diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index 1e6ca989c9..52626b026e 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -1,6 +1,6 @@ --- title: Deploy Surface app with Microsoft Store for Business or Microsoft Store for Education (Surface) -description: Find out how to add and download Surface app with Windows Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT. +description: Find out how to add and download Surface app with Microsoft Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT. keywords: surface app, app, deployment, customize ms.prod: w10 ms.mktglfcycl: deploy @@ -31,7 +31,7 @@ The Surface app is a lightweight Windows Store app that provides control of many * Quick access to support documentation and information for your device -If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Windows Store or your Windows Store for Business. +If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Windows Store or your Microsoft Store for Business. ##Surface app overview @@ -45,11 +45,11 @@ Before users can install or deploy an app from a company’s Microsoft Store for 2. Log on to the portal. -3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).

+3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Microsoft Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).

![Show offline licenses apps checkbox](images/deploysurfapp-figure1-enablingapps.png "Show offline licenses apps checkbox")
*Figure 1. Enable apps for offline use* -4. Add Surface app to your Micrososft Store for Business account by following this procedure: +4. Add Surface app to your Microsoft Store for Business account by following this procedure: * Click the **Shop** menu. * In the search box, type **Surface app**, and then click the search icon. * After the Surface app is presented in the search results, click the app’s icon. @@ -68,9 +68,9 @@ Before users can install or deploy an app from a company’s Microsoft Store for * Click **OK**. ##Download Surface app from a Microsoft Store for Business account -After you add an app to the Windows Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share. +After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share. 1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com. -2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Windows Store for Business account](#add-surface-app-to-a-windows-store-for-business-account) section of this article. +2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article. 3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app. 4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4. @@ -78,7 +78,7 @@ After you add an app to the Windows Store for Business account in Offline mode, *Figure 4. Download the AppxBundle package for an app* 5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because you’ll need that later in this article. -6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Imaging and Configuration Designer (Windows ICD). Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT). +6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT). 7. Click **Generate** to generate and download the license for the app. Make sure you note the path of the license file because you’ll need that later in this article. >[!NOTE] @@ -102,9 +102,12 @@ To download the required frameworks for the Surface app, follow these steps: ##Install Surface app on your computer with PowerShell The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards. -1. Using the procedure described in the [How to download Surface app from a Windows Store for Business account](#download-surface-app-from-a-windows-store-for-business-account) section of this article, download the Surface app AppxBundle and license file. +1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file. 2. Begin an elevated PowerShell session. ->**Note:**  If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app. + + >[!NOTE] + >If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app. + 3. In the elevated PowerShell session, copy and paste the following command: ``` Add-AppxProvisionedPackage –Online –PackagePath \ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath \ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml @@ -118,7 +121,9 @@ The following procedure provisions the Surface app onto your computer and makes ``` 4. The Surface app will now be available on your current Windows computer. + Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app. + 5. In the elevated PowerShell session, copy and paste the following command: ``` Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx @@ -130,7 +135,7 @@ Before the Surface app is functional on the computer where it has been provision ##Install Surface app with MDT The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image. -1. Using the procedure described [earlier in this article](#download-surface-app-from-a-windows-store-for-business-account), download the Surface app AppxBundle and license file. +1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file. 2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**. 3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows: diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index 699111447d..f5cf7d1f00 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -15,6 +15,12 @@ ms.date: 08/01/2017 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation. +## September 2017 + +| New or changed topic | Description | +| --- | ---- | +| [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) | Updated the prerequisites to provide more clarification. | + ## August 2017 | New or changed topic | Description | diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index ca1953e1e0..72ee15e1ab 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -9,7 +9,7 @@ ms.pagetype: edu ms.localizationpriority: high author: CelesteDG ms.author: celested -ms.date: 08/01/2017 +ms.date: 09/18/2017 --- # Use the Set up School PCs app @@ -103,7 +103,10 @@ You can watch the descriptive audio version here: [Microsoft Education: Use the - [Download the latest Set up School PCs app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4ls40). - Install the app on your work PC and make sure you're connected to your school's network. -- You must be an administrator on Office 365 and Azure Active Directory, and have Microsoft Store for Education configured. It's best if you sign up for and configure Intune for Education before using the Set up School PCs app. +- You must have Office 365 and Azure Active Directory. +- You must have the Microsoft Store for Education configured. +- You must be a global admin, store admin, or purchaser in the Microsoft Store for Education. +- It's best if you sign up for and [configure Intune for Education](../get-started/use-intune-for-education.md) before using the Set up School PCs app. - Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office. ## Set up School PCs step-by-step diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md index 0f6cc91a16..2be986c161 100644 --- a/store-for-business/add-profile-to-devices.md +++ b/store-for-business/add-profile-to-devices.md @@ -7,20 +7,20 @@ ms.sitesec: library ms.pagetype: store author: TrudyHa ms.author: TrudyHa -ms.date: 07/05/2107 +ms.date: 09/12/2017 ms.localizationpriority: high --- # Manage Windows device deployment with Windows AutoPilot Deployment **Applies to** - - Windows 10 -> [!IMPORTANT] -> This topic has been updated to reflect the latest functionality, which we are releasing to customers in stages. You may not see all of the options described here until you receive the update. +Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot). -Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot). +Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business. + + ## What is Windows AutoPilot Deployment Program? In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. @@ -54,9 +54,13 @@ To manage devices through Microsoft Store for Business and Education, you'll nee ### Device information file format Columns in the device information file need to use this naming and be in this order: -- Column 1: Device Serial Number -- Column 2: Windows Product ID -- Column 3: Hardware Hash +- Column A: Device Serial Number +- Column B: Windows Product ID +- Column C: Hardware Hash + +Here's a sample device information file: + +![Notepad file showing example entries for Column A (Device Serial Number), Column B (Windows Product ID), and Column C (Hardware Hash).](images/msfb-autopilot-csv.png) When you add devices, you need to add them to an *AutoPilot deployment group*. Use these groups to apply AutoPilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group. diff --git a/store-for-business/images/autopilot-process.png b/store-for-business/images/autopilot-process.png index 491b8c0ef0..56c379fd5f 100644 Binary files a/store-for-business/images/autopilot-process.png and b/store-for-business/images/autopilot-process.png differ diff --git a/store-for-business/images/msfb-autopilot-csv.png b/store-for-business/images/msfb-autopilot-csv.png new file mode 100644 index 0000000000..d150ae4f42 Binary files /dev/null and b/store-for-business/images/msfb-autopilot-csv.png differ diff --git a/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index 47ca379543..2d55ec35a7 100644 --- a/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -1,7 +1,6 @@ --- title: Windows Defender Firewall with Advanced Security Design Guide (Windows 10) -description: Windows Defender Firewall with Advanced Security -Design Guide +description: Windows Defender Firewall with Advanced Security Design Guide ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51 ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md index 6b96cc2abc..3f1e9a5aaa 100644 --- a/windows/application-management/TOC.md +++ b/windows/application-management/TOC.md @@ -101,5 +101,6 @@ #### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md) ## [Service Host process refactoring](svchost-service-refactoring.md) ## [Per-user services in Windows](per-user-services-in-windows.md) +## [Understand apps in Windows 10](apps-in-windows-10.md) ## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) ## [Change history for Application management](change-history-for-application-management.md) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md new file mode 100644 index 0000000000..215e71f9f0 --- /dev/null +++ b/windows/application-management/apps-in-windows-10.md @@ -0,0 +1,153 @@ +--- +title: Windows 10 - Apps +description: What are Windows, UWP, and Win32 apps +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: mobile +ms.author: elizapo +author: lizap +ms.localizationpriority: low +ms.date: 09/15/2017 +--- +# Understand the different apps included in Windows 10 + +The following types of apps run on Windows 10: +- Windows apps - introduced in Windows 8, primarily installed from the Store app. +- Universal Windows Platform (UWP) apps - designed to work across platforms, can be installed on multiple platforms including Windows client, Windows Phone, and Xbox. All UWP apps are also Windows apps, but not all Windows apps are UWP apps. +- "Win32" apps - traditional Windows applications, built for 32-bit systems. + +Digging into the Windows apps, there are two categories: +- System apps - Apps that are installed in the c:\Windows\* directory. These apps are integral to the OS. +- Apps - All other apps, installed in c:\Program Files\WindowsApps. There are two classes of apps: + - Provisioned: Installed the first time you sign into Windows. You'll see a tile or Start menu item for these apps, but they aren't installed until the first sign-in. + - Installed: Installed as part of the OS. + +The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1511, 1607, and 1703, and indicate whether an app can be uninstalled through the UI. + +Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running. + +> [!TIP] +> Want to see a list of the apps installed on your specific image? You can run the following PowerShell cmdlet: +> ```powershell +> Get-AppxPackage |Select Name,PackageFamilyName +> Get-AppsProvisionedPackage -Online | select DisplayName,PackageName +> ``` + + +## System apps +System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1511, 1607, and 1703. + +| Name | Full name | 1511 | 1607 | 1703 | Uninstall through UI? | +|------------------|-------------------------------------------|------|------|------|--------------------------------------------------------| +| Cortana UI | CortanaListenUIApp | | | x | No | +| | Desktop Learning | | | x | No | +| | DesktopView | | | x | No | +| | EnvironmentsApp | | | x | No | +| Mixed Reality + | HoloCamera | | | x | No | +| Mixed Reality + | HoloItemPlayerApp | | | x | No | +| Mixed Reality + | HoloShell | | | x | No | +| | Microsoft.AAD.Broker.Plugin | x | x | x | No | +| | Microsoft.AccountsControl | x | x | x | No | +| Hello setup UI | Microsoft.BioEnrollment | x | x | x | No | +| | Microsoft.CredDialogHost | | | x | No | +| | Microsoft.LockApp | x | x | x | No | +| Microsoft Edge | Microsoft.Microsoft.Edge | x | x | x | No | +| | Microsoft.PPIProjection | | x | x | No | +| | Microsoft.Windows. Apprep.ChxApp | | x | x | No | +| | Microsoft.Windows. AssignedAccessLockApp | x | x | x | No | +| | Microsoft.Windows. CloudExperienceHost | x | x | x | No | +| | Microsoft.Windows. ContentDeliveryManager | x | x | x | No | +| Cortana | Microsoft.Windows.Cortana | x | x | x | No | +| | Microsoft.Windows. Holographic.FirstRun | | | x | No | +| | Microsoft.Windows. ModalSharePickerHost | | | x | No | +| | Microsoft.Windows. OOBENetworkCaptivePort | | | x | No | +| | Microsoft.Windows. OOBENetworkConnection | | | x | No | +| | Microsoft.Windows. ParentalControls | x | x | x | No | +| | Microsoft.Windows. SecHealthUI | | | x | No | +| | Microsoft.Windows. SecondaryTileExperience | x | x | x | No | +| | Microsoft.Windows. SecureAssessmentBrowser | | x | x | No | +| Start | Microsoft.Windows. ShellExperienceHost | x | x | x | No | +| Windows Feedback | Microsoft.WindowsFeedback | x | * | * | No | +| | Microsoft.XboxGameCallableUI | x | x | x | No | +| Xbox logon UI | Microsoft.XboxIdentityProvider | x | | | No | +| Contact Support | Windows.ContactSupport | x | x* | x* | In 1511, no.* | +| | Windows.Devicesflow | x | | | No | +| Settings | Windows.ImmersiveControlPanel | x | x | x | No | +| Connect | Windows.MiracastView | x | x | x | No | +| Print UI | Windows.PrintDialog | x | x | x | No | +| Purchase UI | Windows.PurchaseDialog | x | | | No | + +> [!NOTE] +> - The Windows Feedback app changed to the Windows Feedback Hub in version 1607. It's listed in the installed apps table below. +> - As of Windows 10 version 1607, you can use the Optional Features app to uninstall the Contact Support app. + +## Installed Windows apps +Here are the typical installed Windows apps in Windows 10 versions 1511, 1607, and 1703. + +| Name | Full name | 1511 | 1607 | 1703 | Uninstall through UI? | +|--------------------|-----------------------------------------|------|------|------|---------------------------| +| Remote Desktop | Microsoft.RemoteDesktop | | x | x | Yes | +| PowerBI | Microsoft.Microsoft PowerBIforWindows | | x | x | Yes | +| Candy Crush | king.com.CandyCrushSodaSaga | x | | | Yes | +| Code Writer | ActiproSoftwareLLC.562882FEEB491 | | x | x | Yes | +| Eclipse Manager | 46928bounde.EclipseManager | | x | x | Yes | +| Pandora | PandoraMediaInc.29680B314EFC2 | | x | x | Yes | +| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | | x | x | Yes | +| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | | | x | Yes | +| Network Speed Test | Microsoft.NetworkSpeedTest | | x | x | Yes | +| Paid Wi-FI | | x | | | Yes | +| Skype Video | | x | | | Yes | +| Twitter | | x | | | Yes | +| PicArts | | x | | | Yes | +| Minecraft | | x | | | Yes | +| Flipboard | | x | | | Yes | + +## Provisioned Windows apps +Here are the typical provisioned Windows apps in Windows 10 versions 1511, 1607, and 1703. + +| Name | Full name | 1511 | 1607 | 1703 | Uninstall through UI? | +|---------------------------------|----------------------------------------|------|------|------|---------------------------| +| 3D Builder | Microsoft.3DBuilder | x | | x | Yes | +| App Connector | Microsoft.Appconnector | x | | | Yes, through Settings app | +| Money | Microsoft.BingFinance | x | | | Yes | +| News | Microsoft.BingNews | x | * | * | Yes | +| Sports | Microsoft.BingSports | x | | | Yes | +| Weather | Microsoft.BingWeather | x | x | x | No | +| Phone Companion | Microsoft.CommsPhone | x | | | Yes | +| | Microsoft.ConnectivityStore | x | | | No | +| | Microsoft.DesktopAppInstaller | | x | x | Yes, through Settings app | +| Get Started/Tips | Microsoft.Getstarted | x | x | x | Yes | +| Messaging | Microsoft.Messaging | x | x | x | No | +| Microsoft 3D Viewer | Microsoft.Microsoft3DViewer | | | x | No | +| Get Office | Microsoft.MicrosoftOfficeHub | x | x | x | Yes | +| Solitaire | Microsoft.Microsoft SolitaireCollection | x | x | x | Yes | +| Sticky Notes | Microsoft.MicrosoftStickyNotes | | x | x | No | +| OneNote | Microsoft.Office.OneNote | x | x | x | No | +| Sway | Microsoft.Office.Sway | x | * | * | Yes | +| | Microsoft.OneConnect | | x | x | No | +| Paint 3D | Microsoft.MSPaint | | | x | No | +| People | Microsoft.People | x | x | x | No | +| Get Skype/Skype (preview)/Skype | Microsoft.SkypeApp | x | x | x | Yes | +| | Microsoft.StorePurchaseApp | | x | x | No | +| | Microsoft.Wallet | | | x | No | +| Photos | Microsoft.Windows.Photos | x | x | x | No | +| Alarms & Clock | Microsoft.WindowsAlarms | x | x | x | No | +| Calculator | Microsoft.WindowsCalculator | x | x | x | No | +| Camera | Microsoft.WindowsCamera | x | x | x | No | +| Mail and Calendar | Microsoft.windows communicationsapps | x | x | x | No | +| Feedback Hub | Microsoft.WindowsFeedbackHub | * | x | x | Yes | +| Maps | Microsoft.WindowsMaps | x | x | x | No | +| Phone | Microsoft.WindowsPhone | x | | | No | +| Voice Recorder | Microsoft.SoundRecorder | x | x | x | No | +| Store | Microsoft.WindowsStore | x | x | x | No | +| Xbox | Microsoft.XboxApp | x | x | x | No | +| | Microsoft.XboxGameOverlay | | | x | No | +| | Microsoft.XboxIdentityProvider | * | x | x | No | +| Groove | Microsoft.ZuneMusic | x | x | x | No | +| Movies & TV | Microsoft.ZuneVideo | x | x | x | No | +| | Microsoft.XboxSpeech ToTextOverlay | | | x | No | + +> [!NOTE] +> - As of Windows 10, version 1607, News and Sway are installed apps. +> - Both Feedback Hub and Microsoft.XboxIdentityProvider were installed apps in version 1511 and provisioned apps in versions 1607 and later. \ No newline at end of file diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md index 7641745172..5178cf9050 100644 --- a/windows/application-management/change-history-for-application-management.md +++ b/windows/application-management/change-history-for-application-management.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: high author: jdeckerms +ms.date: 09/15/2017 --- # Change history for Configure Windows 10 @@ -17,7 +18,8 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md) ## September 2017 | New or changed topic | Description | | --- | --- | -| [Per-user services in Windows](per-user-services-in-windows.md) | New | +| [Per-user services in Windows 10](per-user-services-in-windows.md) | New | +| [Understand the different apps included in Windows 10](apps-in-windows-10.md) | New | ## July 2017 | New or changed topic | Description | diff --git a/windows/application-management/index.md b/windows/application-management/index.md index d6c32fbe93..17767877fd 100644 --- a/windows/application-management/index.md +++ b/windows/application-management/index.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.localizationpriority: medium +ms.date: 09/15/2017 --- # Windows 10 application management @@ -20,5 +21,7 @@ Learn about managing applications in Windows 10 and Windows 10 Mobile clients. |---|---| |[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications| |[Sideload apps in Windows 10](sideload-apps-in-windows-10.md)| Requirements and instructions for side-loading LOB applications on Windows 10 and Windows 10 Mobile clients| +|[Per User services in Windows 10](sideload-apps-in-windows-10.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016| +|[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise| | [Service Host process refactoring](svchost-service-refactoring.md) | Changes to Service Host grouping in Windows 10 | | [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile | diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 2d6046fef1..947ffa3bac 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -17,9 +17,9 @@ ## [Enterprise app management](enterprise-app-management.md) ## [Device update management](device-update-management.md) ## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md) -## [Management tool for the Windows Store for Business](management-tool-for-windows-store-for-business.md) -### [REST API reference for Windows Store for Business](rest-api-reference-windows-store-for-business.md) -#### [Data structures for Windows Store for Business](data-structures-windows-store-for-business.md) +## [Management tool for the Micosoft Store for Business](management-tool-for-windows-store-for-business.md) +### [REST API reference for Micosoft Store for Business](rest-api-reference-windows-store-for-business.md) +#### [Data structures for Micosoft Store for Business](data-structures-windows-store-for-business.md) #### [Get Inventory](get-inventory.md) #### [Get product details](get-product-details.md) #### [Get localized product details](get-localized-product-details.md) @@ -202,6 +202,7 @@ #### [Experience](policy-csp-experience.md) #### [ExploitGuard](policy-csp-exploitguard.md) #### [Games](policy-csp-games.md) +#### [Handwriting](policy-csp-handwriting.md) #### [InternetExplorer](policy-csp-internetexplorer.md) #### [Kerberos](policy-csp-kerberos.md) #### [Licensing](policy-csp-licensing.md) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 7564c89e41..2737a54616 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -266,9 +266,9 @@ FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corp You can get the publisher name and product name of apps using a web API. -**To find publisher and product name for Microsoft apps in Windows Store for Business** +**To find publisher and product name for Microsoft apps in Microsoft Store for Business** -1. Go to the Windows Store for Business website, and find your app. For example, Microsoft OneNote. +1. Go to the Microsoft Store for Business website, and find your app. For example, Microsoft OneNote. 2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https:<\span>//www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, **9wzdncrfhvjl**. 3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index 510be6e748..f8ba2b865f 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -1,6 +1,6 @@ --- title: Assign seat -description: The Assign seat operation assigns seat for a specified user in the Windows Store for Business. +description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business. ms.assetid: B42BF490-35C9-405C-B5D6-0D9F0E377552 ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Assign seat -The **Assign seat** operation assigns seat for a specified user in the Windows Store for Business. +The **Assign seat** operation assigns seat for a specified user in the Microsoft Store for Business. ## Request diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index 33f5904925..7b7845d806 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -1,6 +1,6 @@ --- title: Bulk assign and reclaim seats from users -description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Windows Store for Business. +description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business. ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Bulk assign and reclaim seats from users -The **Bulk assign and reclaim seats from users** operation returns reclaimed or assigned seats in the Windows Store for Business. +The **Bulk assign and reclaim seats from users** operation returns reclaimed or assigned seats in the Microsoft Store for Business. ## Request diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 7a1bbaa552..d272b736e4 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -1,5 +1,5 @@ --- -title: Data structures for Windows Store for Business +title: Data structures for Microsoft Store for Business MS-HAID: - 'p\_phdevicemgmt.business\_store\_data\_structures' - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business' @@ -13,10 +13,10 @@ author: nickbrower ms.date: 06/19/2017 --- -# Data structures for Windows Store for Business +# Data structures for Microsoft Store for Business -Here's the list of data structures used in the Windows Store for Business REST APIs: +Here's the list of data structures used in the Microsoft Store for Business REST APIs: - [AlternateIdentifier](#alternateidentifier) - [BulkSeatOperationResultSet](#bulkseatoperationresultset) diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index c203cabb0a..fd6c08650e 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -18,7 +18,7 @@ This topic covers one of the key mobile device management (MDM) features in Wind Windows 10 offers the ability for management servers to: -- Install apps directly from the Windows Store for Business +- Install apps directly from the Microsoft Store for Business - Deploy offline Store apps and licenses - Deploy line-of-business (LOB) apps (non-Store apps) - Inventory all apps for a user (Store and non-Store apps) diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index ebe9611293..f8a14b5289 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -68,7 +68,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic - PackageDetails - returns all inventory attributes of the package. This includes all information from PackageNames parameter, but does not validate RequiresReinstall. - RequiredReinstall - Validates the app status of the apps in the inventory query to determine if they require a reinstallation. This attribute may impact system performance depending on the number of apps installed. Requiring reinstall occurs when resource package updates or when the app is in a tampered state. - Source - specifies the app classification that aligns to the existing inventory nodes. You can use a specific filter or if no filter is specified then all sources will be returned. If no value is specified, all classifications are returned. Valid values are: - - AppStore - This classification is for apps that were acquired from Windows Store. These were apps directly installed from Windows Store or enterprise apps from Windows Store for Business. + - AppStore - This classification is for apps that were acquired from Windows Store. These were apps directly installed from Windows Store or enterprise apps from Microsoft Store for Business. - nonStore - This classification is for apps that were not acquired from the Windows Store. - System - Apps that are part of the OS. You cannot uninstall these apps. This classification is read-only and can only be inventoried. - PackageTypeFilter - Specifies one or multiple types of packages you can use to query the user or device. Multiple values must be separated by |. Valid values are: diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index 3c83d22f62..c5268976eb 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -1,6 +1,6 @@ --- title: Get Inventory -description: The Get Inventory operation retrieves information from the Windows Store for Business to determine if new or updated applications are available. +description: The Get Inventory operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available. MS-HAID: - 'p\_phdevicemgmt.get\_seatblock' - 'p\_phDeviceMgmt.get\_inventory' @@ -15,7 +15,7 @@ ms.date: 06/19/2017 # Get Inventory -The **Get Inventory** operation retrieves information from the Windows Store for Business to determine if new or updated applications are available. +The **Get Inventory** operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available. ## Request diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index eaa61805b9..d735043656 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -1,6 +1,6 @@ --- title: Get localized product details -description: The Get localized product details operation retrieves the localization information of a product from the Windows Store for Business. +description: The Get localized product details operation retrieves the localization information of a product from the Micosoft Store for Business. ms.assetid: EF6AFCA9-8699-46C9-A3BB-CD2750C07901 ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get localized product details -The **Get localized product details** operation retrieves the localization information of a product from the Windows Store for Business. +The **Get localized product details** operation retrieves the localization information of a product from the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 3bf57d69fb..292398084a 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -1,6 +1,6 @@ --- title: Get offline license -description: The Get offline license operation retrieves the offline license information of a product from the Windows Store for Business. +description: The Get offline license operation retrieves the offline license information of a product from the Micosoft Store for Business. ms.assetid: 08DAD813-CF4D-42D6-A783-994A03AEE051 ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get offline license -The **Get offline license** operation retrieves the offline license information of a product from the Windows Store for Business. +The **Get offline license** operation retrieves the offline license information of a product from the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index f11532b8c5..c35071dc7b 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -1,6 +1,6 @@ --- title: Get product details -description: The Get product details operation retrieves the product information from the Windows Store for Business for a specific application. +description: The Get product details operation retrieves the product information from the Micosoft Store for Business for a specific application. ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286 ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get product details -The **Get product details** operation retrieves the product information from the Windows Store for Business for a specific application. +The **Get product details** operation retrieves the product information from the Micosoft Store for Business for a specific application. ## Request diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 30f41c7a77..69792850cb 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -1,6 +1,6 @@ --- title: Get product package -description: The Get product package operation retrieves the information about a specific application in the Windows Store for Business. +description: The Get product package operation retrieves the information about a specific application in the Micosoft Store for Business. ms.assetid: 4314C65E-6DDC-405C-A591-D66F799A341F ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get product package -The **Get product package** operation retrieves the information about a specific application in the Windows Store for Business. +The **Get product package** operation retrieves the information about a specific application in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index f65a5ec30c..932a85e68d 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -1,6 +1,6 @@ --- title: Get product packages -description: The Get product packages operation retrieves the information about applications in the Windows Store for Business. +description: The Get product packages operation retrieves the information about applications in the Micosoft Store for Business. ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835 ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get product packages -The **Get product packages** operation retrieves the information about applications in the Windows Store for Business. +The **Get product packages** operation retrieves the information about applications in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 5c1e6fbba9..c6b07c1a2a 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -1,6 +1,6 @@ --- title: Get seat -description: The Get seat operation retrieves the information about an active seat for a specified user in the Windows Store for Business. +description: The Get seat operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business. ms.assetid: 715BAEB2-79FD-4945-A57F-482F9E7D07C6 ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get seat -The **Get seat** operation retrieves the information about an active seat for a specified user in the Windows Store for Business. +The **Get seat** operation retrieves the information about an active seat for a specified user in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index d7c55310d3..d0227888e5 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -1,6 +1,6 @@ --- title: Get seats assigned to a user -description: The Get seats assigned to a user operation retrieves information about assigned seats in the Windows Store for Business. +description: The Get seats assigned to a user operation retrieves information about assigned seats in the Micosoft Store for Business. ms.assetid: CB963E44-8C7C-46F9-A979-89BBB376172B ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get seats assigned to a user -The **Get seats assigned to a user** operation retrieves information about assigned seats in the Windows Store for Business. +The **Get seats assigned to a user** operation retrieves information about assigned seats in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md index 88d7e51517..4b995cc98c 100644 --- a/windows/client-management/mdm/get-seats.md +++ b/windows/client-management/mdm/get-seats.md @@ -1,6 +1,6 @@ --- title: Get seats -description: The Get seats operation retrieves the information about active seats in the Windows Store for Business. +description: The Get seats operation retrieves the information about active seats in the Micosoft Store for Business. ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Get seats -The **Get seats** operation retrieves the information about active seats in the Windows Store for Business. +The **Get seats** operation retrieves the information about active seats in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png deleted file mode 100644 index a5b77e0b42..0000000000 Binary files a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png and /dev/null differ diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2.png new file mode 100644 index 0000000000..09c27e0e12 Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-vpnv2.png differ diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index 0cef4c42b9..02d281e49f 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -1,6 +1,6 @@ --- -title: Management tool for the Windows Store for Business -description: The Windows Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. +title: Management tool for the Micosoft Store for Business +description: The Micosoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_tool' - 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business' @@ -13,9 +13,9 @@ author: nickbrower ms.date: 06/19/2017 --- -# Management tool for the Windows Store for Business +# Management tool for the Micosoft Store for Business -The Windows Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. The Store for Business enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates. +The Micosoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. The Store for Business enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates. Here's the list of the available capabilities: @@ -26,7 +26,7 @@ Here's the list of the available capabilities: - Custom Line of Business app support –Enables management and distribution of enterprise applications through the Store for Business. - Support for Windows desktop and mobile devices - The Store for Business supports both desktop and mobile devices. -For additional information about Store for Business, see the TechNet topics in [Windows Store for Business](https://technet.microsoft.com/library/mt606951.aspx). +For additional information about Store for Business, see the TechNet topics in [Micosoft Store for Business](https://technet.microsoft.com/library/mt606951.aspx). ## Management services diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index ecdd2bbd8a..50d3253a38 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -10,7 +10,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/31/2017 +ms.date: 09/12/2017 --- # What's new in MDM enrollment and management @@ -102,7 +102,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s -

Management tool for the Windows Store for Business

+

Management tool for the Micosoft Store for Business

New topics. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates.

@@ -956,7 +956,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s [VPNv2 CSP](vpnv2-csp.md) -

Added DeviceTunnel profile in Windows 10, version 1709.

+

Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709.

[DeviceStatus CSP](devicestatus-csp.md) @@ -999,6 +999,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s

Added new policies.

+Microsoft Store for Business +

Windows Store for Business name changed to Microsoft Store for Business.

+ + [Policy CSP](policy-configuration-service-provider.md)

Added the following new policies for Windows 10, version 1709:

    @@ -1011,6 +1015,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • DeviceGuard/LsaCfgFlags
  • ExploitGuard/ExploitProtectionSettings
  • Games/AllowAdvancedGamingServices
    • +
  • Handwriting/PanelDefaultModeDocked
  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
  • LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus
  • LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus
    • @@ -1367,9 +1372,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

    Added the following new policies for Windows 10, version 1709:

    • Authentication/AllowAadPasswordReset
      • +
    • Handwriting/PanelDefaultModeDocked
    • Search/AllowCloudSearch
    • System/LimitEnhancedDiagnosticDataWindowsAnalytics
    +

    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.

    + + +Microsoft Store for Business +

    Windows Store for Business name changed to Microsoft Store for Business.

    The [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/en-us/library/mt221945.aspx) @@ -1381,6 +1392,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.

+ +[VPNv2 CSP](vpnv2-csp.md) +

Added RegisterDNS setting in Windows 10, version 1709.

+ diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index eaafad9a16..121d77fdb7 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1027,6 +1027,14 @@ The following diagram shows the Policy configuration service provider in tree fo +### Handwriting policies + +
+
+ Handwriting/PanelDefaultModeDocked +
+
+ ### InternetExplorer policies
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md new file mode 100644 index 0000000000..b2cdcd1ae0 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -0,0 +1,72 @@ +--- +title: Policy CSP - Handwriting +description: Policy CSP - Handwriting +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nickbrower +ms.date: 09/07/2017 +--- + +# Policy CSP - Handwriting + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + +
+ +## Handwriting policies + + +**Handwriting/PanelDefaultModeDocked** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark3check mark3check mark3check mark3cross markcross mark
+ + + +

Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. + +

The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. + +

In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. + +

The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. + +

    +
  • 0 - Disabled (default)
    • +
  • 1 - Enabled
    • +
+ + + +
+ +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. + + \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index e3a796b41d..1bf1c34365 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -471,8 +471,12 @@ This policy is accessible through the Update setting in the user interface or Gr

The following list shows the supported values: -- 16 (default) – User gets all applicable upgrades from Current Branch (CB). -- 32 – User gets upgrades from Current Branch for Business (CBB). +- 2 {0x2} - Windows Insider build - Fast (added in Windows 10, version 1709) +- 4 {0x4} - Windows Insider build - Slow (added in Windows 10, version 1709) +- 8 {0x8} - Release Windows Insider build (added in Windows 10, version 1709) +- 16 {0x10} - (default) Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). +- 32 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. + @@ -1253,12 +1257,12 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. -

Allows the IT admin to set a device to CBB train. +

Allows the IT admin to set a device to Semi-Annual Channel train.

The following list shows the supported values: -- 0 (default) – User gets upgrades from Current Branch. -- 1 – User gets upgrades from Current Branch for Business. +- 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). +- 1 – User gets upgrades from Semi-Annual Channel. diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index ee30992445..1319338ddc 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -1,6 +1,6 @@ --- title: Reclaim seat from user -description: The Reclaim seat from user operation returns reclaimed seats for a user in the Windows Store for Business. +description: The Reclaim seat from user operation returns reclaimed seats for a user in the Micosoft Store for Business. ms.assetid: E2C3C899-D0AD-469A-A319-31A420472A4C ms.author: maricia ms.topic: article @@ -12,7 +12,7 @@ ms.date: 06/19/2017 # Reclaim seat from user -The **Reclaim seat from user** operation returns reclaimed seats for a user in the Windows Store for Business. +The **Reclaim seat from user** operation returns reclaimed seats for a user in the Micosoft Store for Business. ## Request diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md index 5016c86ac9..d64e4e1b4d 100644 --- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md +++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md @@ -1,6 +1,6 @@ --- -title: REST API reference for Windows Store for Business -description: REST API reference for Windows Store for Business +title: REST API reference for Micosoft Store for Business +description: REST API reference for Micosoft Store for Business MS-HAID: - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference' - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business' @@ -13,7 +13,7 @@ author: nickbrower ms.date: 06/19/2017 --- -# REST API reference for Windows Store for Business +# REST API reference for Micosoft Store for Business Here's the list of available operations: diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 05e8da9fa3..aa98ff54c0 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/07/2017 +ms.date: 09/18/2017 --- # VPNv2 CSP @@ -35,7 +35,7 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll The following diagram shows the VPNv2 configuration service provider in tree format. -![vpnv2 csp diagram](images/provisioning-csp-vpnv2-rs1.png) +![vpnv2 csp diagram](images/provisioning-csp-vpnv2.png) **Device or User profile** For user profile, use **./User/Vendor/MSFT** path and for device profile, use **./Device/Vendor/MSFT** path. @@ -303,6 +303,14 @@ A device tunnel profile must be deleted before another device tunnel profile can Value type is bool. Supported operations include Get, Add, Replace, and Delete. +**VPNv2/***ProfileName***/RegisterDNS** +Allows registration of the connection's address in DNS. + +Valid values: + +- False = Do not register the connection's address in DNS (default). +- True = Register the connection's addresses in DNS. + **VPNv2/***ProfileName***/DnsSuffix** Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index 1312ba1a63..3208f1111a 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/07/2017 +ms.date: 09/18/2017 --- # VPNv2 DDF file @@ -992,6 +992,33 @@ The XML below is for Windows 10, version 1709. + + RegisterDNS + + + + + + + + + False = Do not register the connection's address in DNS (default). + True = Register the connection's addresses in DNS. + + + + + + + + + + + + text/plain + + + DnsSuffix diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md index e203016bfa..6454a3fe7c 100644 --- a/windows/configuration/start-layout-xml-desktop.md +++ b/windows/configuration/start-layout-xml-desktop.md @@ -32,8 +32,7 @@ On Windows 10 for desktop editions, the customized Start works by: >[!NOTE] >Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/en-US/library/jj649079.aspx). ->[!NOTE] ->Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx). + ## LayoutModification XML diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index e11c92867c..95255b68f9 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -79,7 +79,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md). ### Microsoft Deployment Toolkit (MDT) -MDT build 884 is available, including support for: +MDT build 8443 is available, including support for: - Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016. - The Windows ADK for Windows 10, version 1607. - Integration with Configuration Manager version 1606. diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md index 12589a4f94..9613e7592c 100644 --- a/windows/deployment/usmt/usmt-common-issues.md +++ b/windows/deployment/usmt/usmt-common-issues.md @@ -229,7 +229,7 @@ There are three typical causes for this issue. **Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured. -**Cause:** A code change in the Start Menu with Windows 10 version 1607 is incompatible with this USMT function. +**Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function. **Resolution:** The following workaround is available: @@ -245,6 +245,8 @@ There are three typical causes for this issue. Import-StartLayout –LayoutPath "C:\Layout\user1.xml" –MountPath %systemdrive% ``` +This workaround changed the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will logon to the device you should delete layoutmodification.xml from the Default user profile. Otherwise all users who logon to that device will get the imported Start layout. + ## Offline Migration Problems diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md index 4bcaef04a8..7f6cdc5a1c 100644 --- a/windows/deployment/windows-10-auto-pilot.md +++ b/windows/deployment/windows-10-auto-pilot.md @@ -18,7 +18,7 @@ ms.date: 06/30/2017 - Windows 10 -Windows AutoPilot is a collection of technologies used to setup and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
+Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple. ## Benefits of Windows AutoPilot diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index 2d146c99a0..f775017c4c 100644 --- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -36,240 +36,39 @@ The ArcSight field column contains the default mapping between the Windows Defen Field numbers match the numbers in the images below. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Portal labelSIEM field nameArcSight fieldExample valueDescription
1AlertTitlenameA dll was unexpectedly loaded into a high integrity process without a UAC promptValue available for every alert.
2SeveritydeviceSeverityMediumValue available for every alert.
3CategorydeviceEventCategoryPrivilege EscalationValue available for every alert.
4SourcesourceServiceNameWindowsDefenderATPWindows Defender Antivirus or Windows Defender ATP. Value available for every alert.
5MachineNamesourceHostNameliz-beanValue available for every alert.
6FileNamefileNameRobocopy.exeAvailable for alerts associated with a file or process.
7FilePathfilePathC:\Windows\System32\Robocopy.exeAvailable for alerts associated with a file or process. \
8UserDomainsourceNtDomaincontosoThe domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts.
9UserNamesourceUserNameliz-beanThe user context running the activity, available for Windows Defender ATP behavioral based alerts.
10Sha1fileHash5b4b3985339529be3151d331395f667e1d5b7f35Available for alerts associated with a file or process.
11Md5deviceCustomString555394b85cb5edddff551f6f3faa9d8ebAvailable for Windows Defender AV alerts.
12Sha256deviceCustomString69987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5Available for Windows Defender AV alerts.
13ThreatNameeviceCustomString1Trojan:Win32/Skeeyah.A!bitAvailable for Windows Defender AV alerts.
14IpAddresssourceAddress218.90.204.141Available for alerts associated to network events. For example, 'Communication to a malicious network destination'.
15UrlrequestUrldown.esales360.cnAvailabe for alerts associated to network events. For example, 'Communication to a malicious network destination'.
16RemediationIsSuccessdeviceCustomNumber2TRUEAvailable for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.
17WasExecutingWhileDetecteddeviceCustomNumber1FALSEAvailable for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.
18AlertIdexternalId636210704265059241_673569822Value available for every alert.
19LinkToWDATPflexString1`https://securitycenter.windows.com/alert/636210704265059241_673569822`Value available for every alert.
20AlertTimedeviceReceiptTime2017-05-07T01:56:59.3191352ZThe time the activity relevant to the alert occurred. Value available for every alert.
21MachineDomainsourceDnsDomaincontoso.comDomain name not relevant for AAD joined machines. Value available for every alert.
22ActordeviceCustomString4Available for alerts related to a known actor group.
21+5ComputerDnsNameNo mappingliz-bean.contoso.comThe machine fully qualified domain name. Value available for every alert.
LogOnUserssourceUserIdcontoso\liz-bean; contoso\jay-hardeeThe domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available.
Internal fieldLastProcessedTimeUtcNo mapping2017-05-07T01:56:58.9936648ZTime when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved.
Not part of the schemadeviceVendorStatic value in the ArcSight mapping - 'Microsoft'.
Not part of the schemadeviceProductStatic value in the ArcSight mapping - 'Windows Defender ATP'.
Not part of the schemadeviceVersionStatic value in the ArcSight mapping - '2.0', used to identify the mapping versions.
+> [!div class="mx-tableFixed"] +| Portal label | SIEM field name | ArcSight field | Example value | Description | +|------------------|---------------------------|---------------------|------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1 | AlertTitle | name | A dll was unexpectedly loaded into a high integrity process without a UAC prompt | Value available for every alert. | +| 2 | Severity | deviceSeverity | Medium | Value available for every alert. | +| 3 | Category | deviceEventCategory | Privilege Escalation | Value available for every alert. | +| 4 | Source | sourceServiceName | WindowsDefenderATP | Windows Defender Antivirus or Windows Defender ATP. Value available for every alert. | +| 5 | MachineName | sourceHostName | liz-bean | Value available for every alert. | +| 6 | FileName | fileName | Robocopy.exe | Available for alerts associated with a file or process. | +| 7 | FilePath | filePath | C:\Windows\System32\Robocopy.exe | Available for alerts associated with a file or process. | +| 8 | UserDomain | sourceNtDomain | contoso | The domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts. | +| 9 | UserName | sourceUserName | liz-bean | The user context running the activity, available for Windows Defender ATP behavioral based alerts. | +| 10 | Sha1 | fileHash | 5b4b3985339529be3151d331395f667e1d5b7f35 | Available for alerts associated with a file or process. | +| 11 | Md5 | deviceCustomString5 | 55394b85cb5edddff551f6f3faa9d8eb | Available for Windows Defender AV alerts. | +| 12 | Sha256 | deviceCustomString6 | 9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5 | Available for Windows Defender AV alerts. | +| 13 | ThreatName | eviceCustomString1 | Trojan:Win32/Skeeyah.A!bit | Available for Windows Defender AV alerts. | +| 14 | IpAddress | sourceAddress | 218.90.204.141 | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. | +| 15 | Url | requestUrl | down.esales360.cn | Available for alerts associated to network events. For example, 'Communication to a malicious network destination'. | +| 16 | RemediationIsSuccess | deviceCustomNumber2 | TRUE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. | +| 17 | WasExecutingWhileDetected | deviceCustomNumber1 | FALSE | Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE. | +| 18 | AlertId | externalId | 636210704265059241_673569822 | Value available for every alert. | +| 19 | LinkToWDATP | flexString1 | `https://securitycenter.windows.com/alert/636210704265059241_673569822` | Value available for every alert. | +| 20 | AlertTime | deviceReceiptTime | 2017-05-07T01:56:59.3191352Z | The time the activity relevant to the alert occurred. Value available for every alert. | +| 21 | MachineDomain | sourceDnsDomain | contoso.com | Domain name not relevant for AAD joined machines. Value available for every alert. | +| 22 | Actor | deviceCustomString4 | | Available for alerts related to a known actor group. | +| 21+5 | ComputerDnsName | No mapping | liz-bean.contoso.com | The machine fully qualified domain name. Value available for every alert. | +| | LogOnUsers | sourceUserId | contoso\liz-bean; contoso\jay-hardee | The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available. | +| | InternalIPv4List | No mapping | 192.168.1.7, 10.1.14.1 | List of IPV4 internal IPs for active network interfaces. | +| | InternalIPv6List | No mapping | fd30:0000:0000:0001:ff4e:003e:0009:000e, FE80:CD00:0000:0CDE:1257:0000:211E:729C | List of IPV6 internal IPs for active network interfaces. | +| Internal field | LastProcessedTimeUtc | No mapping | 2017-05-07T01:56:58.9936648Z | Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved. | +| | Not part of the schema | deviceVendor | | Static value in the ArcSight mapping - 'Microsoft'. | +| | Not part of the schema | deviceProduct | | Static value in the ArcSight mapping - 'Windows Defender ATP'. | +| | Not part of the schema | deviceVersion | | Static value in the ArcSight mapping - '2.0', used to identify the mapping versions. ![Image of alert with numbers](images/atp-alert-page.png) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md index 8d28359a61..8a90f8cb96 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md @@ -33,6 +33,9 @@ Windows Defender ATP supports non-persistent VDI session onboarding. There might You can onboard VDI machines using a single entry or multiple entries for each machine. The following steps will guide you through onboarding VDI machines and will highlight steps for single and multiple entries. +>[!WARNING] +> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding. + 1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): a. Click **Endpoint management** > **Clients** on the **Navigation pane**.