From 97000a0110ab05baea7924bcfed0381b2c1dbcf7 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Tue, 15 Mar 2022 22:08:26 +0200 Subject: [PATCH 01/41] updating the title according to feedback from pseudoid on 2Feb22 --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index b6b7503543..39f281139e 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1,5 +1,5 @@ --- -title: Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services +title: Manage connections from Windows 10 and Windows 11 Server/Enterprise editions operating system components to Microsoft services description: Learn how to minimize connections from Windows to Microsoft services, and configure particular privacy settings related to these connections. ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9 ms.reviewer: From ff5b6f8997a93449c2209bb4bb61dab720cb98e9 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Mon, 21 Mar 2022 09:19:27 -0700 Subject: [PATCH 02/41] Update index.yml --- education/index.yml | 153 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 140 insertions(+), 13 deletions(-) diff --git a/education/index.yml b/education/index.yml index 80796a921a..d5a8d8476e 100644 --- a/education/index.yml +++ b/education/index.yml @@ -13,23 +13,150 @@ metadata: ms.date: 10/24/2019 productDirectory: + title: For IT admins + summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. items: # Card - - title: IT Admins - # imageSrc should be square in ratio with no whitespace - imageSrc: ./images/EDUAdmins.svg + - title: Phase 1 - Cloud deployment + imageSrc: ./images/EDU-Deploy.svg links: - - url: itadmins.yml - text: Get started with deploying and managing a full cloud IT solution for your school. + - url: /microsoft-365/education/deploy/create-your-office-365-tenant + text: 1. Create your Office 365 tenant + - url: /microsoft-365/education/deploy/secure-and-configure-your-network + text: 2. Secure and configure your network + - url: /microsoft-365/education/deploy/aad-connect-and-adfs + text: 3. Sync your active directory + - url: /microsoft-365/education/deploy/school-data-sync + text: 4. Sync you SIS using School Data Sync + - url: /microsoft-365/education/deploy/license-users + text: 5. License users # Card - - title: Developers - imageSrc: ./images/EDUDevelopers.svg + - title: Phase 2 - Device management + imageSrc: ./images/EDU-Device-Mgmt.svg links: - - url: developers.yml - text: Looking for information about developing solutions on Microsoft Education products? Start here. + - url: ./windows/index.md + text: 1. Get started with Windows 10 for Education + - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices + text: 2. Set up Windows 10 devices + - url: /microsoft-365/education/deploy/intune-for-education + text: 3. Get started with Intune for Education + - url: /microsoft-365/education/deploy/use-intune-for-education + text: 4. Use Intune to manage groups, apps, and settings + - url: /intune/enrollment/enrollment-autopilot + text: 5. Enroll devices using Windows Autopilot # Card - - title: Partners - imageSrc: ./images/EDUPartners.svg + - title: Phase 3 - Apps management + imageSrc: ./images/EDU-Apps-Mgmt.svg links: - - url: partners.yml - text: Looking for resources available to Microsoft Education partners? Start here. \ No newline at end of file + - url: /microsoft-365/education/deploy/configure-admin-settings + text: 1. Configure admin settings + - url: /microsoft-365/education/deploy/set-up-teams-for-education + text: 2. Set up Teams for Education + - url: /microsoft-365/education/deploy/deploy-office-365 + text: 3. Set up Office 365 + - url: /microsoft-365/education/deploy/microsoft-store-for-education + text: 4. Install apps from Microsoft Store for Education + - url: /microsoft-365/education/deploy/minecraft-for-education + text: 5. Install Minecraft - Education Edition + # Card + - title: Complete your deployment + # imageSrc should be square in ratio with no whitespace + imageSrc: ./images/EDU-Tasks.svg + links: + - url: /microsoft-365/education/deploy/deploy-exchange-online + text: Deploy Exchange Online + - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive + text: Deploy SharePoint Online and OneDrive + - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid + text: Deploy Exchange Server hybrid + - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid + text: Deploy SharePoint Server Hybrid + # Card + - title: Security & compliance + imageSrc: ./images/EDU-Lockbox.svg + links: + - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2 + text: AAD feature deployment guide + - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423 + text: Azure information protection deployment acceleration guide + - url: /cloud-app-security/getting-started-with-cloud-app-security + text: Microsoft Defender for Cloud Apps + - url: /microsoft-365/compliance/create-test-tune-dlp-policy + text: Office 365 data loss prevention + - url: /microsoft-365/compliance/ + text: Office 365 advanced compliance + - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx + text: Deploying Lockbox + # Card + - title: Analytics & insights + imageSrc: ./images/EDU-Education.svg + links: + - url: /power-bi/service-admin-administering-power-bi-in-your-organization + text: Power BI for IT admins + - url: /dynamics365/#pivot=get-started + text: Dynamics 365 + # Card + - title: Find deployment help + imageSrc: ./images/EDU-FindHelp.svg + links: + - url: /microsoft-365/education/deploy/find-deployment-help + text: IT admin help + - url: https://social.technet.microsoft.com/forums/en-us/home + text: TechNet + # Card + - title: Check out our education journey + imageSrc: ./images/EDU-ITJourney.svg + links: + - url: https://edujourney.microsoft.com/k-12/ + text: K-12 + - url: https://edujourney.microsoft.com/hed/ + text: Higher education + # Card + - title: Additional support resources + imageSrc: ./images/EDU-Teachers.svg + links: + - url: https://support.office.com/en-us/education + text: Education help center + - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 + text: Teacher training packs + +additionalContent: + sections: + - title: For developers # < 60 chars (optional) + summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional) + - items: + # Card + - title: UWP apps for education + summary: Learn how to write universal apps for education. + url: /windows/uwp/apps-for-education/ + # Card + - title: Take a test API + summary: Learn how web applications can use the API to provide a locked down experience for taking tests. + url: /windows/uwp/apps-for-education/take-a-test-api + # Card + - title: Office Education Dev center + summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app + url: https://developer.microsoft.com/office/edu + # Card + - title: Data Streamer + summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application. + url: /microsoft-365/education/data-streamer + - title: For partners # < 60 chars (optional) + summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional) + - items: + # Card + - title: Microsoft Partner Network + summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness. + url: https://partner.microsoft.com/solutions/education + # Card + - title: Authorized Education Partner (AEP) program + summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs). + url: https://www.mepn.com/ + # Card + - title: Authorized Education Partner Directory + summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs. + url: https://www.mepn.com/MEPN/AEPSearch.aspx + # Card + - title: Education Partner community Yammer group + summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer. + url: https://www.yammer.com/mepn/ \ No newline at end of file From d547842252f5e035533cc0c36a1b1e410080bf16 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Mon, 21 Mar 2022 10:04:21 -0700 Subject: [PATCH 03/41] Update index.yml --- education/index.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/education/index.yml b/education/index.yml index d5a8d8476e..09177b7577 100644 --- a/education/index.yml +++ b/education/index.yml @@ -12,6 +12,20 @@ metadata: ms.author: v-lamoyn ms.date: 10/24/2019 +# highlightedContent section (optional) +# Maximum of 8 items +highlightedContent: +# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new + items: + # Card + - title: For developers + itemType: concept + url: developers.yml + # Card + - title: For partners + itemType: overview + url: partners.yml + productDirectory: title: For IT admins summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. From 831017c4432587fc59fbbdf5d436150d5144ae3b Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Mon, 21 Mar 2022 10:28:00 -0700 Subject: [PATCH 04/41] Update index.yml --- education/index.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/education/index.yml b/education/index.yml index 09177b7577..5385d2512a 100644 --- a/education/index.yml +++ b/education/index.yml @@ -18,6 +18,14 @@ highlightedContent: # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new items: # Card + - title: K-12 Education Transformation Journey + itemType: get-started + url: https://edujourney.microsoft.com/k-12/ + # Card + - title: Higher Education Transformation Journey + itemType: get-started + url: https://edujourney.microsoft.com/hed/ + # Card - title: For developers itemType: concept url: developers.yml From 706da09d4c0bcccee67d171ec5f633b3f5224c78 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Mon, 21 Mar 2022 12:51:24 -0700 Subject: [PATCH 05/41] Splitting prototypes into 2 pages --- education/index-copy.yml | 162 +++++++++++++++++++++++++++++++++++++++ education/index.yml | 48 ------------ 2 files changed, 162 insertions(+), 48 deletions(-) create mode 100644 education/index-copy.yml diff --git a/education/index-copy.yml b/education/index-copy.yml new file mode 100644 index 0000000000..d5a8d8476e --- /dev/null +++ b/education/index-copy.yml @@ -0,0 +1,162 @@ +### YamlMime:Hub + +title: Microsoft 365 Education Documentation +summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. + +metadata: + title: Microsoft 365 Education Documentation + description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. + ms.service: help + ms.topic: hub-page + author: LaurenMoynihan + ms.author: v-lamoyn + ms.date: 10/24/2019 + +productDirectory: + title: For IT admins + summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. + items: + # Card + - title: Phase 1 - Cloud deployment + imageSrc: ./images/EDU-Deploy.svg + links: + - url: /microsoft-365/education/deploy/create-your-office-365-tenant + text: 1. Create your Office 365 tenant + - url: /microsoft-365/education/deploy/secure-and-configure-your-network + text: 2. Secure and configure your network + - url: /microsoft-365/education/deploy/aad-connect-and-adfs + text: 3. Sync your active directory + - url: /microsoft-365/education/deploy/school-data-sync + text: 4. Sync you SIS using School Data Sync + - url: /microsoft-365/education/deploy/license-users + text: 5. License users + # Card + - title: Phase 2 - Device management + imageSrc: ./images/EDU-Device-Mgmt.svg + links: + - url: ./windows/index.md + text: 1. Get started with Windows 10 for Education + - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices + text: 2. Set up Windows 10 devices + - url: /microsoft-365/education/deploy/intune-for-education + text: 3. Get started with Intune for Education + - url: /microsoft-365/education/deploy/use-intune-for-education + text: 4. Use Intune to manage groups, apps, and settings + - url: /intune/enrollment/enrollment-autopilot + text: 5. Enroll devices using Windows Autopilot + # Card + - title: Phase 3 - Apps management + imageSrc: ./images/EDU-Apps-Mgmt.svg + links: + - url: /microsoft-365/education/deploy/configure-admin-settings + text: 1. Configure admin settings + - url: /microsoft-365/education/deploy/set-up-teams-for-education + text: 2. Set up Teams for Education + - url: /microsoft-365/education/deploy/deploy-office-365 + text: 3. Set up Office 365 + - url: /microsoft-365/education/deploy/microsoft-store-for-education + text: 4. Install apps from Microsoft Store for Education + - url: /microsoft-365/education/deploy/minecraft-for-education + text: 5. Install Minecraft - Education Edition + # Card + - title: Complete your deployment + # imageSrc should be square in ratio with no whitespace + imageSrc: ./images/EDU-Tasks.svg + links: + - url: /microsoft-365/education/deploy/deploy-exchange-online + text: Deploy Exchange Online + - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive + text: Deploy SharePoint Online and OneDrive + - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid + text: Deploy Exchange Server hybrid + - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid + text: Deploy SharePoint Server Hybrid + # Card + - title: Security & compliance + imageSrc: ./images/EDU-Lockbox.svg + links: + - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2 + text: AAD feature deployment guide + - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423 + text: Azure information protection deployment acceleration guide + - url: /cloud-app-security/getting-started-with-cloud-app-security + text: Microsoft Defender for Cloud Apps + - url: /microsoft-365/compliance/create-test-tune-dlp-policy + text: Office 365 data loss prevention + - url: /microsoft-365/compliance/ + text: Office 365 advanced compliance + - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx + text: Deploying Lockbox + # Card + - title: Analytics & insights + imageSrc: ./images/EDU-Education.svg + links: + - url: /power-bi/service-admin-administering-power-bi-in-your-organization + text: Power BI for IT admins + - url: /dynamics365/#pivot=get-started + text: Dynamics 365 + # Card + - title: Find deployment help + imageSrc: ./images/EDU-FindHelp.svg + links: + - url: /microsoft-365/education/deploy/find-deployment-help + text: IT admin help + - url: https://social.technet.microsoft.com/forums/en-us/home + text: TechNet + # Card + - title: Check out our education journey + imageSrc: ./images/EDU-ITJourney.svg + links: + - url: https://edujourney.microsoft.com/k-12/ + text: K-12 + - url: https://edujourney.microsoft.com/hed/ + text: Higher education + # Card + - title: Additional support resources + imageSrc: ./images/EDU-Teachers.svg + links: + - url: https://support.office.com/en-us/education + text: Education help center + - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 + text: Teacher training packs + +additionalContent: + sections: + - title: For developers # < 60 chars (optional) + summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional) + - items: + # Card + - title: UWP apps for education + summary: Learn how to write universal apps for education. + url: /windows/uwp/apps-for-education/ + # Card + - title: Take a test API + summary: Learn how web applications can use the API to provide a locked down experience for taking tests. + url: /windows/uwp/apps-for-education/take-a-test-api + # Card + - title: Office Education Dev center + summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app + url: https://developer.microsoft.com/office/edu + # Card + - title: Data Streamer + summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application. + url: /microsoft-365/education/data-streamer + - title: For partners # < 60 chars (optional) + summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional) + - items: + # Card + - title: Microsoft Partner Network + summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness. + url: https://partner.microsoft.com/solutions/education + # Card + - title: Authorized Education Partner (AEP) program + summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs). + url: https://www.mepn.com/ + # Card + - title: Authorized Education Partner Directory + summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs. + url: https://www.mepn.com/MEPN/AEPSearch.aspx + # Card + - title: Education Partner community Yammer group + summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer. + url: https://www.yammer.com/mepn/ \ No newline at end of file diff --git a/education/index.yml b/education/index.yml index 5385d2512a..5ac9a0fb23 100644 --- a/education/index.yml +++ b/education/index.yml @@ -126,14 +126,6 @@ productDirectory: - url: https://social.technet.microsoft.com/forums/en-us/home text: TechNet # Card - - title: Check out our education journey - imageSrc: ./images/EDU-ITJourney.svg - links: - - url: https://edujourney.microsoft.com/k-12/ - text: K-12 - - url: https://edujourney.microsoft.com/hed/ - text: Higher education - # Card - title: Additional support resources imageSrc: ./images/EDU-Teachers.svg links: @@ -142,43 +134,3 @@ productDirectory: - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 text: Teacher training packs -additionalContent: - sections: - - title: For developers # < 60 chars (optional) - summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional) - - items: - # Card - - title: UWP apps for education - summary: Learn how to write universal apps for education. - url: /windows/uwp/apps-for-education/ - # Card - - title: Take a test API - summary: Learn how web applications can use the API to provide a locked down experience for taking tests. - url: /windows/uwp/apps-for-education/take-a-test-api - # Card - - title: Office Education Dev center - summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app - url: https://developer.microsoft.com/office/edu - # Card - - title: Data Streamer - summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application. - url: /microsoft-365/education/data-streamer - - title: For partners # < 60 chars (optional) - summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional) - - items: - # Card - - title: Microsoft Partner Network - summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness. - url: https://partner.microsoft.com/solutions/education - # Card - - title: Authorized Education Partner (AEP) program - summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs). - url: https://www.mepn.com/ - # Card - - title: Authorized Education Partner Directory - summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs. - url: https://www.mepn.com/MEPN/AEPSearch.aspx - # Card - - title: Education Partner community Yammer group - summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer. - url: https://www.yammer.com/mepn/ \ No newline at end of file From 8ea542c4669b3cc7c5e02c613eed04a90aa2252c Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Mon, 21 Mar 2022 13:10:15 -0700 Subject: [PATCH 06/41] Trimming first chunk of steps in index files --- education/index-copy.yml | 39 ++++++--------------------------------- education/index.yml | 39 ++++++--------------------------------- 2 files changed, 12 insertions(+), 66 deletions(-) diff --git a/education/index-copy.yml b/education/index-copy.yml index d5a8d8476e..1f8d3c36ad 100644 --- a/education/index-copy.yml +++ b/education/index-copy.yml @@ -19,45 +19,18 @@ productDirectory: # Card - title: Phase 1 - Cloud deployment imageSrc: ./images/EDU-Deploy.svg - links: - - url: /microsoft-365/education/deploy/create-your-office-365-tenant - text: 1. Create your Office 365 tenant - - url: /microsoft-365/education/deploy/secure-and-configure-your-network - text: 2. Secure and configure your network - - url: /microsoft-365/education/deploy/aad-connect-and-adfs - text: 3. Sync your active directory - - url: /microsoft-365/education/deploy/school-data-sync - text: 4. Sync you SIS using School Data Sync - - url: /microsoft-365/education/deploy/license-users - text: 5. License users + summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users. + url: /microsoft-365/education/deploy/create-your-office-365-tenant # Card - title: Phase 2 - Device management imageSrc: ./images/EDU-Device-Mgmt.svg - links: - - url: ./windows/index.md - text: 1. Get started with Windows 10 for Education - - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices - text: 2. Set up Windows 10 devices - - url: /microsoft-365/education/deploy/intune-for-education - text: 3. Get started with Intune for Education - - url: /microsoft-365/education/deploy/use-intune-for-education - text: 4. Use Intune to manage groups, apps, and settings - - url: /intune/enrollment/enrollment-autopilot - text: 5. Enroll devices using Windows Autopilot + summary: Get started with Windows for Education, set up and enroll devices in Intune. + url: ./windows/index.md?bc=/microsoft-365/education/toc.json&toc=/microsoft/education/toc.json # Card - title: Phase 3 - Apps management imageSrc: ./images/EDU-Apps-Mgmt.svg - links: - - url: /microsoft-365/education/deploy/configure-admin-settings - text: 1. Configure admin settings - - url: /microsoft-365/education/deploy/set-up-teams-for-education - text: 2. Set up Teams for Education - - url: /microsoft-365/education/deploy/deploy-office-365 - text: 3. Set up Office 365 - - url: /microsoft-365/education/deploy/microsoft-store-for-education - text: 4. Install apps from Microsoft Store for Education - - url: /microsoft-365/education/deploy/minecraft-for-education - text: 5. Install Minecraft - Education Edition + summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft. + url: /microsoft-365/education/deploy/configure-admin-settings # Card - title: Complete your deployment # imageSrc should be square in ratio with no whitespace diff --git a/education/index.yml b/education/index.yml index 5ac9a0fb23..563656779f 100644 --- a/education/index.yml +++ b/education/index.yml @@ -41,45 +41,18 @@ productDirectory: # Card - title: Phase 1 - Cloud deployment imageSrc: ./images/EDU-Deploy.svg - links: - - url: /microsoft-365/education/deploy/create-your-office-365-tenant - text: 1. Create your Office 365 tenant - - url: /microsoft-365/education/deploy/secure-and-configure-your-network - text: 2. Secure and configure your network - - url: /microsoft-365/education/deploy/aad-connect-and-adfs - text: 3. Sync your active directory - - url: /microsoft-365/education/deploy/school-data-sync - text: 4. Sync you SIS using School Data Sync - - url: /microsoft-365/education/deploy/license-users - text: 5. License users + summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users. + url: /microsoft-365/education/deploy/create-your-office-365-tenant # Card - title: Phase 2 - Device management imageSrc: ./images/EDU-Device-Mgmt.svg - links: - - url: ./windows/index.md - text: 1. Get started with Windows 10 for Education - - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices - text: 2. Set up Windows 10 devices - - url: /microsoft-365/education/deploy/intune-for-education - text: 3. Get started with Intune for Education - - url: /microsoft-365/education/deploy/use-intune-for-education - text: 4. Use Intune to manage groups, apps, and settings - - url: /intune/enrollment/enrollment-autopilot - text: 5. Enroll devices using Windows Autopilot + summary: Get started with Windows for Education, set up and enroll devices in Intune. + url: ./windows/index.md?bc=/microsoft-365/education/toc.json&toc=/microsoft/education/toc.json # Card - title: Phase 3 - Apps management imageSrc: ./images/EDU-Apps-Mgmt.svg - links: - - url: /microsoft-365/education/deploy/configure-admin-settings - text: 1. Configure admin settings - - url: /microsoft-365/education/deploy/set-up-teams-for-education - text: 2. Set up Teams for Education - - url: /microsoft-365/education/deploy/deploy-office-365 - text: 3. Set up Office 365 - - url: /microsoft-365/education/deploy/microsoft-store-for-education - text: 4. Install apps from Microsoft Store for Education - - url: /microsoft-365/education/deploy/minecraft-for-education - text: 5. Install Minecraft - Education Edition + summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft. + url: /microsoft-365/education/deploy/configure-admin-settings # Card - title: Complete your deployment # imageSrc should be square in ratio with no whitespace From e2e6c3580cf21761b9ea5b5edfb7418cc37ca32e Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Mon, 21 Mar 2022 13:18:44 -0700 Subject: [PATCH 07/41] fixing urls --- education/index-copy.yml | 2 +- education/index.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/education/index-copy.yml b/education/index-copy.yml index 1f8d3c36ad..52f19854f5 100644 --- a/education/index-copy.yml +++ b/education/index-copy.yml @@ -25,7 +25,7 @@ productDirectory: - title: Phase 2 - Device management imageSrc: ./images/EDU-Device-Mgmt.svg summary: Get started with Windows for Education, set up and enroll devices in Intune. - url: ./windows/index.md?bc=/microsoft-365/education/toc.json&toc=/microsoft/education/toc.json + url: /microsoft-365/education/deploy/set-up-windows-10-education-devices # Card - title: Phase 3 - Apps management imageSrc: ./images/EDU-Apps-Mgmt.svg diff --git a/education/index.yml b/education/index.yml index 563656779f..bc3d069e99 100644 --- a/education/index.yml +++ b/education/index.yml @@ -47,7 +47,7 @@ productDirectory: - title: Phase 2 - Device management imageSrc: ./images/EDU-Device-Mgmt.svg summary: Get started with Windows for Education, set up and enroll devices in Intune. - url: ./windows/index.md?bc=/microsoft-365/education/toc.json&toc=/microsoft/education/toc.json + url: /microsoft-365/education/deploy/set-up-windows-10-education-devices # Card - title: Phase 3 - Apps management imageSrc: ./images/EDU-Apps-Mgmt.svg From 2557f320f4f21681910b891d1bc5dd002393dce8 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Tue, 22 Mar 2022 12:16:37 -0700 Subject: [PATCH 08/41] Update index-copy.yml --- education/index-copy.yml | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/education/index-copy.yml b/education/index-copy.yml index 52f19854f5..ef990ccae9 100644 --- a/education/index-copy.yml +++ b/education/index-copy.yml @@ -32,18 +32,11 @@ productDirectory: summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft. url: /microsoft-365/education/deploy/configure-admin-settings # Card - - title: Complete your deployment + - title: Phase 4 - Complete your deployment # imageSrc should be square in ratio with no whitespace imageSrc: ./images/EDU-Tasks.svg - links: - - url: /microsoft-365/education/deploy/deploy-exchange-online - text: Deploy Exchange Online - - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive - text: Deploy SharePoint Online and OneDrive - - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid - text: Deploy Exchange Server hybrid - - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid - text: Deploy SharePoint Server Hybrid + summary: Configure settings for Exchange and SharePoint. + url: /microsoft-365/education/deploy/deploy-exchange-online # Card - title: Security & compliance imageSrc: ./images/EDU-Lockbox.svg @@ -69,13 +62,17 @@ productDirectory: - url: /dynamics365/#pivot=get-started text: Dynamics 365 # Card - - title: Find deployment help - imageSrc: ./images/EDU-FindHelp.svg + - title: Find deployment help and other support resources + imageSrc: ./images/EDU-Teachers.svg links: - url: /microsoft-365/education/deploy/find-deployment-help text: IT admin help - url: https://social.technet.microsoft.com/forums/en-us/home text: TechNet + - url: https://support.office.com/en-us/education + text: Education help center + - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 + text: Teacher training packs # Card - title: Check out our education journey imageSrc: ./images/EDU-ITJourney.svg @@ -84,14 +81,6 @@ productDirectory: text: K-12 - url: https://edujourney.microsoft.com/hed/ text: Higher education - # Card - - title: Additional support resources - imageSrc: ./images/EDU-Teachers.svg - links: - - url: https://support.office.com/en-us/education - text: Education help center - - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 - text: Teacher training packs additionalContent: sections: From aa5122df0d4e5abf622a063017035609ceba86df Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Tue, 22 Mar 2022 12:26:21 -0700 Subject: [PATCH 09/41] Update index-copy.yml --- education/index-copy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/education/index-copy.yml b/education/index-copy.yml index ef990ccae9..b850afbd77 100644 --- a/education/index-copy.yml +++ b/education/index-copy.yml @@ -2,6 +2,8 @@ title: Microsoft 365 Education Documentation summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. +# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin +brand: m365 metadata: title: Microsoft 365 Education Documentation From f2e2e92b5e558fd221b984c32d6c68df1f3f71ed Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Tue, 22 Mar 2022 12:31:33 -0700 Subject: [PATCH 10/41] Update index-copy.yml --- education/index-copy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/index-copy.yml b/education/index-copy.yml index b850afbd77..26aa73e3a7 100644 --- a/education/index-copy.yml +++ b/education/index-copy.yml @@ -50,9 +50,9 @@ productDirectory: - url: /cloud-app-security/getting-started-with-cloud-app-security text: Microsoft Defender for Cloud Apps - url: /microsoft-365/compliance/create-test-tune-dlp-policy - text: Office 365 data loss prevention + text: Data loss prevention - url: /microsoft-365/compliance/ - text: Office 365 advanced compliance + text: Microsoft 365 Compliance - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx text: Deploying Lockbox # Card From 1723db8c86c3aea94f0f2a04b6d02ad4ef1d874a Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 25 Mar 2022 16:06:22 +0530 Subject: [PATCH 11/41] changes as per task 5922141 --- .../encrypted-hard-drive.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 9bbeeb2de3..cebb1539b9 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -21,6 +21,7 @@ ms.date: 04/02/2019 - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 +- Azure Stack HCI Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. @@ -32,8 +33,8 @@ Encrypted Hard Drives provide: - **Better performance**: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation. - **Strong security based in hardware**: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system -- **Ease of use**: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted Hard Drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive. -- **Lower cost of ownership**: There is no need for new infrastructure to manage encryption keys, since BitLocker leverages your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles do not need to be used for the encryption process. +- **Ease of use**: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted Hard Drives are easily erased using on-board encryption key; there's no need to re-encrypt data on the drive. +- **Lower cost of ownership**: There's no need for new infrastructure to manage encryption keys, since BitLocker leverages your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process. Encrypted Hard Drives are supported natively in the operating system through the following mechanisms: @@ -77,13 +78,13 @@ Rapid encryption in BitLocker directly addresses the security needs of enterpris Configuration of Encrypted Hard Drives as startup drives is done using the same methods as standard hard drives. These methods include: - **Deploy from media**: Configuration of Encrypted Hard Drives happens automatically through the installation process. -- **Deploy from network**: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the Enhanced Storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell, or the DISM command line tool. If this component is not present, configuration of Encrypted Hard Drives will not work. +- **Deploy from network**: This deployment method involves booting a Windows PE environment and using imaging tools to apply a Windows image from a network share. Using this method, the Enhanced Storage optional component needs to be included in the Windows PE image. You can enable this component using Server Manager, Windows PowerShell, or the DISM command line tool. If this component isn't present, configuration of Encrypted Hard Drives won't work. - **Deploy from server**: This deployment method involves PXE booting a client with Encrypted Hard Drives present. Configuration of Encrypted Hard Drives happens automatically in this environment when the Enhanced Storage component is added to the PXE boot image. During deployment, the [TCGSecurityActivationDisabled](/windows-hardware/customize/desktop/unattend/microsoft-windows-enhancedstorage-adm-tcgsecurityactivationdisabled) setting in unattend.xml controls the encryption behavior of Encrypted Hard Drives. -- **Disk Duplication**: This deployment method involves use of a previously configured device and disk duplication tools to apply a Windows image to an Encrypted Hard Drive. Disks must be partitioned using at least Windows 8 or Windows Server 2012 for this configuration to work. Images made using disk duplicators will not work. +- **Disk Duplication**: This deployment method involves use of a previously configured device and disk duplication tools to apply a Windows image to an Encrypted Hard Drive. Disks must be partitioned using at least Windows 8 or Windows Server 2012 for this configuration to work. Images made using disk duplicators won't work. ## Configuring hardware-based encryption with Group Policy -There are three related Group Policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings are not configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: +There are three related Group Policy settings that help you manage how BitLocker uses hardware-based encryption and which encryption algorithms to use. If these settings aren't configured or disabled on systems that are equipped with encrypted drives, BitLocker uses software-based encryption: - [Configure use of hardware-based encryption for fixed data drives](bitlocker/bitlocker-group-policy-settings.md#bkmk-hdefxd) - [Configure use of hardware-based encryption for removable data drives](bitlocker/bitlocker-group-policy-settings.md#configure-use-of-hardware-based-encryption-for-removable-data-drives) @@ -93,14 +94,14 @@ There are three related Group Policy settings that help you manage how BitLocker Encrypted Hard Drives utilize two encryption keys on the device to control the locking and unlocking of data on the drive. These are the Data Encryption Key (DEK) and the Authentication Key (AK). -The Data Encryption Key is the key used to encrypt all of the data on the drive. The drive generates the DEK and it never leaves the device. It is stored in an encrypted format at a random location on the drive. If the DEK is changed or erased, data encrypted using the DEK is irrecoverable. +The Data Encryption Key is the key used to encrypt all of the data on the drive. The drive generates the DEK and it never leaves the device. It's stored in an encrypted format at a random location on the drive. If the DEK is changed or erased, data encrypted using the DEK is irrecoverable. The Authentication Key is the key used to unlock data on the drive. A hash of the key is stored on drive and requires confirmation to decrypt the DEK. When a computer with an Encrypted Hard Drive is in a powered off state, the drive locks automatically. As a computer powers on, the device remains in a locked state and is only unlocked after the Authentication Key decrypts the Data Encryption Key. Once the Authentication Key decrypts the Data Encryption Key, read-write operations can take place on the device. -When writing data to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. In the event that the DEK needs to be changed or erased, the data on the drive does not need to be re-encrypted. A new Authentication Key needs to be created and it will re-encrypt the DEK. Once completed, the DEK can now be unlocked using the new AK and read-writes to the volume can continue. +When writing data to the drive, it passes through an encryption engine before the write operation completes. Likewise, reading data from the drive requires the encryption engine to decrypt the data before passing that data back to the user. In the event that the DEK needs to be changed or erased, the data on the drive doesn't need to be re-encrypted. A new Authentication Key needs to be created and it will re-encrypt the DEK. Once completed, the DEK can now be unlocked using the new AK and read-writes to the volume can continue. ## Re-configuring Encrypted Hard Drives From 997e925d08545ef2b2857e92049593b1a06e83f2 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 29 Mar 2022 13:43:19 -0500 Subject: [PATCH 12/41] Update minimum-password-length.md Updated password length to 14 to fall inline with Microsoft SCT guidance. --- .../security-policy-settings/minimum-password-length.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 7921cdcc37..08143780d4 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -36,7 +36,7 @@ The **Minimum password length** policy setting determines the least number of ch ### Best practices -Set Minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it's long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 isn't supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md). +Set Minimum password length to at least a value of 14. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it's long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 isn't supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md). Permitting short passwords reduces security because short passwords can be easily broken with tools that do dictionary or brute force attacks against the passwords. Requiring very long passwords can result in mistyped passwords that might cause account lockouts and might increase the volume of Help Desk calls. From 00fffaf676e00a5eba2f9dbeeb0a5a024d775e0e Mon Sep 17 00:00:00 2001 From: George Shih <40845924+geos-ms@users.noreply.github.com> Date: Wed, 30 Mar 2022 18:51:27 +0800 Subject: [PATCH 13/41] Update Hello FAQ to clarify lid closed case --- .../identity-protection/hello-for-business/hello-faq.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 7081a2b5d6..bb4c297899 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -79,10 +79,14 @@ sections: answer: | It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users. - - question: Can I use an external Windows Hello compatible camera when my laptop is closed or docked? + - question: Can I use an external Windows Hello compatible camera when my computer has a built in Windows Hello compatible camera? answer: | Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). + - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked? + answer: | + Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. + - question: Why does authentication fail immediately after provisioning hybrid key trust? answer: | In a hybrid deployment, a user's public key must sync from Azure AD to AD before it can be used to authenticate against a domain controller. This sync is handled by Azure AD Connect and will occur during a normal sync cycle. From 3b11486d01584a506045be6309441fd5be937672 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 30 Mar 2022 09:30:53 -0600 Subject: [PATCH 14/41] Update waas-delivery-optimization-faq.md Removed '.md' file extension to fix link. --- windows/deployment/update/waas-delivery-optimization-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization-faq.md b/windows/deployment/update/waas-delivery-optimization-faq.md index 0f59183964..6425a6af48 100644 --- a/windows/deployment/update/waas-delivery-optimization-faq.md +++ b/windows/deployment/update/waas-delivery-optimization-faq.md @@ -36,7 +36,7 @@ Delivery Optimization also communicates with its cloud service by using HTTP/HTT ## What are the requirements if I use a proxy? -For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting.md). +For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting). ## What hostnames should I allow through my firewall to support Delivery Optimization? From 33ae7348ebb7faf369409c325b8ce3595cb4104e Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 30 Mar 2022 09:45:03 -0600 Subject: [PATCH 15/41] Update index.yml Add link to FAQ page. --- windows/deployment/do/index.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index 986056d1ce..c50e4d8d6b 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -47,6 +47,8 @@ landingContent: url: waas-delivery-optimization-setup.md#windows-powershell-cmdlets - text: Troubleshoot Delivery Optimization url: waas-delivery-optimization-setup.md#troubleshooting + - text: Delivery Optimization Frequently Asked Questions + url: waas-delivery-optimization-faq - text: Submit feedback url: https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app From 52ee27d353ef5a389213659b7027a30c6c295395 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 30 Mar 2022 09:57:35 -0600 Subject: [PATCH 16/41] Update index.yml --- windows/deployment/do/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index c50e4d8d6b..01e71f030f 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -48,7 +48,7 @@ landingContent: - text: Troubleshoot Delivery Optimization url: waas-delivery-optimization-setup.md#troubleshooting - text: Delivery Optimization Frequently Asked Questions - url: waas-delivery-optimization-faq + url: waas-delivery-optimization-faq.md - text: Submit feedback url: https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app From 45a6e38ceb8d7b700a13b5316f6dfb98226c09bb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Mar 2022 10:00:23 -0700 Subject: [PATCH 17/41] Update minimum-password-length.md --- .../security-policy-settings/minimum-password-length.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 08143780d4..d116884fca 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 03/30/2022 ms.technology: windows-sec --- From 164f674c97a731ffad8c20161017e8083f403469 Mon Sep 17 00:00:00 2001 From: Noah Myers <81661816+nonotnoah@users.noreply.github.com> Date: Wed, 30 Mar 2022 10:37:26 -0700 Subject: [PATCH 18/41] fix redundant acronym ATM machine is a redundant acronym. This fix is in line with other uses of ATM in this document such as here: https://docs.microsoft.com/en-us/windows/deployment/update/get-started-updates-channels-tools#long-term-servicing-channel --- windows/deployment/update/waas-quick-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 3c6ac3426f..9f6c9e6c7b 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -31,7 +31,7 @@ Some new terms have been introduced as part of Windows as a service, so you shou - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. - **Servicing channels** allow organizations to choose when to deploy new features. - The **General Availability Channel** receives feature updates annually. - - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. + - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATMs, receives new feature releases every two to three years. - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. See [Overview of Windows as a service](waas-overview.md) for more information. From ec3db587d6fc0e75b0f40495a3ecd68884e4c8fd Mon Sep 17 00:00:00 2001 From: George Shih <40845924+geos-ms@users.noreply.github.com> Date: Thu, 31 Mar 2022 12:43:45 +0800 Subject: [PATCH 19/41] Address the case of ESS devices --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index bb4c297899..5edb16893e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -85,7 +85,7 @@ sections: - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked? answer: | - Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. + Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors). - question: Why does authentication fail immediately after provisioning hybrid key trust? answer: | From e5fae1e841988c0237b57d92e00895ea1b3b4d14 Mon Sep 17 00:00:00 2001 From: George Shih <40845924+geos-ms@users.noreply.github.com> Date: Thu, 31 Mar 2022 13:50:00 +0800 Subject: [PATCH 20/41] Address the case of ESS devices again --- .../identity-protection/hello-for-business/hello-faq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 5edb16893e..5762e33ff9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -81,11 +81,11 @@ sections: - question: Can I use an external Windows Hello compatible camera when my computer has a built in Windows Hello compatible camera? answer: | - Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). + Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors). - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked? answer: | - Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors). + Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in the latest Windows Insiders builds and will be available in the future version of Windows 11. - question: Why does authentication fail immediately after provisioning hybrid key trust? answer: | From 7daf5f10c0f354b003ee68bffaa6c29a4974b672 Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Thu, 31 Mar 2022 07:40:49 -0700 Subject: [PATCH 21/41] Fixed Bulk Enrollment support Bulk token creation remains to be supported on Windows 10 and 11. Fixed the table to reflect --- .../provisioning-packages/provisioning-packages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index c0931e36ec..da386db801 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -79,7 +79,7 @@ The following table describes settings that you can configure using the wizards | Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ | | Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ | | Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ | -| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). | ❌ | ❌ | ❌ | +| Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token

[Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment,. | ✔️ | ✔️ | ✔️ | | Add applications | Install applications using the provisioning package. | ✔️ | ✔️ | ❌ | | Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ | | Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ | From ad797014291c092c16ea576e3fbcfc470c84ef86 Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Thu, 31 Mar 2022 08:45:34 -0700 Subject: [PATCH 22/41] Delete microsoft-recommended-driver-block-rules.md.bak --- ...soft-recommended-driver-block-rules.md.bak | 1176 ----------------- 1 file changed, 1176 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak deleted file mode 100644 index 357a184c9b..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md.bak +++ /dev/null @@ -1,1176 +0,0 @@ ---- -title: Microsoft recommended driver block rules (Windows) -description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community. -keywords: security, malware, kernel mode, driver -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro -ms.collection: M365-security-compliance -author: jgeurten -ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp ---- - -# Microsoft recommended driver block rules - -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). - -Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices: - -- Hypervisor-protected code integrity (HVCI) enabled devices -- Windows 10 in S mode (S mode) devices - -The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes: - -- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel -- Malicious behaviors (malware) or certificates used to sign malware -- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel - -Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article. - -Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events. - -```xml - - - 10.0.25090.0 - {D2BDA982-CCF6-4344-AC5B-0B44427B6816} - {2E07F7E4-194C-4D20-B7C9-6F44A6C5A234} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 - - - - Microsoft Windows Driver Policy - - - - - 10.0.25000.0 - - - - -``` -
- - -## More information - -- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) From f60f95d76a5b4dd3a2d57a6534c9ec16561d5d59 Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Thu, 31 Mar 2022 11:02:28 -0700 Subject: [PATCH 23/41] Update vpnv2-csp.md We've had customer reports that setting just one setting results in failures. Documenting that all crypto properties are needed in a single bundle. --- windows/client-management/mdm/vpnv2-csp.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index add96c2ec0..4f5fc988ac 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -771,7 +771,9 @@ Reserved for future use. Reserved for future use. **VPNv2/**ProfileName**/NativeProfile/CryptographySuite** -Added in Windows 10, version 1607. Properties of IPSec tunnels. +Added in Windows 10, version 1607. Properties of IPSec tunnels. + +[!NOTE] If you specify any of the properties under CryptographySuite, you must specify all of them. It's not valid to specify just some of the properties. **VPNv2/**ProfileName**/NativeProfile/CryptographySuite/AuthenticationTransformConstants** Added in Windows 10, version 1607. From 288e74ff33dcce2660c62d9664a20208976f3a47 Mon Sep 17 00:00:00 2001 From: Dhurata Jahiu <101433552+DhurataJ@users.noreply.github.com> Date: Thu, 31 Mar 2022 17:13:37 -0400 Subject: [PATCH 24/41] [BrokenLinksH2] Fix path in link Fixing the broken link path. --- store-for-business/billing-understand-your-invoice-msfb.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md index bee1e82435..9f73223f1d 100644 --- a/store-for-business/billing-understand-your-invoice-msfb.md +++ b/store-for-business/billing-understand-your-invoice-msfb.md @@ -110,10 +110,10 @@ At the bottom of the invoice, there are instructions for paying your bill. You c If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice. ## Next steps -If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/billing/billing-understand-your-invoice-mca). +If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/download-azure-invoice#invoices-for-mca-and-mpa-billing-accounts). ## Need help? Contact us. If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest). -If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary). \ No newline at end of file +If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary). From 3fd6313ebfa93ff6bfc6b69119dca69120b1c667 Mon Sep 17 00:00:00 2001 From: Mark Renoden Date: Fri, 1 Apr 2022 09:21:07 +1100 Subject: [PATCH 25/41] Update windows-10-subscription-activation.md Universal Store Service APIs and Web Application has been added to the Conditional Access policy editors so that organizations can avoid the MFA issue. --- windows/deployment/windows-10-subscription-activation.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 4a7dccff99..ad6bf5aa42 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -125,6 +125,8 @@ If the device is running Windows 10, version 1809 or later: ![Subscription Activation with MFA example 3.](images/sa-mfa3.png) +Organizations that use Azure Active Directory Conditional Access may want to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f from their all users all cloud apps MFA policy to avoid this issue. + ### Windows 10/11 Education requirements - Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded. From 8584298a58eda871c84488e058373161e4e07506 Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Fri, 1 Apr 2022 15:16:47 +0800 Subject: [PATCH 26/41] Add PVA buttons --- .../client-management/advanced-troubleshooting-boot-problems.md | 2 ++ windows/deployment/update/windows-update-troubleshooting.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 0c976ceceb..f9b2b11cb4 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -15,6 +15,8 @@ ms.collection: highpri # Advanced troubleshooting for Windows boot problems +

Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues + > [!NOTE] > This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415). diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 50b478c5c9..94282e784f 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -20,6 +20,8 @@ ms.collection: highpri - Windows 10 - Windows 11 +

Try our Virtual Agent - It can help you quickly identify and fix common Windows Update issues + If you run into problems when using Windows Update, start with the following steps: 1. Run the built-in Windows Update troubleshooter to fix common issues. Navigate to **Settings > Update & Security > Troubleshoot > Windows Update**. From 43604a9b868d9e0031f763d760bb26cc56a610cf Mon Sep 17 00:00:00 2001 From: Noah Myers <81661816+nonotnoah@users.noreply.github.com> Date: Fri, 1 Apr 2022 09:24:30 -0700 Subject: [PATCH 27/41] Update windows/deployment/update/waas-quick-start.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-quick-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 9f6c9e6c7b..57fcb750ea 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -31,7 +31,7 @@ Some new terms have been introduced as part of Windows as a service, so you shou - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. - **Servicing channels** allow organizations to choose when to deploy new features. - The **General Availability Channel** receives feature updates annually. - - The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATMs, receives new feature releases every two to three years. + - The **Long-Term Servicing Channel**, which is meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATMs, receives new feature releases every two to three years. - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. See [Overview of Windows as a service](waas-overview.md) for more information. From 1cbafc45b679aae61de8b2a92d945a358fe0fcf2 Mon Sep 17 00:00:00 2001 From: cathyethoca <39312769+cathyethoca@users.noreply.github.com> Date: Fri, 1 Apr 2022 14:10:05 -0400 Subject: [PATCH 28/41] Fixing Markdown errors that hid wildcards 0x80072EE2 has a list of URLs that includes wildcard (*) characters. Markdown was treating them as italics instead of displaying them. --- windows/deployment/update/windows-update-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index b500ca17a8..c3688b1dda 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -198,7 +198,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager.
Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures).
If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints:
`http://windowsupdate.microsoft.com`
https://.windowsupdate.microsoft.com
https://update.microsoft.com
https://*.update.microsoft.com
https://windowsupdate.com
https://*.windowsupdate.com
https://download.windowsupdate.com
https://*.download.windowsupdate.com
https://download.microsoft.com
https://*.download.windowsupdate.com
https://wustat.windows.com
https://*.wustat.windows.com
https://ntservicepack.microsoft.com | +| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager.
Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures).
If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints:
`http://windowsupdate.microsoft.com`
`https://*.windowsupdate.microsoft.com`
`https://update.microsoft.com`
`https://*.update.microsoft.com`
`https://windowsupdate.com`
`https://*.windowsupdate.com`
`https://download.windowsupdate.com`
`https://*.download.windowsupdate.com`
`https://download.microsoft.com`
`https://*.download.windowsupdate.com`
`https://wustat.windows.com`
`https://*.wustat.windows.com`
`https://ntservicepack.microsoft.com` | ## 0x80240022 From 8b2571e8d2fb37312a86cec11b2720dc36ea948b Mon Sep 17 00:00:00 2001 From: Stephen Peters <101433558+StephenBrentPeters@users.noreply.github.com> Date: Fri, 1 Apr 2022 11:14:49 -0700 Subject: [PATCH 29/41] [BrokenLinksH2] fixing broken link **Global effort to fix broken links** @aczechowski The Content & Learning team is fixing broken links on docs.microsoft.com for the rest of H2. This effort will eliminate potential accessibility, security, and usability issues. This PR includes only link fixes and does not change other content. Please review within five business days and merge, or comment in the PR with any changes you'd like to see. Thanks! --- .../app-v/appv-deploying-microsoft-office-2016-with-appv.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index ccb835f3f9..b8a5d91571 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail |--------------|----------------------------|----------------| | Add element | Specifies which products and languages the package will include. | N/A | | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`
`OfficeClientEdition="64"` | - | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | + | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation/product-ids-supported-office-deployment-click-to-run). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | | Language element | Specifies which language the applications support. | `Language ID="en-us"` | | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` | | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` | From e8e65addaf29247a6271377d06a7a2aebccfd253 Mon Sep 17 00:00:00 2001 From: Stephen Peters <101433558+StephenBrentPeters@users.noreply.github.com> Date: Fri, 1 Apr 2022 11:34:58 -0700 Subject: [PATCH 30/41] [BrokenLinksH2] fixing broken link **Global effort to fix broken links** @dansimp The Content & Learning team is fixing broken links on docs.microsoft.com for the rest of H2. This effort will eliminate potential accessibility, security, and usability issues. This PR includes only link fixes and does not change other content. Please review within five business days and merge, or comment in the PR with any changes you'd like to see. Thanks! --- .../identity-protection/access-control/access-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md index b4a6c2c7fa..eacb21eb26 100644 --- a/windows/security/identity-protection/access-control/access-control.md +++ b/windows/security/identity-protection/access-control/access-control.md @@ -131,7 +131,7 @@ For more information about user rights, see [User Rights Assignment](/windows/de With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting **Audit object access** under **Local Policies** in **Local Security Settings**. You can then view these security-related events in the Security log in Event Viewer. -For more information about auditing, see [Security Auditing Overview](/windows/device-security/auditing/security-auditing-overview). +For more information about auditing, see [Security Auditing Overview](/windows/security/threat-protection/auditing/security-auditing-overview). ## See also From b1d18bdd655d866e8374a47a440d74461fb5e0e2 Mon Sep 17 00:00:00 2001 From: Stephen Peters <101433558+StephenBrentPeters@users.noreply.github.com> Date: Fri, 1 Apr 2022 11:49:53 -0700 Subject: [PATCH 31/41] [BrokenLinksH2] fixing broken link **Global effort to fix broken links** @GitPrakhar13 The Content & Learning team is fixing broken links on docs.microsoft.com for the rest of H2. This effort will eliminate potential accessibility, security, and usability issues. This PR includes only link fixes and does not change other content. Please review within five business days and merge, or comment in the PR with any changes you'd like to see. Thanks! --- .../hello-for-business/hello-deployment-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index 16f8e33766..49c7800974 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -61,7 +61,7 @@ Before the user's Windows Hello for Business key is synced, sign-in's with Windo In environments impacted with this issue, after the first sign-in with Windows Hello for Business after provisioning is completed, the next sign-in attempt will fail. In environments where domain controllers are running a mix of builds, only some may be impacted by this issue and subsequent logon attempts may be sent different domain controllers. This may result in the sign-in failures appearing to be intermittent. -After the initial logon attempt, the user's Windows Hello for Business public key is being deleted from the msDS-KeyCredentialLink attribute. This can be verified by querying a user's msDS-KeyCredentialLink attribute before and after sign-in. The msDS-KeyCredentialLink can be queried in AD using [Get-ADUser](/powershell/module/addsadministration/get-aduser) and specifying *msds-keycredentiallink* for the *-Properties* parameter. +After the initial logon attempt, the user's Windows Hello for Business public key is being deleted from the msDS-KeyCredentialLink attribute. This can be verified by querying a user's msDS-KeyCredentialLink attribute before and after sign-in. The msDS-KeyCredentialLink can be queried in AD using [Get-ADUser](/powershell/module/activedirectory/get-aduser) and specifying *msds-keycredentiallink* for the *-Properties* parameter. ### Resolving User Public Key Deletion Issue From c1e29e09ce64a38b1d8b09156ca9d75c97caffa1 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Fri, 1 Apr 2022 12:03:58 -0700 Subject: [PATCH 32/41] Removing spare education hubs and redirecting to main hub --- .openpublishing.redirection.json | 12 ++- education/index-copy.yml | 126 ------------------------------- education/index.yml | 97 ++++++++++++++---------- education/itadmins.yml | 120 ----------------------------- education/partners.yml | 33 -------- 5 files changed, 68 insertions(+), 320 deletions(-) delete mode 100644 education/index-copy.yml delete mode 100644 education/itadmins.yml delete mode 100644 education/partners.yml diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 52d9c0b701..9b63940d58 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19494,6 +19494,16 @@ "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md", "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache", "redirect_document_id": false - } + }, + { + "source_path": "windows/education/itadmins.yml", + "redirect_url": "/education/", + "redirect_document_id": true + }, + { + "source_path": "windows/education/partners.yml", + "redirect_url": "/education/", + "redirect_document_id": true + } ] } \ No newline at end of file diff --git a/education/index-copy.yml b/education/index-copy.yml deleted file mode 100644 index 26aa73e3a7..0000000000 --- a/education/index-copy.yml +++ /dev/null @@ -1,126 +0,0 @@ -### YamlMime:Hub - -title: Microsoft 365 Education Documentation -summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. -# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin -brand: m365 - -metadata: - title: Microsoft 365 Education Documentation - description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers. - ms.service: help - ms.topic: hub-page - author: LaurenMoynihan - ms.author: v-lamoyn - ms.date: 10/24/2019 - -productDirectory: - title: For IT admins - summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. - items: - # Card - - title: Phase 1 - Cloud deployment - imageSrc: ./images/EDU-Deploy.svg - summary: Create your Microsoft 365 tenant, secure and configure your environment, sync your active directry and SIS, and license users. - url: /microsoft-365/education/deploy/create-your-office-365-tenant - # Card - - title: Phase 2 - Device management - imageSrc: ./images/EDU-Device-Mgmt.svg - summary: Get started with Windows for Education, set up and enroll devices in Intune. - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices - # Card - - title: Phase 3 - Apps management - imageSrc: ./images/EDU-Apps-Mgmt.svg - summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft. - url: /microsoft-365/education/deploy/configure-admin-settings - # Card - - title: Phase 4 - Complete your deployment - # imageSrc should be square in ratio with no whitespace - imageSrc: ./images/EDU-Tasks.svg - summary: Configure settings for Exchange and SharePoint. - url: /microsoft-365/education/deploy/deploy-exchange-online - # Card - - title: Security & compliance - imageSrc: ./images/EDU-Lockbox.svg - links: - - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2 - text: AAD feature deployment guide - - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423 - text: Azure information protection deployment acceleration guide - - url: /cloud-app-security/getting-started-with-cloud-app-security - text: Microsoft Defender for Cloud Apps - - url: /microsoft-365/compliance/create-test-tune-dlp-policy - text: Data loss prevention - - url: /microsoft-365/compliance/ - text: Microsoft 365 Compliance - - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx - text: Deploying Lockbox - # Card - - title: Analytics & insights - imageSrc: ./images/EDU-Education.svg - links: - - url: /power-bi/service-admin-administering-power-bi-in-your-organization - text: Power BI for IT admins - - url: /dynamics365/#pivot=get-started - text: Dynamics 365 - # Card - - title: Find deployment help and other support resources - imageSrc: ./images/EDU-Teachers.svg - links: - - url: /microsoft-365/education/deploy/find-deployment-help - text: IT admin help - - url: https://social.technet.microsoft.com/forums/en-us/home - text: TechNet - - url: https://support.office.com/en-us/education - text: Education help center - - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 - text: Teacher training packs - # Card - - title: Check out our education journey - imageSrc: ./images/EDU-ITJourney.svg - links: - - url: https://edujourney.microsoft.com/k-12/ - text: K-12 - - url: https://edujourney.microsoft.com/hed/ - text: Higher education - -additionalContent: - sections: - - title: For developers # < 60 chars (optional) - summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional) - - items: - # Card - - title: UWP apps for education - summary: Learn how to write universal apps for education. - url: /windows/uwp/apps-for-education/ - # Card - - title: Take a test API - summary: Learn how web applications can use the API to provide a locked down experience for taking tests. - url: /windows/uwp/apps-for-education/take-a-test-api - # Card - - title: Office Education Dev center - summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app - url: https://developer.microsoft.com/office/edu - # Card - - title: Data Streamer - summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application. - url: /microsoft-365/education/data-streamer - - title: For partners # < 60 chars (optional) - summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional) - - items: - # Card - - title: Microsoft Partner Network - summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness. - url: https://partner.microsoft.com/solutions/education - # Card - - title: Authorized Education Partner (AEP) program - summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs). - url: https://www.mepn.com/ - # Card - - title: Authorized Education Partner Directory - summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs. - url: https://www.mepn.com/MEPN/AEPSearch.aspx - # Card - - title: Education Partner community Yammer group - summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer. - url: https://www.yammer.com/mepn/ \ No newline at end of file diff --git a/education/index.yml b/education/index.yml index bc3d069e99..26aa73e3a7 100644 --- a/education/index.yml +++ b/education/index.yml @@ -2,6 +2,8 @@ title: Microsoft 365 Education Documentation summary: Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education. +# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin +brand: m365 metadata: title: Microsoft 365 Education Documentation @@ -12,28 +14,6 @@ metadata: ms.author: v-lamoyn ms.date: 10/24/2019 -# highlightedContent section (optional) -# Maximum of 8 items -highlightedContent: -# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new - items: - # Card - - title: K-12 Education Transformation Journey - itemType: get-started - url: https://edujourney.microsoft.com/k-12/ - # Card - - title: Higher Education Transformation Journey - itemType: get-started - url: https://edujourney.microsoft.com/hed/ - # Card - - title: For developers - itemType: concept - url: developers.yml - # Card - - title: For partners - itemType: overview - url: partners.yml - productDirectory: title: For IT admins summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. @@ -54,18 +34,11 @@ productDirectory: summary: Configure admin settings, set up Teams for Education, install apps and install Minecraft. url: /microsoft-365/education/deploy/configure-admin-settings # Card - - title: Complete your deployment + - title: Phase 4 - Complete your deployment # imageSrc should be square in ratio with no whitespace imageSrc: ./images/EDU-Tasks.svg - links: - - url: /microsoft-365/education/deploy/deploy-exchange-online - text: Deploy Exchange Online - - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive - text: Deploy SharePoint Online and OneDrive - - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid - text: Deploy Exchange Server hybrid - - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid - text: Deploy SharePoint Server Hybrid + summary: Configure settings for Exchange and SharePoint. + url: /microsoft-365/education/deploy/deploy-exchange-online # Card - title: Security & compliance imageSrc: ./images/EDU-Lockbox.svg @@ -77,9 +50,9 @@ productDirectory: - url: /cloud-app-security/getting-started-with-cloud-app-security text: Microsoft Defender for Cloud Apps - url: /microsoft-365/compliance/create-test-tune-dlp-policy - text: Office 365 data loss prevention + text: Data loss prevention - url: /microsoft-365/compliance/ - text: Office 365 advanced compliance + text: Microsoft 365 Compliance - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx text: Deploying Lockbox # Card @@ -91,19 +64,63 @@ productDirectory: - url: /dynamics365/#pivot=get-started text: Dynamics 365 # Card - - title: Find deployment help - imageSrc: ./images/EDU-FindHelp.svg + - title: Find deployment help and other support resources + imageSrc: ./images/EDU-Teachers.svg links: - url: /microsoft-365/education/deploy/find-deployment-help text: IT admin help - url: https://social.technet.microsoft.com/forums/en-us/home text: TechNet - # Card - - title: Additional support resources - imageSrc: ./images/EDU-Teachers.svg - links: - url: https://support.office.com/en-us/education text: Education help center - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 text: Teacher training packs + # Card + - title: Check out our education journey + imageSrc: ./images/EDU-ITJourney.svg + links: + - url: https://edujourney.microsoft.com/k-12/ + text: K-12 + - url: https://edujourney.microsoft.com/hed/ + text: Higher education +additionalContent: + sections: + - title: For developers # < 60 chars (optional) + summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. # < 160 chars (optional) + - items: + # Card + - title: UWP apps for education + summary: Learn how to write universal apps for education. + url: /windows/uwp/apps-for-education/ + # Card + - title: Take a test API + summary: Learn how web applications can use the API to provide a locked down experience for taking tests. + url: /windows/uwp/apps-for-education/take-a-test-api + # Card + - title: Office Education Dev center + summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app + url: https://developer.microsoft.com/office/edu + # Card + - title: Data Streamer + summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application. + url: /microsoft-365/education/data-streamer + - title: For partners # < 60 chars (optional) + summary: Looking for resources available to Microsoft Education partners? Start here. # < 160 chars (optional) + - items: + # Card + - title: Microsoft Partner Network + summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness. + url: https://partner.microsoft.com/solutions/education + # Card + - title: Authorized Education Partner (AEP) program + summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs). + url: https://www.mepn.com/ + # Card + - title: Authorized Education Partner Directory + summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs. + url: https://www.mepn.com/MEPN/AEPSearch.aspx + # Card + - title: Education Partner community Yammer group + summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer. + url: https://www.yammer.com/mepn/ \ No newline at end of file diff --git a/education/itadmins.yml b/education/itadmins.yml deleted file mode 100644 index 2847e59b71..0000000000 --- a/education/itadmins.yml +++ /dev/null @@ -1,120 +0,0 @@ -### YamlMime:Hub - -title: Microsoft 365 Education Documentation for IT admins -summary: Microsoft 365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync. - -metadata: - title: Microsoft 365 Education Documentation for IT admins - description: M365 Education consists of Office 365 Education, Windows 10 Education, and security and management tools such as Intune for Education and School Data Sync. - ms.service: help - ms.topic: hub-page - author: LaurenMoynihan - ms.author: v-lamoyn - ms.date: 10/24/2019 - -productDirectory: - summary: This guide is designed for IT admins looking for the simplest way to move their platform to the cloud. It does not capture all the necessary steps for large scale or complex deployments. - items: - # Card - - title: Phase 1 - Cloud deployment - imageSrc: ./images/EDU-Deploy.svg - links: - - url: /microsoft-365/education/deploy/create-your-office-365-tenant - text: 1. Create your Office 365 tenant - - url: /microsoft-365/education/deploy/secure-and-configure-your-network - text: 2. Secure and configure your network - - url: /microsoft-365/education/deploy/aad-connect-and-adfs - text: 3. Sync your active directory - - url: /microsoft-365/education/deploy/school-data-sync - text: 4. Sync you SIS using School Data Sync - - url: /microsoft-365/education/deploy/license-users - text: 5. License users - # Card - - title: Phase 2 - Device management - imageSrc: ./images/EDU-Device-Mgmt.svg - links: - - url: ./windows/index.md - text: 1. Get started with Windows 10 for Education - - url: /microsoft-365/education/deploy/set-up-windows-10-education-devices - text: 2. Set up Windows 10 devices - - url: /microsoft-365/education/deploy/intune-for-education - text: 3. Get started with Intune for Education - - url: /microsoft-365/education/deploy/use-intune-for-education - text: 4. Use Intune to manage groups, apps, and settings - - url: /intune/enrollment/enrollment-autopilot - text: 5. Enroll devices using Windows Autopilot - # Card - - title: Phase 3 - Apps management - imageSrc: ./images/EDU-Apps-Mgmt.svg - links: - - url: /microsoft-365/education/deploy/configure-admin-settings - text: 1. Configure admin settings - - url: /microsoft-365/education/deploy/set-up-teams-for-education - text: 2. Set up Teams for Education - - url: /microsoft-365/education/deploy/deploy-office-365 - text: 3. Set up Office 365 - - url: /microsoft-365/education/deploy/microsoft-store-for-education - text: 4. Install apps from Microsoft Store for Education - - url: /microsoft-365/education/deploy/minecraft-for-education - text: 5. Install Minecraft - Education Edition - # Card - - title: Complete your deployment - # imageSrc should be square in ratio with no whitespace - imageSrc: ./images/EDU-Tasks.svg - links: - - url: /microsoft-365/education/deploy/deploy-exchange-online - text: Deploy Exchange Online - - url: /microsoft-365/education/deploy/deploy-sharepoint-online-and-onedrive - text: Deploy SharePoint Online and OneDrive - - url: /microsoft-365/education/deploy/deploy-exchange-server-hybrid - text: Deploy Exchange Server hybrid - - url: /microsoft-365/education/deploy/deploy-sharepoint-server-hybrid - text: Deploy SharePoint Server Hybrid - # Card - - title: Security & compliance - imageSrc: ./images/EDU-Lockbox.svg - links: - - url: /azure/active-directory/fundamentals/active-directory-deployment-checklist-p2 - text: AAD feature deployment guide - - url: https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423 - text: Azure information protection deployment acceleration guide - - url: /cloud-app-security/getting-started-with-cloud-app-security - text: Microsoft Defender for Cloud Apps - - url: /microsoft-365/compliance/create-test-tune-dlp-policy - text: Office 365 data loss prevention - - url: /microsoft-365/compliance/ - text: Office 365 advanced compliance - - url: https://social.technet.microsoft.com/wiki/contents/articles/35748.office-365-what-is-customer-lockbox-and-how-to-enable-it.aspx - text: Deploying Lockbox - # Card - - title: Analytics & insights - imageSrc: ./images/EDU-Education.svg - links: - - url: /power-bi/service-admin-administering-power-bi-in-your-organization - text: Power BI for IT admins - - url: /dynamics365/#pivot=get-started - text: Dynamics 365 - # Card - - title: Find deployment help - imageSrc: ./images/EDU-FindHelp.svg - links: - - url: /microsoft-365/education/deploy/find-deployment-help - text: IT admin help - - url: https://social.technet.microsoft.com/forums/en-us/home - text: TechNet - # Card - - title: Check out our education journey - imageSrc: ./images/EDU-ITJourney.svg - links: - - url: https://edujourney.microsoft.com/k-12/ - text: K-12 - - url: https://edujourney.microsoft.com/hed/ - text: Higher education - # Card - - title: Additional support resources - imageSrc: ./images/EDU-Teachers.svg - links: - - url: https://support.office.com/en-us/education - text: Education help center - - url: https://support.office.com/en-us/article/teacher-training-packs-7a9ee74a-8fe5-43d3-bc23-a55185896921 - text: Teacher training packs diff --git a/education/partners.yml b/education/partners.yml deleted file mode 100644 index 42925925f4..0000000000 --- a/education/partners.yml +++ /dev/null @@ -1,33 +0,0 @@ -### YamlMime:Hub - -title: Microsoft 365 Education Documentation for partners -summary: Looking for resources available to Microsoft Education partners? Start here. - -metadata: - title: Microsoft 365 Education Documentation for partners - description: Looking for resources available to Microsoft Education partners? Start here. - ms.service: help - ms.topic: hub-page - author: LaurenMoynihan - ms.author: v-lamoyn - ms.date: 10/24/2019 - -additionalContent: - sections: - - items: - # Card - - title: Microsoft Partner Network - summary: Discover the latest news and resources for Microsoft Education products, solutions, licensing and readiness. - url: https://partner.microsoft.com/solutions/education - # Card - - title: Authorized Education Partner (AEP) program - summary: Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEUs). - url: https://www.mepn.com/ - # Card - - title: Authorized Education Partner Directory - summary: Search through the list of Authorized Education Partners worldwide who can deliver on customer licensing requirements, and provide solutions and services to current and future school needs. - url: https://www.mepn.com/MEPN/AEPSearch.aspx - # Card - - title: Education Partner community Yammer group - summary: Sign in with your Microsoft Partner account and join the Education Partner community private group on Yammer. - url: https://www.yammer.com/mepn/ \ No newline at end of file From ddc93f2bea5b274244e02323a220489929c845f3 Mon Sep 17 00:00:00 2001 From: Samantha Robertson Date: Fri, 1 Apr 2022 12:20:55 -0700 Subject: [PATCH 33/41] Retire and redirect developers hub too --- .openpublishing.redirection.json | 5 +++++ education/developers.yml | 33 -------------------------------- 2 files changed, 5 insertions(+), 33 deletions(-) delete mode 100644 education/developers.yml diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 9b63940d58..0b10fd0d54 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19504,6 +19504,11 @@ "source_path": "windows/education/partners.yml", "redirect_url": "/education/", "redirect_document_id": true + }, + { + "source_path": "windows/education/developers.yml", + "redirect_url": "/education/", + "redirect_document_id": true } ] } \ No newline at end of file diff --git a/education/developers.yml b/education/developers.yml deleted file mode 100644 index 5b67147739..0000000000 --- a/education/developers.yml +++ /dev/null @@ -1,33 +0,0 @@ -### YamlMime:Hub - -title: Microsoft 365 Education Documentation for developers -summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. - -metadata: - title: Microsoft 365 Education Documentation for developers - description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here. - ms.service: help - ms.topic: hub-page - author: LaurenMoynihan - ms.author: v-lamoyn - ms.date: 10/24/2019 - -additionalContent: - sections: - - items: - # Card - - title: UWP apps for education - summary: Learn how to write universal apps for education. - url: /windows/uwp/apps-for-education/ - # Card - - title: Take a test API - summary: Learn how web applications can use the API to provide a locked down experience for taking tests. - url: /windows/uwp/apps-for-education/take-a-test-api - # Card - - title: Office Education Dev center - summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app - url: https://developer.microsoft.com/office/edu - # Card - - title: Data Streamer - summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application. - url: /microsoft-365/education/data-streamer \ No newline at end of file From 665661301001c8bb9b330921fab24313b671c630 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Fri, 1 Apr 2022 15:35:40 -0600 Subject: [PATCH 34/41] Fix typos Line 32 it will shows a (show) Line 60 "user should be able to login" (log in) --- .../hello-for-business/hello-deployment-issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index 49c7800974..b8c2e0c3b8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -29,7 +29,7 @@ Applies to: - Windows 10, version 1803 and later - Windows 11 -PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will shows a page with the error message "We can't open that page right now". +PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will show a page with the error message "We can't open that page right now". ### Identifying Azure AD joined PIN Reset Allowed Domains Issue @@ -57,7 +57,7 @@ In Hybrid key trust deployments with domain controllers running certain builds o After the user provisions a Windows Hello for Business credential in a hybrid key trust environment, the key must sync from Azure AD to AD during an Azure AD Connect sync cycle. The user's public key will be written to the msDS-KeyCredentialLink attribute of the user object. -Before the user's Windows Hello for Business key is synced, sign-in's with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."* After the sync is successful, the user should be able to login and unlock with their PIN or enrolled biometrics. +Before the user's Windows Hello for Business key is synced, sign-in's with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."* After the sync is successful, the user should be able to log in and unlock with their PIN or enrolled biometrics. In environments impacted with this issue, after the first sign-in with Windows Hello for Business after provisioning is completed, the next sign-in attempt will fail. In environments where domain controllers are running a mix of builds, only some may be impacted by this issue and subsequent logon attempts may be sent different domain controllers. This may result in the sign-in failures appearing to be intermittent. From b8c6bfa378203da0fafd16cab19e8ccc92c991c4 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 4 Apr 2022 08:24:20 -0700 Subject: [PATCH 35/41] supply chain redir bug --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 0b10fd0d54..b359a5d989 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -19447,7 +19447,7 @@ }, { "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md", - "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware.md", + "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware", "redirect_document_id": false }, { From 45e0643b0f0c6ff686374139b9457cd002a7f579 Mon Sep 17 00:00:00 2001 From: Scott Brondel Date: Mon, 4 Apr 2022 13:30:02 -0500 Subject: [PATCH 36/41] Fix incorrect EFI mount code The $EFIDestinationFolder needs a top-level \EFI folder in the path, which was not present in that line. To avoid potential confusion by having a C:\EFI\EFI\... structure in $MountPoint, I also changed $MountPoint from C:\EFI to C:\EFIMount for clarity. --- .../deployment/deploy-wdac-policies-with-script.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index e7c5dca396..43ecea1845 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -85,8 +85,8 @@ In addition to the steps outlined above, the binary policy file must also be cop 1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: ```powershell - $MountPoint = 'C:\EFI' - $EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active" + $MountPoint = 'C:\EFIMount' + $EFIDestinationFolder = "$MountPoint\EFI\Microsoft\Boot\CiPolicies\Active" $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0] mountvol $MountPoint $EFIPartition mkdir $EFIDestinationFolder From 59ccba0896a1e0c007f1ad1caecd34ceca3ea58d Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 5 Apr 2022 13:35:51 -0700 Subject: [PATCH 37/41] Update index.yml --- windows/deployment/do/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index 01e71f030f..a28f2419bc 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -48,7 +48,7 @@ landingContent: - text: Troubleshoot Delivery Optimization url: waas-delivery-optimization-setup.md#troubleshooting - text: Delivery Optimization Frequently Asked Questions - url: waas-delivery-optimization-faq.md + url: ../update/waas-delivery-optimization-faq.md - text: Submit feedback url: https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app From e39fb2f7634e880e6e7ae5ba95dc74c36d9cef8e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 6 Apr 2022 11:04:30 +0530 Subject: [PATCH 38/41] Update references of Azure AD graph to Microsoft Graph Updated as per task : 5916612. Thanks! --- ...e-active-directory-integration-with-mdm.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 634025c4b9..68f72c7329 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -99,11 +99,11 @@ The following diagram illustrates the high-level flow involved in the actual enr ![azure ad enrollment flow.](images/azure-ad-enrollment-flow.png) -The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this article. +The MDM is expected to use this information about the device (Device ID) when reporting device compliance back to Azure AD using the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api). A sample for reporting device compliance is provided later in this article. ## Make the MDM a reliable party of Azure AD -To participate in the integrated enrollment flow outlined in the previous section, the MDM must consume access tokens issued by Azure AD. To report compliance with Azure AD, the MDM must authenticate itself to Azure AD and obtain authorization in the form of an access token that allows it to invoke the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api). +To participate in the integrated enrollment flow outlined in the previous section, the MDM must consume access tokens issued by Azure AD. To report compliance with Azure AD, the MDM must authenticate itself to Azure AD and obtain authorization in the form of an access token that allows it to invoke the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api). ### Add a cloud-based MDM @@ -148,7 +148,7 @@ Use the following steps to register a cloud-based MDM application with Azure AD. 13. Generate a key for your application and copy it. - You need this key to call the Azure AD Graph API to report device compliance. This information is covered in the next section. + You need this key to call the Microsoft Graph API to report device compliance. This information is covered in the next section. For more information about how to register a sample application with Azure AD, see the steps to register the **TodoListService Web API** in [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667). @@ -164,7 +164,7 @@ For more information about registering applications with Azure AD, see [Basics o ### Key management and security guidelines -The application keys used by your MDM service are a sensitive resource. They should be protected and rolled over periodically for greater security. Access tokens obtained by your MDM service to call the Azure AD Graph API are bearer tokens and should be protected to avoid unauthorized disclosure. +The application keys used by your MDM service are a sensitive resource. They should be protected and rolled over periodically for greater security. Access tokens obtained by your MDM service to call the Microsoft Graph API are bearer tokens and should be protected to avoid unauthorized disclosure. For security best practices, see [Windows Azure Security Essentials](https://go.microsoft.com/fwlink/p/?LinkId=613715). @@ -202,7 +202,7 @@ The following table shows the required information to create an entry in the Azu There are no special requirements for adding on-premises MDM to the app gallery. There's a generic entry for administrator to add an app to their tenant. -However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. Thee ID and key obtain authorization to access the Azure AD Graph API and for reporting device compliance. +However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. Thee ID and key obtain authorization to access the Microsoft Graph API and for reporting device compliance. ## Themes @@ -247,7 +247,6 @@ The following parameters are passed in the query string: |api-version|Specifies the version of the protocol requested by the client. This value provides a mechanism to support version revisions of the protocol.| |mode|Specifies that the device is organization owned when mode=azureadjoin. This parameter isn't present for BYOD devices.| - ### Access token Azure AD issues a bearer access token. The token is passed in the authorization header of the HTTP request. Here's a typical format: @@ -267,7 +266,7 @@ The following claims are expected in the access token passed by Windows to the T > [!NOTE] > There's no device ID claim in the access token because the device may not yet be enrolled at this time. -To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](/azure/active-directory/develop/active-directory-graph-api). +To retrieve the list of group memberships for the user, you can use the [Microsoft Graph API](/azure/active-directory/develop/active-directory-graph-api). Here's an example URL. @@ -443,9 +442,9 @@ For a sample that illustrates how an MDM can obtain an access token using OAuth - **Cloud-based MDM** - If your product is a cloud-based multi-tenant MDM service, you have a single key configured for your service within your tenant. To obtain authorization, use this key to authenticate the MDM service with Azure AD. - **On-premises MDM** - If your product is an on-premises MDM, customers must configure your product with the key used to authenticate with Azure AD. This key configuration is because each on-premises instance of your MDM product has a different tenant-specific key. So, you may need to expose a configuration experience in your MDM product that enables administrators to specify the key to be used to authenticate with Azure AD. -### Use Azure AD Graph API +### Use Microsoft Graph API -The following sample REST API call illustrates how an MDM can use the Azure AD Graph API to report compliance status of a device being managed by it. +The following sample REST API call illustrates how an MDM can use the Microsoft Graph API to report compliance status of a device being managed by it. > [!NOTE] > This API is only applicable for approved MDM apps on Windows 10 devices. @@ -466,7 +465,7 @@ Where: - **contoso.com** – This value is the name of the Azure AD tenant to whose directory the device has been joined. - **db7ab579-3759-4492-a03f-655ca7f52ae1** – This value is the device identifier for the device whose compliance information is being reported to Azure AD. -- **eyJ0eXAiO**……… – This value is the bearer access token issued by Azure AD to the MDM that authorizes the MDM to call the Azure AD Graph API. The access token is placed in the HTTP authorization header of the request. +- **eyJ0eXAiO**……… – This value is the bearer access token issued by Azure AD to the MDM that authorizes the MDM to call the Microsoft Graph API. The access token is placed in the HTTP authorization header of the request. - **isManaged** and **isCompliant** - These Boolean attributes indicates compliance status. - **api-version** - Use this parameter to specify which version of the graph API is being requested. From 9c63c01291e976925aaa3918594d30a974097f23 Mon Sep 17 00:00:00 2001 From: Foad Sojoodi Farimani Date: Wed, 6 Apr 2022 14:42:18 +0200 Subject: [PATCH 39/41] and --> or just a simple fix --- .../windows-sandbox/windows-sandbox-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index 65b8c21047..bb68f8ea94 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -59,7 +59,7 @@ The following video provides an overview of Windows Sandbox. Set-VMProcessor -VMName \ -ExposeVirtualizationExtensions $true ``` -3. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted. +3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted. If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2. From 018754e1d921385b4895af8cd1a9f2a322c04ec2 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 7 Apr 2022 09:55:09 -0700 Subject: [PATCH 40/41] Update azure-active-directory-integration-with-mdm.md --- .../mdm/azure-active-directory-integration-with-mdm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 68f72c7329..96dd333a39 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -112,7 +112,7 @@ A cloud-based MDM is a SaaS application that provides device management capabili The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. Here a code sample from GitHub that explains how to add multi-tenant applications to Azure AD, [WepApp-WebAPI-MultiTenant-OpenIdConnect-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613661). > [!NOTE] -> For the MDM provider, if you don't have an existing Azure AD tentant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal. +> For the MDM provider, if you don't have an existing Azure AD tenant with an Azure AD subscription that you manage, follow the step-by-step guide in [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md) to set up a tenant, add a subscription, and manage it via the Azure Portal. The MDM application uses keys to request access tokens from Azure AD. These keys are managed within the tenant of the MDM provider and not visible to individual customers. The same key is used by the multi-tenant MDM application to authenticate itself with Azure AD, whatever the customer tenent the managed device belongs. From 3065e76df2cc325d8b14b244d1925084257c877a Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 11 Apr 2022 12:46:13 -0600 Subject: [PATCH 41/41] Update windows-update-errors.md Fix Acro Sync PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/6454 --- windows/deployment/update/windows-update-errors.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index c3688b1dda..3442f06f82 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -118,7 +118,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.| +| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.| ## 0x800f0825 @@ -148,7 +148,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.
Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. | +| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.
Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be access denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. | ## 0x80070570