
Frequently Asked Questions
answer: |
- question: |
What operating system does IE11 run on?
answer: |
@ -250,4 +247,4 @@ additionalContent: |
- [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)

4
browsers/internet-explorer/internet-explorer.yml
View File

@ -31,7 +31,7 @@ landingContent:
- text: Use Enterprise Mode to improve compatibility
url: /microsoft-edge/deploy/emie-to-improve-compatibility
- text: Lifecycle FAQ - Internet Explorer
url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
url: /lifecycle/faq/internet-explorer-microsoft-edge
- linkListType: download
links:
- text: Download IE11 with Windows 10
@ -123,7 +123,7 @@ landingContent:
- text: Group Policy preferences for IE11
url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
- text: Configure Group Policy preferences
url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
- text: Blocked out-of-date ActiveX controls
url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
- text: Out-of-date ActiveX control blocking

4
browsers/internet-explorer/kb-support/ie-edge-faqs.yml
View File

@ -148,7 +148,7 @@ sections:
- question: |
Where to find Internet Explorer security zones registry entries
answer: |
Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users).
Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries).
This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
@ -193,7 +193,7 @@ sections:
answer: |
Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
- question: |
How to configure TLS (SSL) for Internet Explorer

28
education/includes/education-content-updates.md
View File

@ -2,6 +2,24 @@
## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 12/13/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
| 12/13/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
## Week of November 29, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added |
| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added |
## Week of November 15, 2021
@ -12,13 +30,3 @@
| 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
| 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
| 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
## Week of October 25, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
| 10/28/2021 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |

6
education/windows/TOC.yml
View File

@ -1,3 +1,9 @@
- name: Windows 11 SE for Education
items:
- name: Overview
href: windows-11-se-overview.md
- name: Settings and CSP list
href: windows-11-se-settings-list.md
- name: Windows 10 for Education
href: index.md
items:

111
education/windows/windows-11-se-overview.md Normal file
View File

@ -0,0 +1,111 @@
---
title: What is Windows 11 SE
description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education.
ms.reviewer:
manager: dougeby
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
ms.author: mandia
author: MandiOhlinger
ms.localizationpriority: medium
ms.topic: article
---
# Windows 11 SE for Education
**Applies to**:
- Windows 11 SE
- Microsoft Intune for Education
Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
- A simplified and secure experience for students. Student privacy is prioritized.
- Admins remotely manage Windows 11 SE devices using [Microsoft Intune for Education](/intune-education/what-is-intune-for-education).
- It's built for low-cost devices.
- It has a curated app experience, and is designed to only run essential education apps.
## Get Windows 11 SE
Windows 11 SE is only available preinstalled on devices from OEMs. The OEM installs Windows 11 SE, and makes the devices available for you to purchase. For example, you'll be able to purchase Microsoft Surface devices with Windows 11 SE already installed.
## Available apps
Windows 11 SE comes with some preinstalled apps. The following apps can also run on Windows 11 SE, and are deployed using the [Intune for Education portal](https://intuneeducation.portal.azure.com). For more information, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
---
| Application | Min version | Vendor |
| --- | --- | --- |
| Chrome | 95.0.4638.54 | Google |
| Dragon Assistant | 3.2.98.061 | Nuance Communications |
| Dragon Professional Individual | 15.00.100 | Nuance Communications |
| e-Speaking Voice and Speech recognition | 4.4.0.8 | e-speaking |
| Free NaturalReader | 16.1.2 | Natural Soft |
| Jaws for Windows | 2022.2109.84 ILM | Freedom Scientific |
| Kite Student Portal | 8.0.1 | Dynamic Learning Maps |
| NextUp Talker | 1.0.49 | NextUp Technologies, LLC. |
| NonVisual Desktop Access | 2021.2 | NV Access |
| Read and Write | 12.0.71 | Texthelp Systems Ltd. |
| SuperNova Magnifier & Screen Reader | 20.03 | Dolphin Computer Access |
| SuperNova Magnifier & Speech | 20.03 | Dolphin Computer Access |
| Text Aloud | 4.0.64 | Nextup.com |
| Zoom | 5.8.3 (1581) | Zoom Inc |
| Zoomtext Fusion by AiSquared | 2022.2109.10 | ORF Fusion |
| ZoomText Magnifier/Reader | 2022.2109.25ILM | AI Squared |
---
### Enabled apps
| App type | Enabled |
| --- | --- |
| Apps that run in a browser | ✔️ Apps that run in a browser, like Progressive Web Apps (PWA) and Web apps, can run on Windows 11 SE without any changes or limitations. |
| Apps that require installation | ❌ Apps that require an installation, including Microsoft Store apps and Win32 apps can't be installed. If students try to install these apps, the installation fails. <br/><br/>✔️ If there are specific installation-type of apps you want to enable, then work with Microsoft to get them enabled. For more information, see [Add your own apps](#add-your-own-apps) (in this article). |
### Add your own apps
If the apps you need aren't shown in the [available apps list](#available-apps) (in this article), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
Microsoft reviews every app request to make sure each app meets the following requirements:
- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more.
- Apps must be in one of the following app categories:
- Content Filtering apps
- Test Taking solutions
- Assistive technologies
- Classroom communication apps
- Essential diagnostics, management, and supportability apps
- Apps must meet the performance [requirements of Windows 11](/windows/whats-new/windows-11-requirements).
- Apps must meet the following security requirements:
- All app binaries are code-signed.
- All files include the `OriginalFileName` in the resource file header.
- All kernel drivers are WHQL-signed.
- Apps don't have an equivalent web application.
- Apps can't invoke any processes that can be used to jailbreak a device, automate jailbreaks, or present a security risk. For example, processes such as Reg.exe, CBE.exe, CMD.exe, and KD.exe are blocked on Windows 11 SE.
If the app meets the requirements, Microsoft works with the Independent Software Vendor (ISV) to test the app, and make sure the app works as expected on Windows 11 SE.
When the app is ready, Microsoft will update you. Then, you add the app to the [Intune for Education portal](https://intuneeducation.portal.azure.com), and [assign](/intune-education/assign-apps) it to your Windows 11 SE devices.
For more information on Intune requirements for adding education apps, see [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
### 0x87D300D9 error with an app
When you deploy an app using Intune for Education, you may get a `0x87D300D9` error code with a `Failed` state in the [Intune for Education portal](https://intuneeducation.portal.azure.com). If you have an app that fails with this error, then:
- Make sure the app is on the [available apps list](#available-apps) (in this article). Or, make sure your app is [approved for Windows 11 SE](#add-your-own-apps) (in this article).
- If the app is approved, then it's possible the app is packaged wrong. For more information, see [Add your own apps](#add-your-own-apps) (in this article) and [Manage devices running Windows 11 SE](/intune-education/windows-11-se-overview).
- If the app isn't approved, then it won't run on Windows 11 SE. To get apps approved, see [Add your own apps](#add-your-own-apps) (in this article). Or, use an app that runs in a web browser, such as a web app or PWA.
## Related articles
- [Use Intune for Education to manage devices running Windows 11 SE](/intune-education/windows-11-se-overview)

106
education/windows/windows-11-se-settings-list.md Normal file
View File

@ -0,0 +1,106 @@
---
title: Windows 11 SE settings list
description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
ms.reviewer:
manager: dougeby
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
ms.author: mandia
author: MandiOhlinger
ms.localizationpriority: medium
ms.topic: article
---
# Windows 11 SE for Education settings list
**Applies to**:
- Windows 11 SE
- Microsoft Intune for Education
Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings.
This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).
## Settings that can be changed
The following table lists and describes the settings that can be changed by administrators.
| Setting | Description |
| --- | --- |
| Block manual unenrollment | Default: Blocked<br/><br/>Users can't unenroll their devices from device management services. <br/><br/>[Experience/AllowManualMDMUnenrollment CSP](/windows/client-management/mdm/policy-csp-experience#experience-allowmanualmdmunenrollment)|
| Allow option to Show Network | Default: Allowed<br/><br/>Gives users the option to see the **Show Network** folder in File Explorer. |
| Allow option to Show This PC | Default: Allowed<br/><br/>Gives user the option to see the **Show This PC** folder in File Explorer. |
| Set Allowed Folder location | Default folders: Documents, Desktop, Pictures, and Downloads<br/><br/>Gives user access to these folders. |
| Set Allowed Storage Locations | Default: Blocks Local Drives and Network Drives<br/><br/>Blocks user access to these storage locations. |
| Allow News and Interests | Default: Hide<br/><br/>Hides Widgets. |
| Disable advertising ID | Default: Disabled<br/><br/>Blocks apps from using usage data to tailor advertisements. <br/><br/>[Privacy/DisableAdvertisingId CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) |
| Visible settings pages | Default: <br/><br/> |
| Enable App Install Control | Default: Turned On<br/><br/>Users cant download apps from the internet.<br/><br/>[SmartScreen/EnableAppInstallControl CSP](/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol)|
| Configure Storage Sense Cloud Content Dehydration Threshold | Default: 30 days<br/><br/>If a file hasnt been opened in 30 days, it becomes an online-only file. Online-only files can be opened when there's an internet connection. When an online-only file is opened on a device, it downloads and becomes locally available on that device. The file is available until it's unopened for the specified number of days, and becomes online-only again. <br/><br/>[Storage/ConfigStorageSenseCloudContentDehydrationThreshold CSP](/windows/client-management/mdm/policy-csp-storage#storage-configstoragesensecloudcontentdehydrationthreshold) |
| Allow Telemetry | Default: Required Telemetry Only<br/><br/>Sends only basic device info, including quality-related data, app compatibility, and similar data to keep the device secure and up-to-date. <br/><br/>[System/AllowTelemetry CSP](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |
| Allow Experimentation | Default: Disabled<br/><br/>Microsoft can't experiment with the product to study user preferences or device behavior. <br/><br/>[System/AllowExperimentation CSP](/windows/client-management/mdm/policy-csp-system#system-allowexperimentation) |
| Block external extensions | Default: Blocked<br/><br/>In Microsoft Edge, users can't install external extensions. <br/><br/>[BlockExternalExtensions](/DeployEdge/microsoft-edge-policies#blockexternalextensions)|
| Configure new tab page | Default: `Office.com`<br/><br/>In Microsoft Edge, the new tab page defaults to `office.com`. <br/><br/>[Configure the new tab page URL](/DeployEdge/microsoft-edge-policies#configure-the-new-tab-page-url)|
| Configure homepage | Default: `Office.com`<br/><br/>In Microsoft Edge, the homepage defaults to `office.com`. <br/><br/>[HomepageIsNewTabPage](/DeployEdge/microsoft-edge-policies#homepageisnewtabpage)|
| Prevent SmartScreen prompt override | Default: Enabled<br/><br/>In Microsoft Edge, users can't override Windows Defender SmartScreen warnings. <br/><br/>[PreventSmartScreenPromptOverride](/DeployEdge/microsoft-edge-policies#preventsmartscreenpromptoverride)|
## Settings that can't be changed
The following settings can't be changed.
| Category | Description |
| --- | --- |
| Visible Folders in File Explorer | By default, the Desktop, Downloads, Documents, and Pictures folders are visible to users in File Explorer. Users can make other folders, like **This PC**, visible in **View** > **Options**. |
| Launch Windows Maximized | All Windows are opened in the maximized view. |
| Windows Snapping | Windows snapping is limited to two Windows. |
| Allowed Account Types | Microsoft accounts and Azure AD accounts are allowed. |
| Virtual Desktops | Virtual Desktops are blocked. |
| Microsoft Store | The Microsoft Store is blocked. |
| Administrative tools | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. |
| Apps | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). |
## What's available in the Settings app
On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown.
- Accessibility
- Accounts
- Email & accounts
- Apps
- Bluetooth & devices
- Bluetooth
- Printers & scanners
- Mouse
- Touchpad
- Typing
- Pen
- AutoPlay
- Network & internet
- WiFi
- VPN
- Personalization
- Taskbar
- Privacy & security
- System
- Display
- Notifications
- Tablet mode
- Multitasking
- Projecting to this PC
- Time & Language
- Language & region
## Next steps
[Windows 11 SE for Education overview](windows-11-se-overview.md)

167
smb/cloud-mode-business-setup.md
View File

@ -34,7 +34,7 @@ In this walkthrough, we'll show you how to deploy and manage a full cloud IT sol
- Create policies and app deployment rules
- Log in as a user and start using your Windows device
Go to the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a> and select **Products** to learn more about pricing and purchasing options for your business.
Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business.
## Prerequisites
@ -50,16 +50,17 @@ Here's a few things to keep in mind before you get started:
To set up a cloud infrastructure for your organization, follow the steps in this section.
### 1.1 Set up Office 365 for business
See <a href="https://support.office.com/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa" target="_blank">Set up Office 365 for business</a> to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to:
See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to:
- Plan your setup
- Create Office 365 accounts and how to add your domain.
- Install Office
To set up your Microsoft 365 for business tenant, see <a href="https://support.office.com/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Microsoft 365 for business</a>.
To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365).
If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started:
1. Go to the <a href="https://products.office.com/business/office-365-affiliate-program-buy-business-premium" target="_blank">Office 365</a> page in the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**.
1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**.
**Figure 1** - Try or buy Office 365
@ -68,7 +69,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
2. Fill out the sign up form and provide information about you and your company.
3. Create a user ID and password to use to sign into your account.
This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the admin portal).
This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal).
4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
@ -78,7 +79,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 2** - Microsoft 365 admin center
![Opens the Microsoft 365 admin center.](images/office365_portal.png)
:::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png":::
6. Select the **Admin** tile to go to the admin center.
@ -88,22 +89,22 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 3** - Admin center
![Complete the Office 365 setup in the Microsoft 365 admin center.](images/office365_admin_portal.png)
:::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png":::
8. Go back to the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a> to add or buy a domain.
8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain.
1. Select the **Domains** option.
**Figure 4** - Option to add or buy a domain
![Add or buy a domain in admin center.](images/office365_buy_domain.png)
:::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png":::
2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`.
**Figure 5** - Microsoft-provided domain
![Microsoft-provided domain.](images/office365_ms_provided_domain.png)
:::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png":::
- If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
- If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
@ -112,7 +113,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 6** - Domains
![Verify your domains in the admin center.](images/office365_additional_domain.png)
:::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png":::
### 1.2 Add users and assign product licenses
Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
@ -121,55 +122,55 @@ When adding users, you can also assign admin privileges to certain users in your
**To add users and assign product licenses**
1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a>, select **Users > Active users**.
1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**.
**Figure 7** - Add users
![Add Office 365 users.](images/office365_users.png)
:::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png":::
2. In the **Home > Active users** page, add users individually or in bulk.
- To add users one at a time, select **+ Add a user**.
If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in <a href="https://support.office.com/article/Add-users-individually-or-in-bulk-to-Office-365-Admin-Help-1970f7d6-03b5-442f-b385-5880b9c256ec" target="_blank">Add users individually or in bulk to Office 365 - Admin Help</a>.
If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users).
**Figure 8** - Add an individual user
![Add an individual user.](images/office365_add_individual_user.png)
:::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png":::
- To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see <a href="https://support.office.com/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88" target="_blank">Add several users at the same time to Office 365 - Admin Help</a>. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users.
**Figure 9** - Import multiple users
![Import multiple users.](images/office365_import_multiple_users.png)
:::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png":::
3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
**Figure 10** - List of active users
![Verify users and assigned product licenses.](images/o365_active_users.png)
:::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png":::
### 1.3 Add Microsoft Intune
Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see <a href="/intune/understand-explore/introduction-to-microsoft-intune" target="_blank">What is Intune?</a>
Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune).
**To add Microsoft Intune to your tenant**
1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a>, select **Billing > Purchase services**.
1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**.
2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
3. Confirm your order to enable access to Microsoft Intune.
4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
**Figure 11** - Assign Intune licenses
![Assign Microsoft Intune licenses to users.](images/o365_assign_intune_license.png)
:::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png":::
5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
6. Select **Intune**. This step opens the Endpoint Manager admin center.
**Figure 12** - Microsoft Intune management portal
![Microsoft Intune management portal.](images/intune_portal_home.png)
:::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png":::
Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
@ -178,7 +179,7 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
**To add Azure AD to your domain**
1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a>, select **Admin centers > Azure AD**.
1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**.
> [!NOTE]
> You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
@ -187,57 +188,57 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
**Figure 13** - Access to Azure AD is not available
![Access to Azure AD not available.](images/azure_ad_access_not_available.png)
:::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png":::
3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365.
4. Select **Azure subscription**. This step will take you to a free trial sign up screen.
**Figure 14** - Sign up for Microsoft Azure
![Sign up for Microsoft Azure.](images/azure_ad_sign_up_screen.png)
:::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png":::
5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
**Figure 15** - Start managing your Azure subscription
![Start managing your Azure subscription.](images/azure_ad_successful_signup.png)
:::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png":::
This step will take you to the <a href="https://portal.azure.com" target="_blank">Microsoft Azure portal</a>.
This step will take you to the [Microsoft Azure portal](https://portal.azure.com).
### 1.5 Add groups in Azure AD
This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see <a href="/azure/active-directory/active-directory-manage-groups" target="_blank">Managing access to resources with Azure Active Directory groups</a>.
This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups.
To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal (https://manage.windowsazure.com)</a>. See <a href="/azure/active-directory/active-directory-accessmanagement-manage-groups" target="_blank">Managing groups in Azure Active Directory</a> for more information about managing groups.
To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups.
**To add groups in Azure AD**
1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal</a>, you will see a screen informing you that your directory is ready for use.
1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use.
Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
**Figure 16** - Azure first sign-in screen
![Select Azure AD.](images/azure_portal_classic_configure_directory.png)
:::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png":::
2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
**Figure 17** - Directory home page
![Directory home page.](images/azure_portal_classic_directory_ready.png)
:::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png":::
3. From the menu options on top, select **Groups**.
**Figure 18** - Azure AD groups
![Add groups in Azure AD.](images/azure_portal_classic_groups.png)
:::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png":::
4. Select **Add a group** (from the top) or **Add group** at the bottom.
5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
**Figure 19** - Newly added group in Azure AD
![Verify the new group appears on the list.](images/azure_portal_classic_all_users_group.png)
:::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png":::
6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
@ -245,34 +246,34 @@ To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.c
**Figure 20** - Members in the new group
![Members added to the new group.](images/azure_portal_classic_members_added.png)
:::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png":::
7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
### 1.6 Configure automatic MDM enrollment with Intune
Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in.
You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/" target="_blank">this blog post</a> to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
> [!IMPORTANT]
> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
**To enable automatic MDM enrollment**
1. In the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal</a>, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
**Figure 21** - List of applications for your company
![List of applications for your company.](images/azure_portal_classic_applications.png)
:::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png":::
2. Select **Microsoft Intune** to configure the application.
3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
**Figure 22** - Configure Microsoft Intune in Azure
![Configure Microsoft Intune in Azure.](images/azure_portal_classic_configure_intune_app.png)
:::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png":::
4. In the Microsoft Intune configuration page:
- In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
@ -291,66 +292,66 @@ You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/201
**Figure 23** - Configure Microsoft Intune
![Configure automatic MDM enrollment with Intune.](images/azure_portal_classic_configure_intune_mdm_enrollment.png)
:::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png":::
### 1.7 Configure Microsoft Store for Business for app distribution
Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune.
In this part of the walkthrough, we'll be working on the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a> and <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a>.
In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps).
**To associate your Store account with Intune and configure synchronization**
1. From the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a>, select **Admin**.
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
**Figure 24** - Mobile device management
![Set up mobile device management in Intune.](images/intune_admin_mdm_configure.png)
:::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png":::
3. Sign into <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a> using the same tenant account that you used to sign into Intune.
3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune.
4. Accept the EULA.
5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
**Figure 25** - Activate Intune as the Store management tool
![Activate Intune from the Store portal.](images/wsfb_management_tools_activate.png)
:::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png":::
7. Go back to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
**Figure 26** - Configure Store for Business sync in Intune
![Configure Store for Business sync in Intune.](images/intune_admin_mdm_store_sync.png)
:::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png":::
9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
**Figure 27** - Enable Microsoft Store for Business sync in Intune
![Enable Store for Business sync in Intune.](images/intune_configure_store_app_sync_dialog.png)
:::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png":::
The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
**To buy apps from the Store**
In your <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a> portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
- Sway
- OneNote
- PowerPoint Mobile
- Excel Mobile
- Word Mobile
In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune.
**Example 1 - Add other apps like Reader and InstaNote**
1. In the <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a> portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
**Figure 28** - Shop for Store apps
![Shop for Store apps.](images/wsfb_shop_microsoft_apps.png)
:::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png":::
2. Click to select an app, such as **Reader**. This opens the app page.
3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
@ -360,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S
**Figure 29** - App inventory shows the purchased apps
![Confirm that your inventory shows purchased apps.](images/wsfb_manage_inventory_newapps.png)
:::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png":::
> [!NOTE]
> Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
@ -369,18 +370,18 @@ In the following example, we'll show you how to buy apps through the Microsoft S
If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management > Windows > Store for Business**.
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**.
2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
**Figure 30** - Force a sync in Intune
![Force a sync in Intune.](images/intune_admin_mdm_forcesync.png)
:::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png":::
**To view purchased apps**
- In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
**To add more apps**
- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see <a href="/intune/deploy-use/add-apps-for-mobile-devices-in-microsoft-intune" target="_blank">Add apps for enrolled devices to Intune</a> for more info on how to do this.
- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this.
## 2. Set up devices
@ -395,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi
**Figure 31** - First screen in Windows device setup
![First screen in Windows device setup.](images/win10_hithere.png)
:::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png":::
> [!NOTE]
> During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
@ -405,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi
**Figure 32** - Choose how you'll connect your Windows device
![Choose how you'll connect the Windows device.](images/win10_choosehowtoconnect.png)
:::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png":::
4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
**Figure 33** - Sign in using one of the accounts you added
![Sign in using one of the accounts you added.](images/win10_signin_admin_account.png)
:::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png":::
5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
@ -425,16 +426,16 @@ Verify that the device is set up correctly and boots without any issues.
2. Confirm that the Store and built-in apps are working.
### 2.3 Verify the device is Azure AD joined
In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
**To verify if the device is joined to Azure AD**
1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**.
**Figure 34** - Check the PC name on your device
![Check the PC name on your device.](images/win10_settings_pcname.png)
:::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png":::
2. Log in to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>.
2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
3. Select **Groups** and then go to **Devices**.
4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC.
- Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
@ -443,7 +444,7 @@ In the <a href="https://manage.microsoft.com/" target="_blank">Intune management
**Figure 35** - Check that the device appears in Intune
![Check that the device appears in Intune.](images/intune_groups_devices_list.png)
:::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png":::
## 3. Manage device settings and features
You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
@ -454,7 +455,7 @@ In this section, we'll show you how to reconfigure app deployment settings and a
In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
**To reconfigure app deployment settings**
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps** and go to **Apps > Volume-Purchased Apps**.
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**.
2. Select the app, right-click, then select **Manage Deployment...**.
3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
@ -462,7 +463,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 36** - Reconfigure an app's deployment setting in Intune
![Reconfigure app deployment settings in Intune.](images/intune_apps_deploymentaction.png)
:::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png":::
6. Click **Finish**.
7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
@ -472,12 +473,12 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 37** - Confirm that additional apps were deployed to the device
![Confirm that additional apps were deployed to the device.](images/win10_deploy_apps_immediately.png)
:::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png":::
### 3.2 Configure other settings in Intune
**To disable the camera**
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Policy > Configuration Policies**.
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**.
2. In the **Policies** window, click **Add** to create a new policy.
3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
4. On the **Create Policy** page, select **Device Capabilities**.
@ -488,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 38** - Add a configuration policy
![Add a configuration policy.](images/intune_policy_disablecamera.png)
:::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png":::
7. Click **Save Policy**. A confirmation window will pop up.
8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
@ -497,16 +498,16 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 39** - The new policy should appear in the **Policies** list.
![New policy appears on the list.](images/intune_policies_newpolicy_deployed.png)
:::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png":::
**To turn off Windows Hello and PINs during device setup**
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin**.
1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
**Figure 40** - Policy to disable Windows Hello for Business
![Disable Windows Hello for Business.](images/intune_policy_disable_windowshello.png)
:::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png":::
4. Click **Save**.
@ -533,49 +534,49 @@ For other devices, such as those personally-owned by employees who need to conne
**Figure 41** - Add an Azure AD account to the device
![Add an Azure AD account to the device.](images/win10_add_new_user_join_aad.png)
:::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png":::
4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
**Figure 42** - Enter the account details
![Enter the account details.](images/win10_add_new_user_account_aadwork.png)
:::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png":::
5. You will be asked to update the password so enter a new password.
6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
**Figure 43** - Make sure this is your organization
![Make sure this is your organization.](images/win10_confirm_organization_details.png)
:::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png":::
7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
**Figure 44** - Confirmation that the device is now connected
![Confirmation that the device is now connected.](images/win10_confirm_device_connected_to_org.png)
:::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png":::
8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
**Figure 45** - Device is now enrolled in Azure AD
![Device is enrolled in Azure AD.](images/win10_device_enrolled_in_aad.png)
:::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png":::
9. You can confirm that the new device and user are showing up as Intune-managed by going to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
### 4.2 Add a new user
You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and verify that the same users were added to the Intune groups as well.
See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well.
## Get more info
### For IT admins
To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
- <a href="https://support.office.com/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa" target="_blank">Set up Office 365 for business</a>
- Common admin tasks in Office 365 including email and OneDrive in <a href="https://support.office.com/article/Common-management-tasks-for-Office-365-46c667f7-5073-47b9-a75f-05a60cf77d91" target="_blank">Manage Office 365</a>
- More info about managing devices, apps, data, troubleshooting, and more in <a href="/intune/" target="_blank">Intune documentation</a>
- [Set up Office 365 for business](/microsoft-365/admin/setup)
- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
- Info about distributing apps to your employees, managing apps, managing settings, and more in <a href="/microsoft-store/" target="_blank">Microsoft Store for Business</a>
- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
### For information workers
Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:

5
smb/includes/smb-content-updates.md
View File

@ -2,10 +2,9 @@
## Week of October 25, 2021
## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 10/28/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
| 10/28/2021 | [Windows 10/11 for small to midsize businesses](/windows/smb/index) | modified |
| 12/14/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |

11
store-for-business/includes/store-for-business-content-updates.md
View File

@ -2,6 +2,17 @@
## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 12/13/2021 | [Microsoft Store for Business and Education release history](/microsoft-store/release-history-microsoft-store-business-education) | modified |
| 12/13/2021 | [Change history for Microsoft Store for Business and Education](/microsoft-store/sfb-change-history) | modified |
| 12/14/2021 | [Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/manage-users-and-groups-microsoft-store-for-business) | modified |
| 12/14/2021 | [Troubleshoot Microsoft Store for Business (Windows 10)](/microsoft-store/troubleshoot-microsoft-store-for-business) | modified |
## Week of November 15, 2021

2
store-for-business/manage-users-and-groups-microsoft-store-for-business.md
View File

@ -44,5 +44,5 @@ If you created a new Azure AD directory when you signed up for Store for Busines
You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
For more information, see:
- [Add user accounts using Office 365 admin dashboard](https://support.office.com/en-us/article/add-users-individually-or-in-bulk-to-office-365-admin-help-1970f7d6-03b5-442f-b385-5880b9c256ec)
- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users)
- [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory)

6
store-for-business/release-history-microsoft-store-business-education.md
View File

@ -1,6 +1,6 @@
---
title: Whats new in Microsoft Store for Business and Education
description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education.
title: Microsoft Store for Business and Education release history
description: Know the release history of Microsoft Store for Business and Microsoft Store for Education.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -18,7 +18,7 @@ manager: dansimp
> [!IMPORTANT]
> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)

8
store-for-business/sfb-change-history.md
View File

@ -76,6 +76,7 @@ ms.localizationpriority: medium
| --- | --- |
| [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. |
## June 2017
@ -84,10 +85,3 @@ ms.localizationpriority: medium
| [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. |
| [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
## July 2017
| New or changed topic | Description |
| -------------------- | ----------- |
| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |

2
store-for-business/troubleshoot-microsoft-store-for-business.md
View File

@ -56,7 +56,7 @@ The private store for your organization is a page in Microsoft Store app that co
## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager
If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).
If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration).
## Still having trouble?

1
windows/application-management/add-apps-and-features.md
View File

@ -12,6 +12,7 @@ ms.date: 08/30/2021
ms.reviewer:
manager: dougeby
ms.topic: article
ms.collection: highpri
---
# Add or hide features on the Windows client OS

4
windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
View File

@ -63,7 +63,7 @@ The computer on which you are installing the Office Deployment Tool must have th
| Prerequisite | Description |
|----------------------|--------------------|
| Prerequisite software | .Net Framework 4 |
| Prerequisite software | .NET Framework 4 |
| Supported operating systems | 64-bit version of Windows 10/11<br>64-bit version of Windows 8 or 8.1<br>64-bit version of Windows 7 |
>[!NOTE]
@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
|--------------|----------------------------|----------------|
| Add element | Specifies which products and languages the package will include. | N/A |
| **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`<br>`OfficeClientEdition="64"` |
| Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
| Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation). | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
| Language element | Specifies which language the applications support. | `Language ID="en-us"` |
| Version (attribute of **Add** element) | Optional. Specifies which build the package will use.<br>Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
| SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |

159
windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
View File

@ -19,90 +19,81 @@ ms.author: greglin
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10 version 1703 and later
<table border="1">
<thead>
<th>Problem</th>
<th>Workaround</th>
</thead>
<tbody>
<tr>
<td>Unable to manually create a system-owned folder needed for the <code>set-AppVClientConfiguration</code> PowerShell cmdlet when using the <i>PackageInstallationRoot</i>, <i>IntegrationRootUser</i>, or <i>IntegrationRootGlobal</i> parameters.</td>
<td>Don&#39;t create this file manually, instead let the <code>Add-AppVClientPackage</code> cmdlet auto-generate it.</td>
</tr>
<tr>
<td>Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.</td>
<td>Make sure you have the complete App-V package or the MSI file from the original app.</td>
</tr>
<tr>
<td>Unable to modify the locale for auto-sequencing.</td>
<td>Open the <code>C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml</code> file and include the language code for your locale. For example, if you wanted Spanish (Spain), you&#39;d use: <strong>es-ES</strong>.</td>
</tr>
<tr>
<td>Filetype and protocol handlers aren&#39;t registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the <strong>Settings &gt; Apps&gt; Default Apps</strong> area.</td>
<td>The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the <strong>&lt;appv:Extensions&gt;</strong> tag:
<pre><code>
&lt;appv:Extension Category="AppV.URLProtocol"&gt;
&lt;appv:URLProtocol&gt;
&lt;appv:Name&gt;ftp&lt;/appv:Name&gt;
&lt;appv:ApplicationURLProtocol&gt;
&lt;appv:DefaultIcon&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0&lt;/appv:DefaultIcon&gt;
&lt;appv:ShellCommands&gt;
&lt;appv:DefaultCommand&gt;open&lt;/appv:DefaultCommand&gt;
&lt;appv:ShellCommand&gt;
&lt;appv:ApplicationId&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe&lt;/appv:ApplicationId&gt;
&lt;appv:Name&gt;open&lt;/appv:Name&gt;
&lt;appv:CommandLine&gt;"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"&lt;/appv:CommandLine&gt;
&lt;appv:DdeExec&gt;
&lt;appv:DdeCommand /&gt;
&lt;/appv:DdeExec&gt;
&lt;/appv:ShellCommand&gt;
&lt;/appv:ShellCommands&gt;
&lt;/appv:ApplicationURLProtocol&gt;
&lt;/appv:URLProtocol&gt;
&lt;/appv:Extension&gt;
&lt;appv:Extension Category="AppV.URLProtocol"&gt;
&lt;appv:URLProtocol&gt;
&lt;appv:Name&gt;http&lt;/appv:Name&gt;
&lt;appv:ApplicationURLProtocol&gt;
&lt;appv:DefaultIcon&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0&lt;/appv:DefaultIcon&gt;
&lt;appv:ShellCommands&gt;
&lt;appv:DefaultCommand&gt;open&lt;/appv:DefaultCommand&gt;
&lt;appv:ShellCommand&gt;
&lt;appv:ApplicationId&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe&lt;/appv:ApplicationId&gt;
&lt;appv:Name&gt;open&lt;/appv:Name&gt;
&lt;appv:CommandLine&gt;"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"&lt;/appv:CommandLine&gt;
&lt;appv:DdeExec&gt;
&lt;appv:DdeCommand /&gt;
&lt;/appv:DdeExec&gt;
&lt;/appv:ShellCommand&gt;
&lt;/appv:ShellCommands&gt;
&lt;/appv:ApplicationURLProtocol&gt;
&lt;/appv:URLProtocol&gt;
&lt;/appv:Extension&gt;
&lt;appv:Extension Category="AppV.URLProtocol"&gt;
&lt;appv:URLProtocol&gt;
&lt;appv:Name&gt;https&lt;/appv:Name&gt;
&lt;appv:ApplicationURLProtocol&gt;
&lt;appv:DefaultIcon&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0&lt;/appv:DefaultIcon&gt;
&lt;appv:ShellCommands&gt;
&lt;appv:DefaultCommand&gt;open&lt;/appv:DefaultCommand&gt;
&lt;appv:ShellCommand&gt;
&lt;appv:ApplicationId&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe&lt;/appv:ApplicationId&gt;
&lt;appv:Name&gt;open&lt;/appv:Name&gt;
&lt;appv:CommandLine&gt;"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"&lt;/appv:CommandLine&gt;
&lt;appv:DdeExec&gt;
&lt;appv:DdeCommand /&gt;
&lt;/appv:DdeExec&gt;
&lt;/appv:ShellCommand&gt;
&lt;/appv:ShellCommands&gt;
&lt;/appv:ApplicationURLProtocol&gt;
&lt;/appv:URLProtocol&gt;
&lt;/appv:Extension&gt;
</code></pre><br/> </td>
</tr>
</tbody>
</table>
- **Problem**: Unable to manually create a system-owned folder needed for the `set-AppVClientConfiguration` PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.
**Workaround**: Don't create this file manually, instead let the `Add-AppVClientPackage` cmdlet auto-generate it.
- **Problem**: Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.
**Workaround**: Make sure you have the complete App-V package or the MSI file from the original app.
- **Problem**: Unable to modify the locale for auto-sequencing.
**Workaround**: Open the `C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml` file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
- **Problem**: Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
**Workaround**: The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the `<appv:Extensions>` tag:
```xml
<appv:Extension Category="AppV.URLProtocol">
<appv:URLProtocol>
<appv:Name>ftp</appv:Name>
<appv:ApplicationURLProtocol>
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
<appv:ShellCommands>
<appv:DefaultCommand>open</appv:DefaultCommand>
<appv:ShellCommand>
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
<appv:Name>open</appv:Name>
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
<appv:DdeExec>
<appv:DdeCommand />
</appv:DdeExec>
</appv:ShellCommand>
</appv:ShellCommands>
</appv:ApplicationURLProtocol>
</appv:URLProtocol>
</appv:Extension>
<appv:Extension Category="AppV.URLProtocol">
<appv:URLProtocol>
<appv:Name>http</appv:Name>
<appv:ApplicationURLProtocol>
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
<appv:ShellCommands>
<appv:DefaultCommand>open</appv:DefaultCommand>
<appv:ShellCommand>
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
<appv:Name>open</appv:Name>
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
<appv:DdeExec>
<appv:DdeCommand />
</appv:DdeExec>
</appv:ShellCommand>
</appv:ShellCommands>
</appv:ApplicationURLProtocol>
</appv:URLProtocol>
</appv:Extension>
<appv:Extension Category="AppV.URLProtocol">
<appv:URLProtocol>
<appv:Name>https</appv:Name>
<appv:ApplicationURLProtocol>
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
<appv:ShellCommands>
<appv:DefaultCommand>open</appv:DefaultCommand>
<appv:ShellCommand>
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
<appv:Name>open</appv:Name>
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
<appv:DdeExec>
<appv:DdeCommand />
</appv:DdeExec>
</appv:ShellCommand>
</appv:ShellCommands>
</appv:ApplicationURLProtocol>
</appv:URLProtocol>
</appv:Extension>
```
## Related resources list
For information that can help with troubleshooting App-V for Windows client, see:
@ -120,4 +111,4 @@ For information that can help with troubleshooting App-V for Windows client, see
## Related topics
- [What's new in App-V for Windows client](appv-about-appv.md)
- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)
- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)

1
windows/application-management/apps-in-windows-10.md
View File

@ -11,6 +11,7 @@ ms.author: mandia
author: MandiOhlinger
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
---
# Overview of apps on Windows client devices

4
windows/application-management/index.yml
View File

@ -10,7 +10,9 @@ metadata:
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
ms.topic: landing-page # Required
ms.collection: windows-10
ms.collection:
- windows-10
- highpri
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 08/24/2021 #Required; mm/dd/yyyy format.

3
windows/client-management/administrative-tools-in-windows-10.md
View File

@ -12,13 +12,14 @@ author: greg-lindsay
ms.localizationpriority: medium
ms.date: 09/20/2021
ms.topic: article
ms.collection: highpri
---
# Administrative Tools in Windows
**Applies to**
- Windows 10
- Windows 10
- Windows 11

1
windows/client-management/advanced-troubleshooting-802-authentication.md
View File

@ -11,6 +11,7 @@ author: greg-lindsay
ms.localizationpriority: medium
ms.author: tracyp
ms.topic: troubleshooting
ms.collection: highpri
---
# Advanced troubleshooting 802.1X authentication

47
windows/client-management/advanced-troubleshooting-boot-problems.md
View File

@ -10,6 +10,7 @@ ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
ms.topic: troubleshooting
ms.collection: highpri
---
# Advanced troubleshooting for Windows boot problems
@ -149,49 +150,19 @@ If you receive BCD-related errors, follow these steps:
2. Restart the computer to check whether the problem is fixed.
3. If the problem is not fixed, run the following command:
```console
Bootrec /rebuildbcd
```
4. You might receive one of the following outputs:
```console
Scanning all disks for Windows installations. Please wait, since this may take a while ...
Successfully scanned Windows installations. Total identified Windows installations: 0
The operation completed successfully.
```
```console
Scanning all disks for Windows installations. Please wait, since this may take a while ...
Successfully scanned Windows installations. Total identified Windows installations: 1
D:\Windows
Add installation to boot list? Yes/No/All:
```
If the output shows **windows installation: 0**, run the following commands:
3. If the problem is not fixed, run the following commands:
```console
bcdedit /export c:\bcdbackup
attrib c:\\boot\\bcd -r s -h
attrib c:\boot\bcd -r -s -h
ren c:\\boot\\bcd bcd.old
ren c:\boot\bcd bcd.old
bootrec /rebuildbcd
```
After you run the command, you receive the following output:
```console
Scanning all disks for Windows installations. Please wait, since this may take a while ...
Successfully scanned Windows installations. Total identified Windows installations: 1
{D}:\Windows
Add installation to boot list? Yes/No/All: Y
```
5. Try restarting the system.
4. Restart the system.
### Method 4: Replace Bootmgr
@ -205,7 +176,7 @@ If methods 1, 2 and 3 do not fix the problem, replace the Bootmgr file from driv
attrib -r -s -h
```
3. Run the same **attrib** command on the Windows (system drive):
3. Navigate to the system drive and run the same command:
```console
attrib -r -s -h
@ -230,7 +201,7 @@ If Windows cannot load the system registry hive into memory, you must restore th
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
## Kernel Phase
@ -393,7 +364,7 @@ If the dump file shows an error that is related to a driver (for example, window
- To do this, open WinRE, open a command prompt, and then run the following command:
```console
SFC /Scannow /OffBootDir=C:\ /OffWinDir=E:\Windows
SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
```
For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
@ -413,4 +384,4 @@ If the dump file shows an error that is related to a driver (for example, window
5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).

51
windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
View File

@ -37,9 +37,8 @@ It is important to understand the different Wi-Fi components involved, their exp
The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.
### Known Issues and fixes
** **
| **OS version** | **Fixed in** |
| OS version | Fixed in |
| --- | --- |
| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) |
| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) |
@ -54,13 +53,13 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- [Windows 10 version 1511](https://support.microsoft.com/help/4000824)
- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470)
- [Windows Server 2012](https://support.microsoft.com/help/4009471)
- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469)
- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469)
## Data Collection
1. Network Capture with ETW. Enter the following at an elevated command prompt:
```cmd
```console
netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
```
2. Reproduce the issue.
@ -70,12 +69,12 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
3. Stop the trace by entering the following command:
```cmd
```console
netsh trace stop
```
4. To convert the output file to text format:
```cmd
```console
netsh trace convert c:\tmp\wireless.etl
```
@ -105,39 +104,39 @@ The wifi connection state machine has the following states:
Standard wifi connections tend to transition between states such as:
**Connecting**
- Connecting
Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
**Disconnecting**
- Disconnecting
Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
>Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
The following is an example of a good connection setup:
<pre>
```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
</pre>
```
The following is an example of a failed connection setup:
<pre>
```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
</pre>
```
By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state.
@ -155,7 +154,7 @@ Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** fil
Continuing with the example above, the combined filters look like this:
<pre>
```console
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Reset to State: Ihv_Configuring
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
@ -173,7 +172,7 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
</pre>
```
> [!NOTE]
> In the next to last line the SecMgr transition is suddenly deactivating:<br>
@ -182,7 +181,7 @@ Authenticating to State: Roaming
Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
<pre>
```console
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@ -196,7 +195,7 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
</pre>
```
The trail backwards reveals a **Port Down** notification:
@ -208,7 +207,7 @@ Below, the MSM is the native wifi stack. These are Windows native wifi drivers w
Enable trace filter for **[Microsoft-Windows-NWifi]:**
<pre>
```console
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@ -222,12 +221,14 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming</pre>
Authenticating to State: Roaming
```
In the trace above, we see the line:
<pre>
[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4</pre>
```console
[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
```
This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP.
@ -238,7 +239,7 @@ This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disas
## Example ETW capture
<pre>
```console
C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
Trace configuration:
@ -279,7 +280,7 @@ C:\tmp>dir
01/09/2019 02:59 PM 2,786,540 wireless.txt
3 File(s) 10,395,004 bytes
2 Dir(s) 46,648,332,288 bytes free
</pre>
```
## Wifi filter file

2
windows/client-management/change-default-removal-policy-external-storage-media.md
View File

@ -3,7 +3,7 @@ title: Windows 10 default media removal policy
description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
ms.prod: w10
author: Teresa-Motiv
ms.author: v-tea
ms.author: dougeby
ms.date: 11/25/2020
ms.topic: article
ms.custom:

12
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -9,10 +9,11 @@ ms.pagetype: devices
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.date: 09/14/2021
ms.date: 01/18/2022
ms.reviewer:
manager: dansimp
ms.topic: article
ms.collection: highpri
---
# Connect to remote Azure Active Directory-joined PC
@ -20,7 +21,7 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 10
- Windows 11
@ -54,8 +55,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
```
where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
This command only works for AADJ device users already added to any of the local groups (administrators).
Otherwise this command throws the below error. For example:
In order to execute this PowerShell command you be a member of the local Administrators group. Otherwise, you'll get an error like this example:
- for cloud only user: "There is no such global user or group : *name*"
- for synced user: "There is no such global user or group : *name*" </br>
@ -66,13 +66,13 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- Adding users using policy
Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
> [!NOTE]
> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials).
## Supported configurations

3
windows/client-management/determine-appropriate-page-file-size.md
View File

@ -10,6 +10,7 @@ ms.author: delhan
ms.date: 8/28/2019
ms.reviewer: dcscontentpm
manager: dansimp
ms.collection: highpri
---
# How to determine the appropriate page file size for 64-bit versions of Windows
@ -66,7 +67,7 @@ Kernel memory crash dumps require enough page file space or dedicated dump file
Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead.
A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file.
A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
## System-managed page files

1
windows/client-management/generate-kernel-or-complete-crash-dump.md
View File

@ -10,6 +10,7 @@ ms.author: delhan
ms.date: 8/28/2019
ms.reviewer:
manager: willchen
ms.collection: highpri
---
# Generate a kernel or complete crash dump

2
windows/client-management/group-policies-for-enterprise-and-education-editions.md
View File

@ -32,7 +32,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | In Windows 10, version 1703, this policy setting can be applied to Windows 10 Pro. For more info, see [Manage Windows 10 Start layout options and policies](/windows/configuration/windows-10-start-layout-options-and-policies) |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). |
| **Only display the private store within the Microsoft Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app | For more info, see [Manage access to private store](/microsoft-store/manage-access-to-private-store) |
| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) |

4
windows/client-management/index.yml
View File

@ -10,7 +10,9 @@ metadata:
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
ms.topic: landing-page # Required
ms.collection: windows-10
ms.collection:
- windows-10
- highpri
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 08/05/2021 #Required; mm/dd/yyyy format.

13
windows/client-management/introduction-page-file.md
View File

@ -9,6 +9,7 @@ ms.localizationpriority: medium
ms.author: delhan
ms.reviewer: dcscontentpm
manager: dansimp
ms.collection: highpri
---
# Introduction to page files
@ -27,20 +28,20 @@ Page files enable the system to remove infrequently accessed modified pages from
Some products or services require a page file for various reasons. For specific information, check the product documentation.
For example, the following Windows servers requires page files:
For example, the following Windows servers require page files:
- Windows Server domain controllers (DCs)
- DFS Replication (DFS-R) servers
- Certificate servers
- ADAM/LDS servers
This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE in Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed" .
For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed".
### Support for system crash dumps
Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as “virtual memory”) a system can support.
Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as "virtual memory") a system can support.
For more information about system crash dumps, see [system crash dump options](system-failure-recovery-options.md#under-write-debugging-information).
@ -48,7 +49,7 @@ For more information about system crash dumps, see [system crash dump options](s
When large physical memory is installed, a page file might not be required to support the system commit charge during peak usage. For example, 64-bit versions of Windows and Windows Server support more physical memory (RAM) than 32-bit versions support. The available physical memory alone might be large enough.
However, the reason to configure the page file size has not changed. It has always been about supporting a system crash dump, if it is necessary, or extending the system commit limit, if it is necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
However, the reason to configure the page file size hasn't changed. It has always been about supporting a system crash dump, if it's necessary, or extending the system commit limit, if it's necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
## System committed memory
@ -64,7 +65,7 @@ The system commit charge is the total committed or "promised" memory of all comm
![Task Manager.](images/task-manager-commit.png)
The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The \Memory\% Committed Bytes In Use counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The **\Memory\% Committed Bytes In Use** counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
> [!NOTE]
> System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger, but no more than one-eighth of the volume size) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.

2
windows/client-management/manage-settings-app-with-group-policy.md
View File

@ -26,7 +26,7 @@ To make use of the Settings App group policies on Windows server 2016, install f
>[!Note]
>Each server that you want to manage access to the Settings App must be patched.
If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store).
This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.

3
windows/client-management/mandatory-user-profile.md
View File

@ -11,6 +11,7 @@ ms.date: 09/14/2021
ms.reviewer:
manager: dansimp
ms.topic: article
ms.collection: highpri
---
# Create mandatory user profiles
@ -41,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor
| Windows 10, versions 1507 and 1511 | N/A | v5 |
| Windows 10, versions 1607, 1703, 1709, 1803, 1809, 1903 and 1909 | Windows Server 2016 and Windows Server 2019 | v6 |
For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](/troubleshoot/windows-server/user-profiles-and-logon/roaming-user-profiles-versioning).
## Mandatory user profile

16
windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
View File

@ -39,11 +39,11 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to the Office 356 portal at https://portal.office.com/, and then sign in using the admin account that you created in Step 4 (for example, user1@contosoltd.onmicrosoftcom).
![login to office 365.](images/azure-ad-add-tenant4.png)
![login to office 365](images/azure-ad-add-tenant4.png)
6. Select **Install software**.
![login to office 365.](images/azure-ad-add-tenant5.png)
![login to office 365 portal](images/azure-ad-add-tenant5.png)
7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation.
@ -69,27 +69,27 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
1. Sign in to the Microsoft 365 admin center at <https://portal.office.com> using your organization's account.
![register azuread.](images/azure-ad-add-tenant10.png)
![register in azuread.](images/azure-ad-add-tenant10.png)
2. On the **Home** page, select on the Admin tools icon.
![register azuread.](images/azure-ad-add-tenant11.png)
![register in azure-ad.](images/azure-ad-add-tenant11.png)
3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
![register azuread.](images/azure-ad-add-tenant12.png)
![register azuread](images/azure-ad-add-tenant12.png)
4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
![register azuread.](images/azure-ad-add-tenant13.png)
![registration in azure-ad](images/azure-ad-add-tenant13.png)
5. It may take a few minutes to process the request.
![register azuread.](images/azure-ad-add-tenant14.png)
![registration in azuread.](images/azure-ad-add-tenant14.png)
6. You will see a welcome page when the process completes.
![register azuread.](images/azure-ad-add-tenant15.png)
![register screen of azuread](images/azure-ad-add-tenant15.png)

2
windows/client-management/mdm/applicationcontrol-csp-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.date: 07/10/2019
---

2
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -6,7 +6,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.reviewer: jsuther1974
ms.date: 09/10/2020
---

1
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -9,6 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.collection: highpri
---
# Azure Active Directory integration with MDM

1004
windows/client-management/mdm/bitlocker-csp.md
View File

File diff suppressed because it is too large Load Diff

94
windows/client-management/mdm/browserfavorite-csp.md
View File

@ -1,94 +0,0 @@
---
title: BrowserFavorite CSP
description: Learn how the BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 06/26/2017
---
# BrowserFavorite CSP
The BrowserFavorite configuration service provider is used to add and remove URLs from the favorites list on a device.
> [!Note]
> BrowserFavorite CSP is only supported in Windows Phone 8.1.
The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder.
> [!Note]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application.
The following shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
```console
BrowserFavorite
favorite name
----URL
```
<a href="" id="favorite-name-------------"></a>***favorite name***
Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
> [!Note]
> The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite.
<a href="" id="url"></a>**URL**
Optional. Specifies the complete URL for the favorite.
## OMA client provisioning examples
Adding a new browser favorite.
```xml
<?xml version="1.0" encoding="UTF-8" ?>
<wap-provisioningdoc>
<characteristic type="BrowserFavorite">
<characteristic type="Help and how-to">
<parm name="URL" value="http://www.microsoft.com/windowsphone/en-US/howto/wp7/default.aspx"/>
</characteristic>
</characteristic>
</wap-provisioningdoc>
```
## Microsoft Custom Elements
The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning.
|Elements|Available|
|--- |--- |
|Parm-query|Yes|
|Noparm|Yes|
|Nocharacteristic|Yes|
|Characteristic-query|Yes<br> <br>Recursive query: Yes<br> <br>Top-level query: Yes|
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)

972
windows/client-management/mdm/change-history-for-mdm-documentation.md
View File

File diff suppressed because one or more lines are too long

2
windows/client-management/mdm/cleanpc-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/cleanpc-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

14
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 07/30/2021
---
@ -227,11 +227,11 @@ Optional. Specifies where to keep the private key.
The data type is an integer corresponding to one of the following values:
| Value | Description |
|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | Private key protected by TPM. |
| 2 | Private key protected by phone TPM if the device supports TPM. All Windows Phone 8.1 devices support TPM and will treat value 2 as 1. |
| 3 | (Default) Private key saved in software KSP. |
| Value | Description |
|---|---|
| 1 | Private key protected by TPM. |
| 2 | Private key protected by phone TPM if the device supports TPM. |
| 3 | (Default) Private key saved in software KSP. |
| 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specified, otherwise enrollment will fail. |
Supported operations are Add, Get, Delete, and Replace.
@ -361,7 +361,7 @@ The date type format is Null, meaning this node doesnt contain a value.
The only supported operation is Execute.
<a href="" id="clientcertificateinstall-scep-uniqueid-install-aadkeyidentifierlist"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/AADKeyIdentifierList**
Optional. Specify the AAD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the AAD Key present on the device. If no match is found, enrollment will fail.
Optional. Specify the Azure AD Key Identifier List as a list of semicolon separated values. On Enroll, the values in this list are validated against the Azure AD Key present on the device. If no match is found, enrollment will fail.
Data type is string.

11
windows/client-management/mdm/clientcertificateinstall-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---
@ -556,21 +556,22 @@ Supported operations are Get, Add, Delete, Replace.</Description>
</AccessType>
<DefaultValue>3</DefaultValue>
<Description>Optional. Specify where to keep the private key. Note that even it is protected by TPM, it is not guarded with TPM PIN.
SCEP enrolled cert doesnt support TPM PIN protection.
Supported values:
SCEP enrolled cert doesnt support TPM PIN protection. Supported values:
1 private key protected by TPM,
2 private key protected by phone TPM if the device supports TPM.
All Windows Phone 8.1 devices support TPM and will treat value 2 as 1
3 (default) private key saved in software KSP
4 private key protected by NGC. If this option is specified, container name should be specifed, if not enrollment will fail
4 private key protected by NGC. If this option is specified, container name should be specified, if not enrollment will fail.
Format is int.
Supported operations are Get, Add, Delete, Replace
</Description>
<DFFormat>
<int />

2
windows/client-management/mdm/cm-cellularentries-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 08/02/2017
---

2
windows/client-management/mdm/cmpolicy-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/cmpolicyenterprise-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

661
windows/client-management/mdm/configuration-service-provider-reference.md
View File

File diff suppressed because it is too large Load Diff

2
windows/client-management/mdm/customdeviceui-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/customdeviceui-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

21
windows/client-management/mdm/data-structures-windows-store-for-business.md
View File

@ -1,17 +1,17 @@
---
title: Data structures for Microsoft Store for Business
description: Learn about the various data structures for Microsoft Store for Business.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_data\_structures'
- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
ms.reviewer:
manager: dansimp
description: Learn about data structures for Microsoft Store for Business.
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 09/18/2017
---
@ -105,7 +105,7 @@ Specifies the properties of the alternate identifier.
|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.|
|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.|
|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)||
|Status|[InventoryStatus](#inventorystatus)||
|status|[InventoryStatus](#inventorystatus)||
## InventoryResultSet
@ -191,20 +191,19 @@ Specifies the properties of the localized product.
|packageFamilyName|String||
|supportedPlatforms|Collection of [ProductPlatform](#productplatform)||
## ProductImage
Specifies the properties of the product image.
|Name|Type|Description|
|--- |--- |--- |
|Location|URI|Location of the download image.|
|Purpose|String|Tag for the purpose of the image, for example "screenshot" or "logo".|
|Height|String|Height of the image in pixels.|
|Width|String|Width of the image in pixels.|
|Caption|String|Unlimited length.|
|backgroundColor|String|Format "#RRGGBB"|
|foregroundColor|String|Format "#RRGGBB"|
|location|URI|Location of the download image.|
|purpose|string|Tag for the image, for example "screenshot" or "logo".|
|height|string|Height of the image in pixels.|
|width|string|Width of the image in pixels.|
|caption|string|Unlimited length.|
|backgroundColor|string|Format "#RRGGBB"|
|foregroundColor|string|Format "#RRGGBB"|
|fileSize|integer-64|Size of the file.|
## ProductKey

2
windows/client-management/mdm/defender-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.localizationpriority: medium
ms.date: 07/23/2021
---

8
windows/client-management/mdm/devdetail-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 03/27/2020
---
@ -77,7 +77,7 @@ For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it r
Supported operation is Get.
<a href="" id="swv"></a>**SwV**
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge.
Supported operation is Get.
@ -114,6 +114,8 @@ Supported operation is Get.
This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
<!-- 12.15.2021 (mandia): Based on the description, I'm assuming this ID is specific to Windows 10 Mobile. Commented out as Windows 10 Mobile is past EoL.
<a href="" id="ext-microsoft-mobileid"></a>**Ext/Microsoft/MobileID**
Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that don't have a cellular network support.
@ -121,6 +123,8 @@ Supported operation is Get.
The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
-->
<a href="" id="ext-microsoft-radioswv"></a>**Ext/Microsoft/RadioSwV**
Required. Returns the radio stack software version number.

2
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/03/2020
---

2
windows/client-management/mdm/developersetup-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2018
---

2
windows/client-management/mdm/developersetup-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

3
windows/client-management/mdm/device-update-management.md
View File

@ -9,8 +9,9 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/15/2017
ms.collection: highpri
---

8
windows/client-management/mdm/devicelock-csp.md
View File

@ -8,12 +8,15 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
# DeviceLock CSP
This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
<!-- 12.16.2021 mandia: Commenting out, as this CSP is specific to Windows Phone 8.1.
The DeviceLock configuration service provider is used by the enterprise management server to configure device lock related policies. This configuration service provider is supported by an enterprise management server.
@ -304,7 +307,10 @@ All node values under the **ProviderID** interior node represent the policy valu
The value applied to the device can be queried via the nodes under the **DeviceValue** interior node.
-->
## Related articles
[Policy CSP](policy-configuration-service-provider.md)
[Configuration service provider reference](configuration-service-provider-reference.md)

17
windows/client-management/mdm/devicelock-ddf-file.md
View File

@ -8,12 +8,15 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
# DeviceLock DDF file
This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
<!-- 12.16.2021 mandia: Commenting out, as this CSP is specific to Windows Phone 8.1.
This topic shows the OMA DM device description framework (DDF) for the **DeviceLock** configuration service provider. DDF files are used only with OMA DM provisioning XML.
@ -496,18 +499,10 @@ This topic shows the OMA DM device description framework (DDF) for the **DeviceL
</Node>
</MgmtTree>
```
-->
## Related topics
[Policy CSP](policy-configuration-service-provider.md)
[DeviceLock configuration service provider](devicelock-csp.md)
 
 

2
windows/client-management/mdm/devicemanageability-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/01/2017
---

2
windows/client-management/mdm/devicemanageability-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/devicestatus-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/25/2021
---

2
windows/client-management/mdm/devicestatus-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 03/12/2018
---

2
windows/client-management/mdm/devinfo-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/devinfo-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

9
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -8,8 +8,9 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/25/2018
ms.collection: highpri
---
# Diagnose MDM failures in Windows 10
@ -35,12 +36,12 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
You can also collect the MDM Diagnostic Information logs using the following command:
```xml
mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab
mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
```
- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
### Understanding cab structure
The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub
### Understanding zip structure
The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)

12
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/19/2019
---
@ -246,7 +246,15 @@ la--- 1/4/2021 2:45 PM 1
la--- 1/4/2021 2:45 PM 2
la--- 12/2/2020 6:27 PM 2701 results.xml
```
Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was <RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey> then folder `1` will contain the corresponding `export.reg` file.
Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
For example, the first directive was:
```xml
<Collection HRESULT="0">
<RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey>
</Collection>
```
then folder `1` will contain the corresponding `export.reg` file.
The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed.

2
windows/client-management/mdm/diagnosticlog-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
View File

@ -11,7 +11,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/dmacc-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/dmacc-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/dmclient-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/01/2017
---

2
windows/client-management/mdm/dmclient-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

36
windows/client-management/mdm/dmprocessconfigxmlfiltered.md
View File

@ -18,14 +18,14 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
# DMProcessConfigXMLFiltered function
> [!Important]
> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
> The use of this function for automatic data configuration (ADC) is deprecated in Windows Phone 8.1. For more information about the new process for provisioning connectivity configuration, see [Connectivity configuration](/previous-versions//dn757424(v=vs.85)). However, this function is still supported for other OEM uses.
Configures phone settings by using OMA Client Provisioning XML. Use of this function is strictly limited to the following scenarios.
@ -45,7 +45,7 @@ Microsoft recommends that this function isn't used to configure the following ty
- Email settings
> [!Note]
> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
> The **DMProcessConfigXMLFiltered** function has full functionality in Windows Phone 8.1, but it has a read-only functionality in Windows 10.
@ -54,37 +54,29 @@ Microsoft recommends that this function isn't used to configure the following ty
```C++
HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
LPCWSTR pszXmlIn,
const WCHAR   **rgszAllowedCspNode,
const DWORD   dwNumAllowedCspNodes,
BSTR    *pbstrXmlOut
const WCHAR **rgszAllowedCspNode,
const DWORD dwNumAllowedCspNodes,
BSTR *pbstrXmlOut
);
```
## Parameters
*pszXmlIn*
<ul>
<li>[in] The nullterminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. <strong>DMProcessConfigXMLFiltered</strong> accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).</li>
</ul>
<br>
- [in] The nullterminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It doesn't accept OMA DM SyncML XML (also known as SyncML).
*rgszAllowedCspNode*
<ul>
<li>[in] Array of <strong>WCHAR\</strong>* that specify which configuration service provider nodes can be invoked.</li>
</ul>
<br>
- [in] Array of `WCHAR` that specify which configuration service provider nodes can be invoked.
*dwNumAllowedCspNodes*
<ul>
<li>[in] Number of elements passed in <em>rgszAllowedCspNode</em>.</li>
</ul>
<br>
- [in] Number of elements passed in <em>rgszAllowedCspNode</em>.
*pbstrXmlOut*
<ul>
<li>[out] The resulting nullterminated XML from configuration. The caller of <strong>DMProcessConfigXMLFiltered</strong> is responsible for cleanup of the output buffer that the <em>pbstrXmlOut</em> parameter references. Use <a href="/windows/win32/api/oleauto/nf-oleauto-sysfreestring" data-raw-source="[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring)"><strong>SysFreeString</strong></a> to free the memory.</li>
</ul>
<br>
- [out] The resulting nullterminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the <em>pbstrXmlOut</em> parameter references. Use <a href="/windows/win32/api/oleauto/nf-oleauto-sysfreestring" data-raw-source="[**SysFreeString**](/windows/win32/api/oleauto/nf-oleauto-sysfreestring)">**SysFreeString**</a> to free the memory.
If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds the XML output (in string form) of the provisioning operations. If **DMProcessConfigXMLFiltered** returns a failure, the XML output often contains "error nodes" that indicate which elements of the original XML failed. If the input document doesn't contain queries and is successfully processed, the output document should resemble the input document. In some error cases, no output is returned.

2
windows/client-management/mdm/dmsessionactions-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/dmsessionactions-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
ms.reviewer:
manager: dansimp

3
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -5,10 +5,11 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp
ms.collection: highpri
---
# DynamicManagement CSP

2
windows/client-management/mdm/dynamicmanagement-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/eap-configuration.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/email2-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/email2-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

4
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:
@ -36,7 +36,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
> See [Understanding ADMX policies in Policy CSP](./understanding-admx-backed-policies.md).
1. Find the policy from the list [ADMX policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.
- GP English name
- GP Friendly name
- GP name
- GP ADMX file name
- GP path

55
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -6,13 +6,18 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 10/14/2021
ms.date: 01/03/2022
ms.reviewer:
manager: dansimp
ms.collection: highpri
---
# Enroll a Windows 10 device automatically using Group Policy
**Applies to:**
- Windows 10
Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
@ -44,11 +49,12 @@ For this policy to work, you must verify that the MDM service provider allows th
## Verify auto-enrollment requirements and settings
To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
The following steps demonstrate required settings using the Intune service:
1. Verify that the user who is going to enroll the device has a valid Intune license.
![Intune license verification.](images/auto-enrollment-intune-license-verification.png)
1. Verify that the user who is going to enroll the device has a valid Endpoint Protection Manager license.
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
:::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png":::
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM). For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
![Auto-enrollment activation verification.](images/auto-enrollment-activation-verification.png)
@ -78,7 +84,7 @@ The following steps demonstrate required settings using the Intune service:
6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
![Mobility setting MDM intune.](images/auto-enrollment-microsoft-intune-setting.png)
:::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png":::
7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
You may contact your domain administrators to verify if the group policy has been deployed successfully.
@ -87,7 +93,7 @@ You may contact your domain administrators to verify if the group policy has bee
9. Verify that Microsoft Intune should allow enrollment of Windows devices.
![Enrollment of Windows devices.](images/auto-enrollment-enrollment-of-windows-devices.png)
:::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png":::
## Configure the auto-enrollment Group Policy for a single PC
@ -108,12 +114,11 @@ Requirements:
3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
> [!div class="mx-imgBorder"]
> ![MDM policies.](images/autoenrollment-mdm-policies.png)
:::image type="content" alt-text="MDM policies." source="images/autoenrollment-mdm-policies.png" lightbox="images/autoenrollment-mdm-policies.png":::
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
![MDM autoenrollment policy.](images/autoenrollment-policy.png)
:::image type="content" alt-text="MDM autoenrollment policy." source="images/autoenrollment-policy.png" lightbox="images/autoenrollment-policy.png":::
5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
@ -154,7 +159,7 @@ Requirements:
3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
![Auto-enrollment scheduled task.](images/autoenrollment-scheduled-task.png)
:::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png":::
To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
@ -190,6 +195,9 @@ Requirements:
- 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
- 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
2. Install the package on the Domain Controller.
3. Navigate, depending on the version to the folder:
@ -208,11 +216,13 @@ Requirements:
- 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
- 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**.
5. Copy PolicyDefinitions folder to **\\SYSVOL\contoso.com\policies\PolicyDefinitions**.
If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
If this folder does not exist, then be aware that you will be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
@ -239,21 +249,21 @@ To collect Event Viewer logs:
3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully:
![Event ID 75.](images/auto-enrollment-troubleshooting-event-id-75.png)
:::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png":::
If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons:
- The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed:
![Event ID 76.](images/auto-enrollment-troubleshooting-event-id-76.png)
:::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png":::
To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information.
To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors) for more information.
- The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section.
The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot:
![Task scheduler.](images/auto-enrollment-task-scheduler.png)
:::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png":::
> [!Note]
> This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task.
@ -262,24 +272,24 @@ To collect Event Viewer logs:
**Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**.
Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
![Event ID 107.](images/auto-enrollment-event-id-107.png)
:::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::
When the task is completed, a new event ID 102 is logged.
![Event ID 102.](images/auto-enrollment-event-id-102.png)
:::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png":::
Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
![Outdated enrollment entries.](images/auto-enrollment-outdated-enrollment-entries.png)
:::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png":::
By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
![Manually deleted entries.](images/auto-enrollment-activation-verification-less-entries.png)
:::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png":::
### Related topics
@ -288,13 +298,14 @@ To collect Event Viewer logs:
- [Link a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732979(v=ws.11))
- [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11))
- [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11))
- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- [Getting started with Cloud Native Windows Endpoints](https://docs.microsoft.com/mem/cloud-native-windows-endpoints)
- [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
- [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints)
- [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684)
- [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353)
### Useful Links
- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
- [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)

2
windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.date: 05/17/2019
---

2
windows/client-management/mdm/enrollmentstatustracking-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.date: 05/21/2019
---

2
windows/client-management/mdm/enterpriseapn-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 09/22/2017
---

2
windows/client-management/mdm/enterpriseapn-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

5
windows/client-management/mdm/enterpriseappmanagement-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
@ -18,8 +18,7 @@ ms.date: 06/26/2017
The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment.
> [!NOTE]
> The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile.
> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core.
The following shows the EnterpriseAppManagement configuration service provider in tree format.

2
windows/client-management/mdm/enterpriseappvmanagement-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/enterpriseappvmanagement-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
ms.reviewer:
manager: dansimp

1116
windows/client-management/mdm/enterpriseassignedaccess-csp.md
View File

File diff suppressed because it is too large Load Diff

328
windows/client-management/mdm/enterpriseassignedaccess-ddf.md
View File

@ -1,328 +0,0 @@
---
title: EnterpriseAssignedAccess DDF
description: Utilize the OMA DM device description framework (DDF) for the EnterpriseAssignedAccess configuration service provider.
ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/05/2017
---
# EnterpriseAssignedAccess DDF
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>EnterpriseAssignedAccess</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.1/MDM/EnterpriseAssignedAccess</MIME>
</DFType>
</DFProperties>
<Node>
<NodeName>AssignedAccess</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>AssignedAccessXml</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LockScreenWallpaper</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>BGFileName</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Theme</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>ThemeBackground</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ThemeAccentColorID</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ThemeAccentColorValue</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Clock</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>TimeZone</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Locale</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Language</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```
 
 

Some files were not shown because too many files have changed in this diff Show More