deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

resolving conflict

Browse Source
This commit is contained in:
jaimeo 2020-05-22 14:13:43 -07:00
commit 58ee9b1b8c
560 changed files with 11178 additions and 10411 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
.openpublishing.redirection.json
View File

@ -86,6 +86,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md",
"redirect_url": "https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
"redirect_document_id": false
},
{
"source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
"redirect_url": "https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
"redirect_document_id": false
@ -138,6 +143,11 @@
{
"source_path": "windows/security/threat-protection/intelligence/av-tests.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md",
"redirect_url": "https://docs.microsoft.com/microsoft-365/security/mtp/top-scoring-industry-tests",
"redirect_document_id": true
},
{
@ -757,17 +767,17 @@
},
{
"source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings",
"redirect_url": "hhttps://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
"redirect_document_id": true
},
{
@ -996,6 +1006,31 @@
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table",
"redirect_document_id": true
@ -1317,6 +1352,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration",
"redirect_document_id": false
},
{
"source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@ -7827,11 +7867,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit",
"redirect_document_id": true
@ -7882,16 +7917,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/deploy/integrate-configuration-manager-with-mdt-2013.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/introduction-vamt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/volume-activation/introduction-vamt",
"redirect_document_id": true
@ -13103,18 +13128,18 @@
},
{
"source_path": "windows/keep-secure/windows-defender-smartscreen-available-settings.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings",
"redirect_document_id": true
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/windows-defender-smartscreen-overview.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview",
"redirect_document_id": true
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/windows-defender-smartscreen-set-individual-device.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device",
"redirect_document_id": true
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
@ -14487,6 +14512,46 @@
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-surface-hub.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-admx-backed.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
"redirect_document_id": true
@ -15473,7 +15538,7 @@
},
{
"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
"redirect_document_id": false
},
{
@ -15773,7 +15838,7 @@
},
{
"source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
"redirect_document_id": false
},
{
@ -15787,18 +15852,8 @@
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/get-started-with-configuration-manager",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/integrate-configuration-manager-with-mdt",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
"redirect_document_id": false
},
{
@ -15870,6 +15925,41 @@
"source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
"redirect_document_id": false
},
{
"source_path": "surface/step-by-step-surface-deployment-accelerator.md",
"redirect_url": "https://docs.microsoft.com/surface/microsoft-surface-deployment-accelerator",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
"redirect_document_id": true
}
]
}

10
browsers/edge/about-microsoft-edge.md
View File

@ -2,7 +2,7 @@
title: Microsoft Edge system and language requirements
description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics.
ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
ms.reviewer:
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
@ -17,7 +17,7 @@ ms.date: 10/02/2018
---
# Microsoft Edge system and language requirements
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
> Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
> [!NOTE]
> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
@ -25,8 +25,8 @@ ms.date: 10/02/2018
Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
>[!IMPORTANT]
>The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, dont include Microsoft Edge or many other Universal Windows Platform (UWP) apps. Systems running the LTSB operating systems do not support these apps because their services get frequently updated with new functionality. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
> [!IMPORTANT]
> The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, dont include Microsoft Edge or many other Universal Windows Platform (UWP) apps. Systems running the LTSB operating systems do not support these apps because their services get frequently updated with new functionality. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
## Minimum system requirements
@ -49,7 +49,7 @@ Some of the components might also need additional system resources. Check the co
## Supported languages
Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages.
Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages.
If the extension does not work after install, restart Microsoft Edge. If the extension still does not work, provide feedback through the Feedback Hub.

24
browsers/edge/group-policies/favorites-management-gp.md
View File

@ -1,43 +1,43 @@
---
title: Microsoft Edge - Favorites group policies
description: Configure Microsoft Edge to either show or hide the favorites bar on all pages. Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
services:
keywords:
services:
keywords:
ms.localizationpriority: medium
audience: itpro
manager: dansimp
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
---
# Favorites
# Favorites
> [!NOTE]
> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the users favorites. If its important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the users favorites. If its important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
>[!TIP]
>You can find the Favorites under C:\\Users\\<_username_>\\Favorites.
> [!TIP]
> You can find the Favorites under C:\\Users\\<_username_>\\Favorites.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
## Configure Favorites Bar
## Configure Favorites Bar
[!INCLUDE [configure-favorites-bar-include](../includes/configure-favorites-bar-include.md)]
## Keep favorites in sync between Internet Explorer and Microsoft Edge
[!INCLUDE [keep-fav-sync-ie-edge-include](../includes/keep-fav-sync-ie-edge-include.md)]
## Keep favorites in sync between Internet Explorer and Microsoft Edge
[!INCLUDE [keep-fav-sync-ie-edge-include](../includes/keep-fav-sync-ie-edge-include.md)]
## Prevent changes to Favorites on Microsoft Edge
[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)]
[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)]
## Provision Favorites
## Provision Favorites
[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)]

20
browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
View File

@ -7,7 +7,7 @@ manager: dansimp
ms.author: dansimp
author: dansimp
ms.date: 10/02/2018
ms.reviewer:
ms.reviewer:
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
@ -21,11 +21,10 @@ ms.topic: reference
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
>[!TIP]
>If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
**Technology not supported by Microsoft Edge**
> [!TIP]
> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
**Technology not supported by Microsoft Edge**
- ActiveX controls
@ -39,20 +38,19 @@ Microsoft Edge is the default browser experience for Windows 10 and Windows 10 M
- Legacy document modes
If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
## Relevant group policies
1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
3. [Show message when opening sites in Internet Explorer](#show-message-when-opening-sites-in-internet-explorer)
3. [Show message when opening sites in Internet Explorer](#show-message-when-opening-sites-in-internet-explorer)
4. [(IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge](#ie11-policy-send-all-sites-not-included-in-the-enterprise-mode-site-list-to-microsoft-edge)
4. [(IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge](#ie11-policy-send-all-sites-not-included-in-the-enterprise-mode-site-list-to-microsoft-edge)
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:

120
browsers/edge/includes/configure-home-button-include.md
View File

@ -1,61 +1,59 @@
---
author: eavena
ms.author: eravena
ms.date: 10/28/2018
ms.reviewer:
audience: itpro manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Configure Home Button-->
>*Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
>*Default setting: Disabled or not configured (Show home button and load the Start page)*
[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
### Supported values
| Group Policy | MDM | Registry | Description |
|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------|
| Disabled or not configured<br>**(default)** | 0 | 0 | Load the Start page. |
| Enabled | 1 | 1 | Load the New Tab page. |
| Enabled | 2 | 2 | Load the custom URL defined in the Set Home Button URL policy. |
| Enabled | 3 | 3 | Hide the home button. |
---
>[!TIP]
>If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Home Button
- **GP name:** ConfigureHomeButton
- **GP element:** ConfigureHomeButtonDropdown
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
- **Value name:** ConfigureHomeButton
- **Value type:** REG_DWORD
### Related policies
- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
<hr>
---
author: eavena
ms.author: eravena
ms.date: 10/28/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Configure Home Button-->
> *Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
> *Default setting: Disabled or not configured (Show home button and load the Start page)*
[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
### Supported values
| Group Policy | MDM | Registry | Description |
|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------|
| Disabled or not configured<br>**(default)** | 0 | 0 | Load the Start page. |
| Enabled | 1 | 1 | Load the New Tab page. |
| Enabled | 2 | 2 | Load the custom URL defined in the Set Home Button URL policy. |
| Enabled | 3 | 3 | Hide the home button. |
---
> [!TIP]
> If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Home Button
- **GP name:** ConfigureHomeButton
- **GP element:** ConfigureHomeButtonDropdown
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
- **Value name:** ConfigureHomeButton
- **Value type:** REG_DWORD
### Related policies
- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
<hr>

131
browsers/edge/includes/configure-open-edge-with-include.md
View File

@ -1,68 +1,63 @@
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- Configure Open Microsoft Edge With-->
>*Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
>*Default setting: Enabled (A specific page or pages)*
[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
**Version 1703 or later:**<br>If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
**version 1809:**<br>When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
### Supported values
| Group Policy | MDM | Registry | Description |
|--------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------|
| Not configured | Blank | Blank | If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
| Enabled | 0 | 0 | Load the Start page. |
| Enabled | 1 | 1 | Load the New Tab page. |
| Enabled | 2 | 2 | Load the previous pages. |
| Enabled<br>**(default)** | 3 | 3 | Load a specific page or pages. |
---
>[!TIP]
>If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Open Microsoft Edge With
- **GP name:** ConfigureOpenMicrosoftEdgeWith
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
- **Value name:** ConfigureOpenEdgeWith
- **Value type:** REG_DWORD
### Related policies
- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
---
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- Configure Open Microsoft Edge With-->
> *Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
> *Default setting: Enabled (A specific page or pages)*
[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
**Version 1703 or later:**<br>If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
**version 1809:**<br>When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
### Supported values
| Group Policy | MDM | Registry | Description |
|--------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------|
| Not configured | Blank | Blank | If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
| Enabled | 0 | 0 | Load the Start page. |
| Enabled | 1 | 1 | Load the New Tab page. |
| Enabled | 2 | 2 | Load the previous pages. |
| Enabled<br>**(default)** | 3 | 3 | Load a specific page or pages. |
---
> [!TIP]
> If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
### ADMX info and settings
#### ADMX info
- **GP English name:** Configure Open Microsoft Edge With
- **GP name:** ConfigureOpenMicrosoftEdgeWith
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
- **Value name:** ConfigureOpenEdgeWith
- **Value type:** REG_DWORD
### Related policies
- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
---

105
browsers/edge/includes/provision-favorites-include.md
View File

@ -1,52 +1,53 @@
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Provision Favorites -->
>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
>*Default setting: Disabled or not configured (Customizable)*
[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
>[!IMPORTANT]
>Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
### Supported values
| Group Policy | Description | Most restricted |
|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured<br>**(default)** | Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=<https://localhost:8080/URLs.html></li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> | ![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Provision Favorites
- **GP name:** ConfiguredFavorites
- **GP element:** ConfiguredFavoritesPrompt
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites
- **Data type:** String
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
- **Value name:** ConfiguredFavorites
- **Value type:** REG_SZ
### Related policies
[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
<hr>
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Provision Favorites -->
> *Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
> *Default setting: Disabled or not configured (Customizable)*
[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
> [!IMPORTANT]
> Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
### Supported values
| Group Policy | Description | Most restricted |
|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured<br>**(default)** | Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as: <ul><li>HTTP location: "SiteList"=<https://localhost:8080/URLs.html></li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> | ![Most restricted value](../images/check-gn.png) |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Provision Favorites
- **GP name:** ConfiguredFavorites
- **GP element:** ConfiguredFavoritesPrompt
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites
- **Data type:** String
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
- **Value name:** ConfiguredFavorites
- **Value type:** REG_SZ
### Related policies
[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
<hr>

125
browsers/edge/includes/send-all-intranet-sites-ie-include.md
View File

@ -1,62 +1,63 @@
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Send all intranet sites to Internet Explorer 11 -->
>*Supported versions: Microsoft Edge on Windows 10*<br>
>*Default setting: Disabled or not configured*
[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
>[!TIP]
>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.
### Supported values
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured<br>**(default)** | 0 | 0 | All sites, including intranet sites, open in Microsoft Edge automatically. | ![Most restricted value](../images/check-gn.png) |
| Enabled | 1 | 1 | Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<p><p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.<p><p>A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol> | |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Send all intranet sites to Internet Explorer 11
- **GP name:** SendIntranetTraffictoInternetExplorer
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
- **Value name:** SendIntranetTraffictoInternetExplorer
- **Value type:** REG_DWORD
### Related Policies
- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
### Related topics
- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge.
- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
<hr>
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
<!-- ## Send all intranet sites to Internet Explorer 11 -->
> *Supported versions: Microsoft Edge on Windows 10*<br>
> *Default setting: Disabled or not configured*
[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
> [!TIP]
> Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.
### Supported values
| Group Policy | MDM | Registry | Description | Most restricted |
|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
| Disabled or not configured<br>**(default)** | 0 | 0 | All sites, including intranet sites, open in Microsoft Edge automatically. | ![Most restricted value](../images/check-gn.png) |
| Enabled | 1 | 1 | Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<p><p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.<p><p>A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol> | |
---
### ADMX info and settings
#### ADMX info
- **GP English name:** Send all intranet sites to Internet Explorer 11
- **GP name:** SendIntranetTraffictoInternetExplorer
- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
#### MDM settings
- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
- **Supported devices:** Desktop
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
- **Value name:** SendIntranetTraffictoInternetExplorer
- **Value type:** REG_DWORD
### Related Policies
- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
### Related topics
- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge.
- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
<hr>

64
browsers/edge/microsoft-edge-kiosk-mode-deploy.md
View File

@ -1,8 +1,8 @@
---
title: Deploy Microsoft Edge Legacy kiosk mode
description: Microsoft Edge Legacy kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge Legacy kiosk mode, you must configure Microsoft Edge Legacy as an application in assigned access.
ms.assetid:
ms.reviewer:
ms.assetid:
ms.reviewer:
audience: itpro
manager: dansimp
author: dansimp
@ -16,28 +16,28 @@ ms.date: 01/17/2020
# Deploy Microsoft Edge Legacy kiosk mode
>Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later
>Professional, Enterprise, and Education
> Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later
> Professional, Enterprise, and Education
> [!NOTE]
> You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-kiosk-mode).
In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.
In this topic, you'll learn:
In this topic, you'll learn:
- How to configure the behavior of Microsoft Edge Legacy when it's running in kiosk mode with assigned access.
- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.
- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service.
- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.
- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service.
At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support.
At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support.
## Kiosk mode configuration types
>**Policy** = Configure kiosk mode (ConfigureKioskMode)
> **Policy** = Configure kiosk mode (ConfigureKioskMode)
Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
- Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image)
@ -50,9 +50,9 @@ Microsoft Edge Legacy kiosk mode supports four configurations types that depend
### Important things to note before getting started
- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device.
- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device.
- The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks.
- The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks.
- Microsoft Edge Legacy kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge Legacy resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
@ -67,7 +67,7 @@ Microsoft Edge Legacy kiosk mode supports four configurations types that depend
- [Guidelines for choosing an app for assigned access (kiosk mode)](https://aka.ms/Ul7dw3).
### Supported configuration types
### Supported configuration types
[!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)]
@ -75,9 +75,9 @@ Microsoft Edge Legacy kiosk mode supports four configurations types that depend
Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge Legacy kiosk mode:
- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service.
- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service.
- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
### Prerequisites
@ -89,14 +89,14 @@ Now that you're familiar with the different kiosk mode configurations and have t
- URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page.
- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge Legacy:
```
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
```
### Setup required for Microsoft Edge Legacy kiosk mode
When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge.
When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge.
To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take one of the following actions:
@ -104,11 +104,11 @@ To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take on
- To prevent Microsoft Edge Stable channel from being installed on your kiosk devices deploy the Microsoft Edge [Allow installation default](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#installdefault) policy for Stable channel or consider using the [Blocker toolkit](https://docs.microsoft.com/DeployEdge/microsoft-edge-blocker-toolkit) to disable automatic delivery of Microsoft Edge.
> [!NOTE]
> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).
> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).
### Use Windows Settings
Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.
Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.
1. On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**.
@ -120,9 +120,9 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
5. Select how Microsoft Edge Legacy displays when running in kiosk mode:
- **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.
- **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.
- **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.
- **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.
6. Select **Next**.
@ -136,23 +136,23 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
11. Restart the kiosk device and sign in with the local kiosk account to validate the configuration.
**_Congratulations!_** <p>Youve just finished setting up a single-app kiosk device using Windows Settings.
**_Congratulations!_** <p>Youve just finished setting up a single-app kiosk device using Windows Settings.
**_What's next?_**
**_What's next?_**
- User your new kiosk device. <p>
OR<p>
- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge Legacy**.
---
---
### Use Microsoft Intune or other MDM service
With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge Legacy kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
>[!IMPORTANT]
>If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
> [!IMPORTANT]
> If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
@ -166,7 +166,7 @@ With this method, you can use Microsoft Intune or other MDM services to configur
| **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p>![](images/icon-thin-line-computer.png) | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
| **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p>![](images/icon-thin-line-computer.png) | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p>![](images/icon-thin-line-computer.png) | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
**_Congratulations!_** <p>Youve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.
@ -177,7 +177,7 @@ With this method, you can use Microsoft Intune or other MDM services to configur
## Supported policies for kiosk mode
Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
Make sure to check with your provider for instructions.
@ -251,18 +251,18 @@ Make sure to check with your provider for instructions.
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Not supported](images/148766.png) = Not applicable or not supported <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Supported](images/148767.png) = Supported
---
---
## Feature comparison of kiosk mode and kiosk browser app
In the following table, we show you the features available in both Microsoft Edge Legacy kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
| **Feature** | **Microsoft Edge Legacy kiosk mode** | **Microsoft Kiosk browser app** |
| **Feature** | **Microsoft Edge Legacy kiosk mode** | **Microsoft Kiosk browser app** |
|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
| Print support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) |
| Multi-tab support | ![Supported](images/148767.png) | ![Not supported](images/148766.png) |
| Allow/Block URL support | ![Not Supported](images/148766.png) ![Supported](images/148767.png) |
| Allow/Block URL support | ![Not Supported](images/148766.png) | ![Supported](images/148767.png) |
| Configure Home Button | ![Supported](images/148767.png) | ![Supported](images/148767.png) |
| Set Start page(s) URL | ![Supported](images/148767.png) | ![Supported](images/148767.png) <p>*Same as Home button URL* |
| Set New Tab page URL | ![Supported](images/148767.png) | ![Not supported](images/148766.png) |
@ -280,6 +280,6 @@ To prevent access to unwanted websites on your kiosk device, use Windows Defende
## Provide feedback or get support
To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.

9
browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
View File

@ -1,12 +1,13 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.date: 04/23/2020
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
[Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy):
This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
[Microsoft browser extension policy](https://docs.microsoft.com/legal/microsoft-edge/microsoft-browser-extension-policy):
This article describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content these browsers display. Techniques that aren't explicitly listed in this article are considered to be **unsupported**.

16
browsers/edge/web-app-compat-toolkit.md
View File

@ -1,6 +1,6 @@
---
title: Web Application Compatibility lab kit
ms.reviewer:
ms.reviewer:
audience: itpro
manager: dansimp
description: Learn how to use the web application compatibility toolkit for Microsoft Edge.
@ -14,7 +14,7 @@ ms.localizationpriority: high
# Web Application Compatibility lab kit
>Updated: October, 2017
> Updated: October, 2017
Upgrading web applications to modern standards is the best long-term solution to ensure compatibility with todays web browsers, but using backward compatibility can save time and money. Internet Explorer 11 has features that can ease your browser and operating system upgrades, reducing web application testing and remediation costs. On Windows 10, you can standardize on Microsoft Edge for faster, safer browsing and fall back to Internet Explorer 11 just for sites that need backward compatibility.
@ -22,7 +22,7 @@ The Web Application Compatibility Lab Kit is a primer for the features and techn
The Web Application Compatibility Lab Kit includes:
- A pre-configured Windows 7 and Windows 10 virtual lab environment with:
- A pre-configured Windows 7 and Windows 10 virtual lab environment with:
- Windows 7 Enterprise Evaluation
- Windows 10 Enterprise Evaluation (version 1607)
- Enterprise Mode Site List Manager
@ -36,10 +36,10 @@ Depending on your environment, your web apps may "just work” using the methods
There are two versions of the lab kit available:
- Full version (8 GB) - includes a complete virtual lab environment
- Full version (8 GB) - includes a complete virtual lab environment
- Lite version (400 MB) - includes guidance for running the Lab Kit on your own Windows 7 or Windows 10 operating system
The Web Application Compatibility Lab Kit is also available in the following languages:
The Web Application Compatibility Lab Kit is also available in the following languages:
- Chinese (Simplified)
- Chinese (Traditional)
@ -48,11 +48,11 @@ The Web Application Compatibility Lab Kit is also available in the following lan
- Italian
- Japanese
- Korean
- Portuguese (Brazil)
- Portuguese (Brazil)
- Russian
- Spanish
[DOWNLOAD THE LAB KIT](https://www.microsoft.com/evalcenter/evaluate-windows-10-web-application-compatibility-lab)
>[!TIP]
>Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space.
> [!TIP]
> Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space.

26
browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
View File

@ -8,7 +8,7 @@ ms.prod: ie11
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
ms.reviewer:
ms.reviewer:
manager: dansimp
ms.author: dansimp
---
@ -17,16 +17,16 @@ ms.author: dansimp
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
>[!Important]
>Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
> [!Important]
> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
**To create a new change request**
1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
@ -36,7 +36,7 @@ Employees assigned to the Requester role can create a change request. A change r
2. Fill out the required fields, based on the group and the app, including:
- **Group name.** Select the name of your group from the dropdown box.
- **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
- **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
@ -58,16 +58,16 @@ Employees assigned to the Requester role can create a change request. A change r
- **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
- **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx).
4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
- **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
- **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
## Next steps
After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).

7
browsers/enterprise-mode/enterprise-mode-features-include.md
View File

@ -1,4 +1,5 @@
### Enterprise Mode features
Enterprise Mode includes the following features:
- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that arent currently supported by existing document modes.
@ -8,9 +9,9 @@ Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microso
- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
>[!Important]
>All centrally-made decisions override any locally-made choices.
> [!Important]
> All centrally-made decisions override any locally-made choices.
- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.

18
browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
View File

@ -8,7 +8,7 @@ ms.prod: ie11
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
ms.reviewer:
ms.reviewer:
manager: dansimp
ms.author: dansimp
---
@ -17,18 +17,18 @@ ms.author: dansimp
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
>[!Important]
>This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
> [!Important]
> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.

45
browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
View File

@ -1,22 +1,23 @@
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro manager: dansimp
ms.prod: edge
ms.topic: include
---
If you need to replace your entire site list because of errors, or simply because its out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
>[!IMPORTANT]
>Importing your file overwrites everything thats currently in the tool, so make sure its what want to do.
1. In the Enterprise Mode Site List Manager, click **File \> Import**.
2. Go to the exported .EMIE file.<p>For example, `C:\users\<user_name>\documents\sites.emie`
1. Click **Open**.
2. Review the alert message about all of your entries being overwritten and click **Yes**.
---
author: eavena
ms.author: eravena
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
If you need to replace your entire site list because of errors, or simply because its out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
> [!IMPORTANT]
> Importing your file overwrites everything thats currently in the tool, so make sure its what want to do.
1. In the Enterprise Mode Site List Manager, click **File \> Import**.
2. Go to the exported .EMIE file.<p>For example, `C:\users\<user_name>\documents\sites.emie`
1. Click **Open**.
2. Review the alert message about all of your entries being overwritten and click **Yes**.

5
browsers/includes/interoperability-goals-enterprise-guidance.md
View File

@ -26,8 +26,8 @@ You must continue using IE11 if web apps use any of the following:
If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
>[!TIP]
>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
> [!TIP]
> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
|Technology |Why it existed |Why we don't need it anymore |
@ -38,4 +38,3 @@ If you have uninstalled IE11, you can download it from the Microsoft Store or th
---

27
browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
View File

@ -8,7 +8,7 @@ ms.prod: ie11
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
ms.reviewer:
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
@ -18,16 +18,16 @@ ms.author: dansimp
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
>[!Important]
>Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
> [!Important]
> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
**To create a new change request**
1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
@ -37,7 +37,7 @@ Employees assigned to the Requester role can create a change request. A change r
2. Fill out the required fields, based on the group and the app, including:
- **Group name.** Select the name of your group from the dropdown box.
- **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
- **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
@ -59,16 +59,17 @@ Employees assigned to the Requester role can create a change request. A change r
- **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
- **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx).
4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
- **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
- **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
## Next steps
After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).

18
browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
View File

@ -8,7 +8,7 @@ ms.prod: ie11
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
ms.reviewer:
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: dansimp
@ -18,18 +18,18 @@ ms.author: dansimp
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
>[!Important]
>This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
> [!Important]
> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.

20
browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
View File

@ -20,11 +20,11 @@ ms.date: 10/25/2018
**Applies to:**
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
- Windows 10
- Windows 8.1
- Windows 7
- Windows Server 2012 R2
- Windows Server 2008 R2 with Service Pack 1 (SP1)
Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
@ -33,7 +33,7 @@ If you have specific websites and apps that you know have compatibility problems
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
>[!TIP]
> [!TIP]
> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
For Windows 10 and Windows 10 Mobile, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List.
@ -54,8 +54,8 @@ Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microso
- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
>[!Important]
>All centrally-made decisions override any locally-made choices.
> [!Important]
> All centrally-made decisions override any locally-made choices.
- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
@ -121,11 +121,11 @@ There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and
- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema.
If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal.

108
browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
View File

@ -5,8 +5,8 @@ description: Get answers to commonly asked questions about the Internet Explorer
author: dansimp
ms.author: dansimp
ms.prod: ie11
ms.assetid:
ms.reviewer:
ms.assetid:
ms.reviewer:
audience: itpro
manager: dansimp
title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
@ -16,50 +16,50 @@ ms.date: 05/10/2018
# Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
>[!Important]
>If you administer your companys environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you dont need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
> [!Important]
> If you administer your companys environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you dont need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
- [Automatic updates delivery process](#automatic-updates-delivery-process)
- [Automatic updates delivery process](#automatic-updates-delivery-process)
- [How the Internet Explorer 11 Blocker Toolkit works](#how-the-internet-explorer-11-blocker-toolkit-works)
- [How the Internet Explorer 11 Blocker Toolkit works](#how-the-internet-explorer-11-blocker-toolkit-works)
- [Internet Explorer 11 Blocker Toolkit and other update services](#internet-explorer-11-blocker-toolkit-and-other-update-services)
- [Internet Explorer 11 Blocker Toolkit and other update services](#internet-explorer-11-blocker-toolkit-and-other-update-services)
## Automatic Updates delivery process
**Q. Which users will receive Internet Explorer 11 as an important update?**
A. Users running either Windows 7 with Service Pack 1 (SP1) or the 64-bit version of Windows Server 2008 R2 with Service Pack 1 (SP1) will receive Internet Explorer 11 as an important update, if Automatic Updates are turned on. Windows Update is manually run. Automatic Updates will automatically download and install the Internet Explorer 11 files if its turned on. For more information about how Internet Explorer works with Automatic Updates and information about other deployment blocking options, see [Internet Explorer 11 Delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md).
**Q. When is the Blocker Toolkit available?**
A. The Blocker Toolkit is currently available from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
**Q. What tools can I use to manage Windows Updates and Microsoft Updates in my company?**
A. We encourage anyone who wants full control over their companys deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You can also use the more advanced configuration management tool, [System Center 2012 Configuration Manager](https://technet.microsoft.com/library/gg682041.aspx).
**Q. How long does the blocker mechanism work?**
A. The Internet Explorer 11 Blocker Toolkit uses a registry key value to permanently turn off the automatic delivery of Internet Explorer 11. This behavior lasts as long as the registry key value isnt removed or changed.
**Q. Why should I use the Internet Explorer 11 Blocker Toolkit to stop delivery of Internet Explorer 11? Why cant I just disable all of Automatic Updates?**
A. Automatic Updates provide you with ongoing critical security and reliability updates. Turning this feature off can leave your computers more vulnerable. Instead, we suggest that you use an update management solution, such as WSUS, to fully control your environment while leaving this feature running, managing how and when the updates get to your users computers.
**Q. Which users will receive Internet Explorer 11 as an important update?**
A. Users running either Windows 7 with Service Pack 1 (SP1) or the 64-bit version of Windows Server 2008 R2 with Service Pack 1 (SP1) will receive Internet Explorer 11 as an important update, if Automatic Updates are turned on. Windows Update is manually run. Automatic Updates will automatically download and install the Internet Explorer 11 files if its turned on. For more information about how Internet Explorer works with Automatic Updates and information about other deployment blocking options, see [Internet Explorer 11 Delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md).
**Q. When is the Blocker Toolkit available?**
A. The Blocker Toolkit is currently available from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
**Q. What tools can I use to manage Windows Updates and Microsoft Updates in my company?**
A. We encourage anyone who wants full control over their companys deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You can also use the more advanced configuration management tool, [System Center 2012 Configuration Manager](https://technet.microsoft.com/library/gg682041.aspx).
**Q. How long does the blocker mechanism work?**
A. The Internet Explorer 11 Blocker Toolkit uses a registry key value to permanently turn off the automatic delivery of Internet Explorer 11. This behavior lasts as long as the registry key value isnt removed or changed.
**Q. Why should I use the Internet Explorer 11 Blocker Toolkit to stop delivery of Internet Explorer 11? Why cant I just disable all of Automatic Updates?**
A. Automatic Updates provide you with ongoing critical security and reliability updates. Turning this feature off can leave your computers more vulnerable. Instead, we suggest that you use an update management solution, such as WSUS, to fully control your environment while leaving this feature running, managing how and when the updates get to your users computers.
The Internet Explorer 11 Blocker Toolkit safely allows Internet Explorer 11 to download and install in companies that cant use WSUS, Configuration Manager, or
other update management solution.
**Q. Why dont we just block URL access to Windows Update or Microsoft Update?**
other update management solution.
**Q. Why dont we just block URL access to Windows Update or Microsoft Update?**
A. Blocking the Windows Update or Microsoft Update URLs also stops delivery of critical security and reliability updates for all of the supported versions of the Windows operating system; leaving your computers more vulnerable.
## How the Internet Explorer 11 Blocker Toolkit works
**Q. How should I test the Internet Explorer 11 Blocker Toolkit in my company?**
A. Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additional impact or side effects to your environment. No additional testing should be necessary.
**Q. Whats the registry key used to block delivery of Internet Explorer 11?**
A. HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\11.0
**Q. Whats the registry key name and values?**
**Q. How should I test the Internet Explorer 11 Blocker Toolkit in my company?**
A. Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additional impact or side effects to your environment. No additional testing should be necessary.
**Q. Whats the registry key used to block delivery of Internet Explorer 11?**
A. HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\11.0
**Q. Whats the registry key name and values?**
The registry key name is **DoNotAllowIE11**, where:
- A value of **1** turns off the automatic delivery of Internet Explorer 11 using Automatic Updates and turns off the Express install option.
@ -67,23 +67,23 @@ The registry key name is **DoNotAllowIE11**, where:
- Not providing a registry key, or using a value of anything other than **1**, lets the user install Internet Explorer 11 through Automatic Updates or a
manual update.
**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from manually installing Internet Explorer 11?**
A. No. The Internet Explorer 11 Blocker Toolkit only stops computers from automatically installing Internet Explorer 11 through Automatic Updates. Users can still download and install Internet Explorer 11 from the Microsoft Download Center or from external media.
**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from automatically upgrading to Internet Explorer 11?**
A. Yes. The Internet Explorer 11 Blocker Toolkit also prevents Automatic Updates from automatically upgrading a computer from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11.
**Q. How does the provided script work?**
**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from manually installing Internet Explorer 11?**
A. No. The Internet Explorer 11 Blocker Toolkit only stops computers from automatically installing Internet Explorer 11 through Automatic Updates. Users can still download and install Internet Explorer 11 from the Microsoft Download Center or from external media.
**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from automatically upgrading to Internet Explorer 11?**
A. Yes. The Internet Explorer 11 Blocker Toolkit also prevents Automatic Updates from automatically upgrading a computer from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11.
**Q. How does the provided script work?**
A. The script accepts one of two command line options:
- **Block:** Creates the registry key that stops Internet Explorer 11 from installing through Automatic Updates.
- **Unblock:** Removes the registry key that stops Internet Explorer 11 from installing through Automatic Updates.
**Q. Whats the ADM template file used for?**
A. The Administrative Template (.adm file) lets you import the new Group Policy environment and use Group Policy Objects to centrally manage all of the computers in your company.
**Q. Is the tool localized?**
**Q. Whats the ADM template file used for?**
A. The Administrative Template (.adm file) lets you import the new Group Policy environment and use Group Policy Objects to centrally manage all of the computers in your company.
**Q. Is the tool localized?**
A. No. The tool isnt localized, its only available in English (en-us). However, it does work, without any modifications, on any language edition of the supported operating systems.
## Internet Explorer 11 Blocker Toolkit and other update services
@ -91,17 +91,17 @@ A. No. The tool isnt localized, its only available in English (en-us). How
**Q: Is there a version of the Internet Explorer Blocker Toolkit that will prevent automatic installation of IE11?**<br>
Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
**Q. Does the Internet Explorer 11 blocking mechanism also block delivery of Internet Explorer 11 through update management solutions, like WSUS?**
A. No. You can still deploy Internet Explorer 11 using one of the upgrade management solutions, even if the blocking mechanism is activated. The Internet Explorer 11 Blocker Toolkit is only intended for companies that dont use upgrade management solutions.
**Q. If WSUS is set to 'auto-approve' Update Rollup packages (this is not the default configuration), how do I stop Internet Explorer 11 from automatically installing throughout my company?**
**Q. Does the Internet Explorer 11 blocking mechanism also block delivery of Internet Explorer 11 through update management solutions, like WSUS?**
A. No. You can still deploy Internet Explorer 11 using one of the upgrade management solutions, even if the blocking mechanism is activated. The Internet Explorer 11 Blocker Toolkit is only intended for companies that dont use upgrade management solutions.
**Q. If WSUS is set to 'auto-approve' Update Rollup packages (this is not the default configuration), how do I stop Internet Explorer 11 from automatically installing throughout my company?**
A. You only need to change your settings if:
- You use WSUS to manage updates and allow auto-approvals for Update Rollup installation.
- You use WSUS to manage updates and allow auto-approvals for Update Rollup installation.
-and-
- You have computers running either Windows 7 SP1 or Windows Server 2008 R2 (SP1) with Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 installed.
- You have computers running either Windows 7 SP1 or Windows Server 2008 R2 (SP1) with Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 installed.
-and-
@ -112,10 +112,10 @@ If these scenarios apply to your company, see [Internet Explorer 11 delivery thr
## Additional resources
- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
- [Internet Explorer 11 FAQ for IT pros](https://docs.microsoft.com/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
- [Internet Explorer 11 FAQ for IT pros](https://docs.microsoft.com/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
- [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
- [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
- [Internet Explorer 11 deployment guide](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/index)
- [Internet Explorer 11 deployment guide](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/index)

8
browsers/internet-explorer/ie11-ieak/index.md
View File

@ -14,12 +14,12 @@ manager: dansimp
# Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
>[!IMPORTANT]
>Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary.
> [!IMPORTANT]
> Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary.
## Included technology
@ -41,7 +41,7 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
## Related topics
- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.md)
- [Download IEAK 11](ieak-information-and-downloads.md)
- [Download IEAK 11](ieak-information-and-downloads.md)
- [IEAK 11 administrators guide](https://docs.microsoft.com/internet-explorer/ie11-ieak/index)
- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)

14
browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
View File

@ -6,7 +6,7 @@ author: dansimp
ms.author: dansimp
ms.prod: ie11
ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
ms.reviewer:
ms.reviewer:
audience: itpro
manager: dansimp
title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
@ -21,8 +21,8 @@ In addition to the Software License Terms for the Internet Explorer Administrati
During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
- **External Distribution as an Internet Service Provider (ISP), Internet Content Provider (ICP), or Developer.** If you are an ISP or an ICP, your license agreement also states that you must show the Internet Explorer logo on your packaging and promotional goods, as well as on your website.
>[!IMPORTANT]
>Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
> [!IMPORTANT]
> Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
- **Internal Distribution via a Corporate Intranet.** This version is for network admins that plan to directly deploy IE11 into a corporate environment.
@ -64,10 +64,10 @@ During installation, you must pick a version of IEAK 11, either **External** or
Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
- **External Distribution**
- **External Distribution**
This mode is available to anyone who wants to create a customized browser for distribution outside their company (for example, websites, magazines, retailers, non-profit organizations, independent hardware vendors, independent software vendors, Internet service providers, Internet content providers, software developers, and marketers).
- **Internal Distribution**
- **Internal Distribution**
This mode is available to companies for the creation and distribution of a customized browser only to their employees over a corporate intranet.
The table below identifies which customizations you may or may not perform based on the mode you selected.
@ -100,8 +100,8 @@ Support for some of the Internet Explorer settings on the wizard pages varies de
Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
- **External Distribution**
- **External Distribution**
You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy).
- **Internal Distribution - corporate intranet**
- **Internal Distribution - corporate intranet**
The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet.

11
devices/hololens/TOC.md
View File

@ -5,7 +5,7 @@
## [Get your HoloLens 2 ready to use](hololens2-setup.md)
## [Set up your HoloLens 2](hololens2-start.md)
## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
## [Frequently asked questions about cleaning HoloLens 2 devices](hololens2-maintenance.md)
## [HoloLens 2 cleaning FAQ](hololens2-maintenance.md)
## [Supported languages for HoloLens 2](hololens2-language-support.md)
## [Getting around HoloLens 2](hololens2-basic-usage.md)
@ -16,6 +16,7 @@
## [HoloLens (1st gen) fit and comfort FAQ](hololens1-fit-comfort-faq.md)
## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
## [HoloLens (1st Gen) release notes](hololens1-release-notes.md)
# Deploy HoloLens and mixed-reality apps in commercial environments
## [Commercial features](hololens-commercial-features.md)
@ -37,10 +38,9 @@
# User management and access management
## [Manage user identity and sign-in for HoloLens](hololens-identity.md)
## [Share your HoloLens with multiple people](hololens-multiple-users.md)
## [Set up HoloLens as a kiosk for specific applications](hololens-kiosk.md)
## [Set up HoloLens as a kiosk](hololens-kiosk.md)
# Holographic applications
## [Use 3D Viewer on HoloLens](holographic-3d-viewer-beta.md)
## [Find, install, and uninstall applications](holographic-store-apps.md)
## [Manage custom apps for HoloLens](holographic-custom-apps.md)
@ -64,12 +64,13 @@
## [Frequently asked questions](hololens-faq.md)
## [Frequently asked security questions](hololens-faq-security.md)
## [Status of the HoloLens services](hololens-status.md)
## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb)
## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f)
# Resources
## [Use 3D Viewer on HoloLens (1st gen)](holographic-3d-viewer-beta.md)
## [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md)
# [HoloLens release notes](hololens-release-notes.md)
# [HoloLens 2 release notes](hololens-release-notes.md)
# [Give us feedback](hololens-feedback.md)
# [Insider preview for Microsoft HoloLens](hololens-insider.md)
# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

70
devices/hololens/holographic-3d-viewer-beta.md
View File

@ -1,6 +1,6 @@
---
title: Using 3D Viewer Beta on HoloLens
description: Describes the types of files and features that 3D Viewer Beta on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
title: Using 3D Viewer on HoloLens (1st gen)
description: Describes the types of files and features that 3D Viewer on HoloLens (1st gen) supports, and how to use and troubleshoot the app.
ms.prod: hololens
ms.sitesec: library
author: Teresa-Motiv
@ -15,16 +15,16 @@ appliesto:
- HoloLens (1st gen)
---
# Using 3D Viewer Beta on HoloLens
# Using 3D Viewer on HoloLens (1st gen)
3D Viewer Beta lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
3D Viewer lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
>[!NOTE]
>This article applies to the immersive Unity **3D Viewer Beta** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
>This article applies to the immersive Unity **3D Viewer** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details.
If you're having trouble opening a 3D model in 3D Viewer Beta, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
To build or optimize 3D models for use with 3D Viewer Beta, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more.
@ -86,14 +86,14 @@ If you're having trouble after reading these topics, see [Troubleshooting](#trou
### File and model limitations
There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta:
There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer:
- 500 MB maximum file size per model
- Vertices: 600,000 combined on all open models
- Meshes: 1,600 combined on all open models
- Maximum of 40 models open at one time
## Optimizing 3D models for 3D Viewer Beta
## Optimizing 3D models for 3D Viewer
### Special considerations
@ -103,9 +103,9 @@ There are hard limits on the size of files, as well as the number of models, ver
### Performance optimization
Keep performance in mind while authoring content and validate in the 3D Viewer Beta app on HoloLens during the authoring process for best results. 3D Viewer Beta renders content real-time and performance is subject to HoloLens hardware capabilities.
Keep performance in mind while authoring content and validate in the 3D Viewer app on HoloLens during the authoring process for best results. 3D Viewer renders content real-time and performance is subject to HoloLens hardware capabilities.
There are many variables in a 3D model that can impact performance. 3D Viewer Beta will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta (see [File and model limitations](#file-and-model-limitations)).
There are many variables in a 3D model that can impact performance. 3D Viewer will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer (see [File and model limitations](#file-and-model-limitations)).
If the 3D model isn't running well due to model complexity, consider:
@ -113,17 +113,17 @@ If the 3D model isn't running well due to model complexity, consider:
- Reducing number of bones in rigged animation
- Avoiding self-occlusion
Double-sided rendering is supported in 3D Viewer Beta, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
Double-sided rendering is supported in 3D Viewer, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
### Validating your 3D model
Validate your model by opening it in 3D Viewer Beta on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
Validate your model by opening it in 3D Viewer on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
### Rendering 3D models with true-to-life dimensions
By default, 3D Viewer Beta displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
By default, 3D Viewer displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer is 1 meter per FBX unit.
## Viewing FBX files on HoloLens
@ -133,71 +133,71 @@ FBX files can be opened directly from a website using Microsoft Edge on HoloLens
1. In Microsoft Edge, navigate to the webpage containing the FBX file you want to view.
1. Select the file to download it.
1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer Beta.
1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer.
The downloaded file can be accessed and opened again later by using Downloads in Microsoft Edge. To save a 3D model and ensure continued access, download the file on your PC and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
> [!NOTE]
> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer Beta cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
### Open an FBX file from OneDrive
FBX files can be opened from OneDrive by using the OneDrive app on HoloLens. Be sure you've installed OneDrive using Microsoft Store app on HoloLens and that you've already uploaded the FBX file to OneDrive on your PC.
Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer Beta in one of two ways:
Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer in one of two ways:
- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer Beta.
- Launch 3D Viewer Beta, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer.
- Launch 3D Viewer, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
## Troubleshooting
### I see a warning when I open a 3D model
You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer Beta, or if the model is too complex and performance may be affected. 3D Viewer Beta will still load the 3D model, but performance or visual fidelity may be compromised.
You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer, or if the model is too complex and performance may be affected. 3D Viewer will still load the 3D model, but performance or visual fidelity may be compromised.
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
### I see a warning and the 3D model doesn't load
You will see an error message when 3D Viewer Beta cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
You will see an error message when 3D Viewer cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
For more info, see [Supported content specifications](#supported-content-specifications) and [File and model limitations](#file-and-model-limitations).
If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer Beta team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
### My 3D model loads, but does not appear as expected
If your 3D model does not look as expected in 3D Viewer Beta, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer Beta will be highlighted as warnings.
If your 3D model does not look as expected in 3D Viewer, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer will be highlighted as warnings.
The most common issue you might see is missing textures, likely because they are not embedded in the FBX file. In this case, the model will appear white. This issue can be addressed in the creation process by exporting from your creation tool to FBX with the embed textures option selected.
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer).
### I experience performance drops while viewing my 3D model
Performance when loading and viewing a 3D model can be affected by the complexity of the model, number of models open simultaneously, or number of models with active animations.
For more info, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta) and [File and model limitations](#file-and-model-limitations).
For more info, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer) and [File and model limitations](#file-and-model-limitations).
### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer Beta
### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer
3D Viewer Beta is automatically associated with the .fbx file extension when it is installed.
3D Viewer is automatically associated with the .fbx file extension when it is installed.
If you try to open an FBX file and see a dialog box that directs you to Microsoft Store, you do not currently have an app associated with the .fbx file extension on HoloLens.
Verify that 3D Viewer Beta is installed. If it is not installed, download it from Microsoft Store on HoloLens.
Verify that 3D Viewer is installed. If it is not installed, download it from Microsoft Store on HoloLens.
If 3D Viewer Beta is already installed, launch 3D Viewer Beta, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer Beta. This will re-associate the .fbx file extension with 3D Viewer Beta.
If 3D Viewer is already installed, launch 3D Viewer, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer. This will re-associate the .fbx file extension with 3D Viewer.
If attempting to open an FBX file opens an app other than 3D Viewer Beta, that app was likely installed after 3D Viewer Beta and has taken over association with the .fbx file extension. If you prefer 3D Viewer Beta to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer Beta.
If attempting to open an FBX file opens an app other than 3D Viewer, that app was likely installed after 3D Viewer and has taken over association with the .fbx file extension. If you prefer 3D Viewer to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer.
### The Open File button in 3D Viewer Beta doesn't launch an app
### The Open File button in 3D Viewer doesn't launch an app
The **Open File** button will open the app associated with the file picker function on HoloLens. If OneDrive is installed, the **Open File** button should launch OneDrive. However, if there is currently no app associated with the file picker function installed on HoloLens, you will be directed to Microsoft Store.
If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer Beta, uninstall and reinstall OneDrive.
If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer, uninstall and reinstall OneDrive.
If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer Beta at one time. If you have 40 models open in 3D Viewer Beta, you will need to close some before you will be able to open additional models.
If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer at one time. If you have 40 models open in 3D Viewer, you will need to close some before you will be able to open additional models.
## Additional resources

18
devices/hololens/holographic-store-apps.md
View File

@ -33,12 +33,18 @@ Open the Microsoft Store from the **Start** menu. Then browse for apps and games
## Install apps
To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
To download apps, you'll need to be signed in with a Microsoft account. Some apps are free and can be downloaded right away. Apps that require a purchase require you to be signed in to the Store with your Microsoft account and have a valid payment method.
> [!NOTE]
> The account you use on Microsoft Store does not have to be the same as the account you are signed in with. If you are using a Work or School account on your HoloLens then you'll need to sign in with your personal account in the Store App to make a purchase.
1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist.
2. Select the Store app and then tap to place this tile into your world.
3. Once the Store app opens, use the search bar to look for any desired application.
4. Select **Get** or **Install** on the application's page (a purchase may be required).
To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
1. To open the [**Start** menu](holographic-home.md), perform a [Start gesture](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) or [bloom](hololens1-basic-usage.md) gesture on HoloLens 1.
1. Select the Store app. Once the Store app opens:
1. Use the search bar to look for any desired applications.
1. Select essential apps or apps made specifically for HoloLens from one of the curated categories.
1. On the top right of the Store app, select the **...** button and then select **My Library** to view any previously purchased apps.
1. Select **Get** or **Install** on the application's page (a purchase may be required).
## Uninstall apps
@ -46,7 +52,7 @@ There are two ways to uninstall applications. You can uninstall applications th
### Uninstall from the Start menu
On the **Start** menu or in the **All apps** list, gaze at the app. Tap and hold until the menu appears, then select **Uninstall**.
On the **Start** menu or in the **All apps** list, browse to the app. Air tap and hold until the menu appears, then select **Uninstall**.
### Uninstall from the Microsoft Store

8
devices/hololens/hololens-calibration.md
View File

@ -38,7 +38,7 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan
![Calibration prompt](./images/07-et-adjust-for-your-eyes.png)
During this process, you'll look at a set of targets (gems). It's fine if you blink or close your eyes during calibration but try not to stare at other objects in the room. This allows HoloLens to learn about your eye position to render your holographic world.
During this process, you'll look at a set of targets (gems). It's fine if you blink during calibration, but try to stay focused on the gems instead of other objects in the room. This allows HoloLens to learn about your eye position to render your holographic world.
![Calibration prompt](./images/07-et-hold-head-still.png)
@ -52,7 +52,7 @@ If calibration was successful, you'll see a success screen. If not, read more a
### Calibration when sharing a device or session
Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for th first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.
Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for the first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.
### Manually starting the calibration process
@ -84,7 +84,7 @@ If calibration is unsuccessful try:
- Moving objects in your visor out of the way (such as hair)
- Turning on a light in your room or moving out of direct sunlight
If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
If you followed all guidelines and calibration is still failing, you can disable the calibration prompt in Settings. Please also let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system.
@ -92,6 +92,8 @@ Note that setting IPD is not applicable for Hololens 2, since eye positions are
Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
The device can locally store up to 50 calibration profiles. After this number is reached, the device automatically deletes the oldest unused profile.
Calibration information can always be deleted from the device in **Settings** > **Privacy** > **Eye tracker**.
### Disable calibration

14
devices/hololens/hololens-commercial-infrastructure.md
View File

@ -56,7 +56,7 @@ Make sure that [this list](hololens-offline.md) of endpoints are allowed on your
### Remote Assist Specific Network Requirements
1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
**(Please note, if you dont network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer).**
**(Please note, if you don't network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer).**
1. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found [here](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams).
### Guides Specific Network Requirements
@ -73,18 +73,18 @@ Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md) for a
1. If you plan on using Auto Enrollment, you will have to [Configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/.set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
1. Ensure that your companys users are in Azure Active Directory (Azure AD).
1. Ensure that your company's users are in Azure Active Directory (Azure AD).
Instructions for adding users can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-users-azure-active-directory).
1. We suggest that users who need similar licenses are added to the same group.
1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
1. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
1. Ensure that your companys users (or group of users) are assigned the necessary licenses.
1. Ensure that your company's users (or group of users) are assigned the necessary licenses.
Directions for assigning licenses can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups).
1. Only do this step if users are expected to enroll their HoloLens/Mobile device into you (There are three options)
These steps ensure that your companys users (or a group of users) can add devices.
These steps ensure that your company's users (or a group of users) can add devices.
1. **Option 1:** Give all users permission to join devices to Azure AD.
**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
**Set Users may join devices to Azure AD to *All***
@ -163,7 +163,7 @@ Directions for upgrading to the commercial suite can be found [here](https://doc
1. Check your app settings
1. Log into your Microsoft Store Business account
1. **Manage > Products and Services > Apps and Software > Select the app you want to sync > Private Store Availability > Select “Everyone” or “Specific Groups”**
1. **Manage > Products and Services > Apps and Software > Select the app you want to sync > Private Store Availability > Select "Everyone" or "Specific Groups"**
>[!NOTE]
>If you don't see the app you want, you will have to "get" the app by searching the store for your app. **Click the "Search" bar in the upper right-hand corner > type in the name of the app > click on the app > select "Get"**.
1. If you do not see your apps in **Intune > Client Apps > Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
@ -171,11 +171,11 @@ Directions for upgrading to the commercial suite can be found [here](https://doc
1. [Create a device profile for Kiosk mode](https://docs.microsoft.com/intune/configuration/kiosk-settings#create-the-profile)
> [!NOTE]
> You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
> You can configure different users to have different Kiosk Mode experiences by using "Azure AD" as the "User logon type". However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png)
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found [here](hololens-kiosk.md#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk)
## Certificates and Authentication

15
devices/hololens/hololens-connect-devices.md
View File

@ -45,10 +45,15 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices:
### HoloLens (1st gen): Pair the clicker
1. Use the bloom gesture to go to **Start**, and then select **Settings**.
1. Select **Devices**, and make sure that Bluetooth is on.
1. Use the tip of a pen to press and hold the clicker pairing button until the clicker status light blinks white. Make sure to hold down the button until the light starts blinking.
The pairing button is on the underside of the clicker, next to the finger loop.
![The pairing button is beside the finger loop](images/use-hololens-clicker-1.png)
1. On the pairing screen, select **Clicker** > **Pair**.
## HoloLens 2: Connect USB-C devices
@ -63,6 +68,9 @@ HoloLens 2 supports the following classes of USB-C devices:
- Wired keyboard
- Combination PD hubs (USB A plus PD charging)
> [!NOTE]
> Some mobile devices with USB-C connections present themselves to the HoloLens as ethernet adaptors, and therefore could be used in a tethering configuration, starting with Windows Holographic, version 2004. USB LTE modems that require a separate driver, and/or application installed for configuration are not supported
## Connect to Miracast
To use Miracast, follow these steps:
@ -74,3 +82,10 @@ To use Miracast, follow these steps:
1. On the list of devices that appears, select an available device.
1. Complete the pairing to begin projecting.
## Disable Bluetooth
This procedure turns off the RF components of the Bluetooth radio and disables all Bluetooth functionality on Microsoft HoloLens.
1. Use the bloom gesture (HoloLens (1st gen)) or the start gesture (HoloLens 2) to go to **Start**, and then select **Settings** > **Devices**.
1. Move the slider switch for **Bluetooth** to the **Off** position.

4
devices/hololens/hololens-enroll-mdm.md
View File

@ -29,7 +29,7 @@ You can manage multiple Microsoft HoloLens devices simultaneously using solution
## Auto-enrollment in MDM
If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/mem/intune/enrollment/windows-enroll#enable-windows-10-automatic-enrollment)
When auto-enrollment is enabled, no additional manual enrollment is needed. When the user signs in with an Azure AD account, the device is enrolled in MDM after completing the first-run experience.
@ -45,4 +45,4 @@ Your device is now enrolled with your MDM server. The device will need to restar
## Unenroll HoloLens from Intune
You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.

110
devices/hololens/hololens-feedback.md
View File

@ -4,7 +4,11 @@ description: Create actionable feedback for HoloLens and Windows Mixed Reality d
ms.assetid: b9b24c72-ff86-44a9-b30d-dd76c49479a9
author: mattzmsft
ms.author: mazeller
ms.date: 09/13/2019
ms.date: 05/14/2020
ms.custom:
- CI 116157
- CSSTroubleshooting
audience: ITPro
ms.prod: hololens
ms.topic: article
keywords: feedback, bug, issue, error, troubleshoot, help
@ -15,68 +19,66 @@ appliesto:
- HoloLens 2
---
# Give us feedback
# Feedback for HoloLens
Use the Feedback Hub to tell us which features you love, which features you could do without, or when something could be better.
Use the Feedback Hub to tell us which features you love, which features you could do without, and how something could be better. The engineering team uses the same mechanism internally to track and fix bugs, so please use Feedback Hub to report any bugs that you see. We are listening!
## Feedback for Windows Mixed Reality immersive headset on PC
Feedback Hub is an excellent way to alert the engineering team to bugs and to make sure that future updates are healthier and more consistently free of bugs. However, Feedback Hub does not provide a response. If you need immediate help, please file feedback, take note of the summary that you provided for your feedback, and then follow up with [HoloLens support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
> [!IMPORTANT]
> Before you report an issue, make sure that your environment meets the following requirements so that you can successfully upload logs and other information:
>
> - Have a minimum of 3GB free disk space available on the main drive of the device.
> - To upload cabs or other large files, connect to a non-metered network.
> [!NOTE]
>
> - Make sure you that you have the current version of Feedback Hub. To do this, select **Start** > **Microsoft Store**, and then select the ellipses (**...**). Then, select **Downloads and updates** > **Get updates**.
>
> - To provide the best possible data for fixing issues, we highly recommended that you set your device telemetry to **Full**. You can set this value during the Out-of-Box-Experience (OOBE), or by using the Settings app. To do this by using Settings, select **Start** > **Settings** > **Privacy** > **App Diagnostics** > **On**.
1. Make sure that you have the immersive headset connected to your PC, and then on the desktop, select **Feedback Hub**.
1. In the left pane, select **Feedback**.
![Feedback tab](images/feedback1-600px.png)
1. To enter new feedback, select **Add new feedback**.
![Add new feedback](images/feedback2-600px.png)
1. To make feedback actionable, in **What kind of feedback is this?** select **Problem**.
1. In **Summarize your issue**, enter a meaningful title for your feedback.
1. In **Give us more detail**, provide details and repro steps.
![Details and repro steps](images/feedback3-600px.png)
## Use the Feedback Hub
As the top category, select **Mixed Reality**. Then select an applicable subcategory, as explained in the following table:
|Subcategory |Description |
|----------|----------|
| Apps | Issues about a specific application. |
| Developer | Issues about authoring or running an app for Mixed Reality. |
| Device | Issues about the head-mounted device (HMD) itself. |
| Home experience | Issues about your VR environment and your interactions with the your mixed reality home. |
| Input | Issues about input methods, such as motion controllers, speech, gamepad, or mouse and keyboard. |
| Set up | Anything that is preventing you from setting up the device. |
| All other issues | Anything else. |
1. If possible, add traces or video to your feedback to help us identify and fix the issue more quickly. To do this, follow these steps:
1. To start collecting traces, select **Start capture**. The app starts collecting traces and a video capture of your mixed reality scenario.
![Start Capture](images/feedback4-600px.png)
1. Do not close the Feedback Hub app, but switch to the scenario that produces the issue. Run through the scenario to produce the circumstances that you have described.
1. After you finish your scenario, go back to the Feedback Hub app and select **Stop capture**. The app stops collecting information, stores the information in a file, and attaches the file to your feedback.
1. Select **Submit**.
![Submit](images/feedback5-600px.png)
The Thank You page indicates that your feedback has been successfully submitted.
![Thank You](images/feedback6-600px.png)
1. Use the **Start** gesture to open the **Start** menu, and then select **Feedback Hub**. The app opens in your environment.
To easily direct other people (such as co-workers, Microsoft staff, [forum](https://forums.hololens.com/) readers et al) to the issue, go to **Feedback** > **My Feedback**, select the issue, select **Share**. This action provides a shortened URL that you can give to others so that they can upvote or escalate your issue.
![Feedback app on HoloLens Start menu](./images/hololens2-feedbackhub-tile.png)
> [!NOTE]
> If you don't see **Feedback Hub**, select **All Apps** to see the complete list of apps on the device.
## Feedback for HoloLens
1. To see whether someone else has given similar feedback, enter a few keywords about the topic in the **Feedback** search box.
1. If you find similar feedback, select it, add any additional information that you have in the **Write a comment** box, and then select **Upvote**.
1. If you don't find any similar feedback, select **Add new feedback**.
1. Use the **bloom** gesture to open the **Start** menu, and then select **Feedback Hub**.
![Add new feedback](./images/hololens-feedback-1.png)
![Start menu on Microsoft HoloLens](images/startmenu.jpg)
1. Place the app in your environment and then select the app to launch it.
1. To see if someone else has given similar feedback, in the Feedback search box, enter a few keywords about the topic.
1. In **Summarize your feedback**, enter a short summary of your feedback. Then add details in the **Explain in more detail** box. The more details that you provide, such as how to reproduce this problem and the effect that it has, the more useful your feedback is. When you're finished, select **Next**.
![Search Feedback](images/searchfeedback-500px.jpg)
1. If you find similar feedback, select it, add any details, then select **Upvote**.
1. Select a topic from **Choose a category**, and then select a subcategory from **Select a subcategory**. The following table describes the categories that are available in the Windows Holographic category.
![Upvote existing Feedback](images/upvotefeedback-500px.jpg)
1. If you dont find any similar feedback, select **Add new feedback**, select a topic from **Select a category**, and then select a subcategory from **Select a subcategory**.
> [!NOTE]
> **Commercial customers**: To report a bug that is related to MDM, provisioning, or any other device management aspect, select the **Enterprise Management** category, and the **Device** subcategory.
![Add new Feedback](images/addnewfeedback-500px.jpg)
1. Enter your feedback.
1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **Im done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
1. Select **Post feedback**, and youre done.
|Category |Description |
| --- | --- |
|Eye tracking |Feedback about eye tracking, iris sign-in, or calibration. |
|Hologram accuracy, stability, and reliability |Feedback about how holograms appear in space. |
|Launching, placing, adjusting, and exiting apps |Feedback about starting or stopping 2D or 3D apps. |
|Miracast |Feedback about Miracast. |
|Spaces and persistence |Feedback about how HoloLens recognizes spaces and retains holograms in space. |
|Start menu and all apps list |Feedback about the **Start** menu and the all apps list. |
|Surface mapping |Feedback about surface mapping. |
|Taking pictures and videos |Feedback about mixed reality captures. |
|Video hologram playback |Feedback about video hologram playback. |
|All other issues |All other issues. |
1. You may be prompted to search for similar feedback. If your problem resembles feedback from other users, select that feedback. Otherwise, select **New feedback** and then select **Next**.
1. If you are prompted, select the best description of the problem.
1. Attach any relevant data to your feedback, or reproduce the problem. You can select any of the following options:
- **Attach a screenshot**. Select this option to attach a screenshot that illustrates the situation that you're describing.
- **Attach a file**. Select this option to attach data files. If you have files that are relevant to your problem or that could help us to reproduce your problem, attach them.
- **Recreate my problem**. Select this option if you can reproduce the problem yourself. After you select **Recreate my problem**, follow these steps:
1. Select **Include data about** and make sure that the most relevant types of data are listed. In most cases, the default selections are based on the category and subcategory that you selected for your feedback.
1. Select **Start Recording**.
1. Reproduce your problem. Dont worry if this means that you have to enter an immersive app. You will return to the feedback page when you're done.
1. Select **Stop recording**. After recording stops, you can see the data that is attached to your feedback for the engineering team.
1. Make sure that you have an active internet connection so that we can receive your feedback. Select **Submit**, and youre done.

2
devices/hololens/hololens-identity.md
View File

@ -32,7 +32,7 @@ HoloLens supports several kinds of user identities. You can use one or more user
| Identity type | Accounts per device | Authentication options |
| --- | --- | --- |
| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 64 | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | <ul><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |

82
devices/hololens/hololens-insider.md
View File

@ -11,7 +11,7 @@ ms.custom:
- CSSTroubleshooting
ms.localizationpriority: medium
audience: ITPro
ms.date: 4/14/2020
ms.date: 4/21/2020
ms.reviewer:
manager: laurawi
appliesto:
@ -34,6 +34,9 @@ Select **Confirm -> Restart Now** to finish up. After your device has rebooted,
If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](hololens-recovery.md) using the Advanced Recovery Companion to recover your device to a non-Insider version of Windows Holographic.
> [!CAUTION]
> There is a known issue in which users who un-enroll from Insider Preview builds after manually reinstalling a fresh preview build would experience a blue screen. Afterwards they must manually recover their device. For full details on if you would be impacted or not, please view more on this [Known Issue](https://docs.microsoft.com/hololens/hololens-known-issues?source=docs#blue-screen-is-shown-after-unenrolling-from-insider-preview-builds-on-a-device-reflashed-with-a-insider-build).
To verify that your HoloLens is running a production build:
1. Go to **Settings > System > About**, and find the build number.
@ -44,6 +47,8 @@ To opt out of Insider builds:
1. On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
1. Follow the instructions to opt out your device.
## Provide feedback and report issues
Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
@ -58,80 +63,9 @@ You are welcome and encouraged to try developing your applications using Insider
## Windows Insider Release Notes
HoloLens 2 Windows Insider builds are full of new features and improvements. Sign up for Windows Insider Fast or Slow flights to test them out!
Here's a quick summary of what's new:
As of our [Windows Holographic May 2020 Update](hololens-release-notes.md) release all of our release preview feautres are now generally avalible! Make sure to [update your HoloLens](hololens-update-hololens.md) to get all the latest features.
- Support for FIDO2 Security Keys to enable secure and easy authentication for shared devices
- Seamlessly apply a provisioning package from a USB drive to your HoloLens
- Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system
- Use Windows Autopilot to set up and pre-configure new devices, quickly getting them ready for productive use. To participate in the program you'll need to meet a few requirements. While the program is in preview mode you'll need to be using Microsoft Intune. You'll need to use a tenant that is flighted for HoloLens. Lastly you'll need to have installed an insider preview buildon your HoloLens 2. To praticipate in the preview of this new program send a note to hlappreview@microsoft.com to join the preview.
- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
- Support for additional system voice commands
- An updated Cortana app with a focus on productivity
- Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
- Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device
Once you've had a chance to explore these new capabilities, use the Feedback Hub app to let us know what you think. Feedback you provide in the Feedback Hub goes directly to our engineers.
### FIDO 2 support
Many of you share a HoloLens with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long user names and passwords. FIDO lets anyone in your organization (AAD tenant) seamlessly sign in to HoloLens without entering a username or password.
Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started.
### Provisioning package updates
Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel.
1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC.
1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices**
1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device.
1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
### System voice commands
You can now can access these commands with your voice:
- "Restart device"
- "Shutdown device"
- "Brightness up"
- "Brightness down"
- "Volume up"
- "Volume down"
- "What is my IP address?"
- "Take a picture"
- "Take a video" / "Stop recording"
If you're running your system with a different language, please try the appropriate commands in that language.
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Dark mode
Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
Here are some of the in-box apps that support Dark mode!
- Settings
- Microsoft Store
- Mail
- Calendar
- File Explorer
- Feedback Hub
- OneDrive
- Photos
- 3D Viewer
- Movies & TV
### Windows Autopilot for HoloLens 2
This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE).
When a user starts the Autopilot self-deploying process, the process completes the following steps:
1. Join the device to Azure Active Directory (Azure AD).
2. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
3. Download the device-targeted policies, certificates, and networking profiles.
4. Provision the device.
5. Present the sign-in screen to the user.
For full information about Autopilot, see [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md).
We'll be updating this page again with new features again as we release them to Windows Insider builds.
### FFU download and flash directions
To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu.

519
devices/hololens/hololens-kiosk.md
View File

@ -1,5 +1,5 @@
---
title: Set up HoloLens as a kiosk for specific applications
title: Set up HoloLens as a kiosk
description: Use a kiosk configuration to lock down the apps on HoloLens.
ms.prod: hololens
ms.sitesec: library
@ -7,8 +7,9 @@ author: dansimp
ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/13/2018
ms.date: 04/27/2020
ms.custom:
- CI 115262
- CI 111456
- CSSTroubleshooting
ms.reviewer:
@ -18,71 +19,347 @@ appliesto:
- HoloLens 2
---
# Set up HoloLens as a kiosk for specific applications
# Set up HoloLens as a kiosk
In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
You can configure a HoloLens device to function as a fixed-purpose device, also called a *kiosk*, by configuring the device to run in kiosk mode. Kiosk mode limits the applications (or users) that are available on the device. Kiosk mode is a convenient feature that you can use to dedicate a HoloLens device to business apps, or to use the HoloLens device in an app demo.
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don't need to access.
This article provides information about aspects of kiosk configuration that are specific to HoloLens devices. For general information about the different types of Windows-based kiosks and how to configure them, see [Configure kiosks and digital signs on Windows desktop editions](https://docs.microsoft.com/windows/configuration/kiosk-methods).
Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the [start gestures](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) (including [Bloom](https://docs.microsoft.com/hololens/hololens1-basic-usage) on HoloLens (1st Gen)) and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
> [!IMPORTANT]
> Kiosk mode determines which apps are available when a user signs in to the device. However, kiosk mode is not a security method. It does not stop an "allowed" app from opening another app that is not allowed. In order to block apps or processes from opening, use [Windows Defender Application Control (WDAC) CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) to create appropriate policies.
The following table lists the device capabilities in the different kiosk modes.
You can use kiosk mode in either a single-app or a multi-app configuration, and you can use one of three processes to set up and deploy the kiosk configuration.
Kiosk mode | Voice and Bloom commands | Quick actions menu | Camera and video | Miracast
--- | --- | --- | --- | ---
Single-app kiosk | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![no](images/crossmark.png) | ![no](images/crossmark.png)
Multi-app kiosk | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) with **Home** and **Volume** (default)<br><br>Photo and video buttons shown in Quick actions menu if the Camera app is enabled in the kiosk configuration.<br><br>Miracast is shown if the Camera app and device picker app are enabled in the kiosk configuration. | ![yes](images/checkmark.png) if the Camera app is enabled in the kiosk configuration. | ![yes](images/checkmark.png) if the Camera app and device picker app are enabled in the kiosk configuration.
> [!IMPORTANT]
> Deleting the multi-app configuration removes the user lockdown profiles that the assigned access feature created. However, it does not revert all the policy changes. To revert these policies, you have to reset the device to the factory settings.
> [!NOTE]
> Use the Application User Model ID (AUMID) to allow apps in your kiosk configuration. The Camera app AUMID is `HoloCamera_cw5n1h2txyewy!HoloCamera`. The device picker app AUMID is `HoloDevicesFlow_cw5n1h2txyewy!HoloDevicesFlow`.
## Plan the kiosk deployment
The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration.
### Kiosk mode requirements
> [!WARNING]
> The assigned access feature which enables kiosk mode is intended for corporate-owned fixed-purpose devices. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all [the enforced policies](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#policies-set-by-multi-app-kiosk-configuration). A factory reset is needed to clear all the policies enforced via assigned access.
>
> Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app.
You can configure any HoloLens 2 device to use kiosk mode.
For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
- You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use a provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
- You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
To configure a HoloLens (1st gen) device to use kiosk mode, you must first make sure that the device runs Windows 10, version 1803, or a later version. If you have used the Windows Device Recovery Tool to recover your HoloLens (1st gen) device to its default build, or if you have installed the most recent updates, your device is ready to configure.
For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks.
> [!IMPORTANT]
> To help protect devices that run in kiosk mode, consider adding device management policies that turn off features such as USB connectivity. Additionally, check your update ring settings to make sure that automatic updates do not occur during business hours.
## Start layout for HoloLens
### Decide between a single-app kiosk or a multi-app kiosk
If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
A single-app kiosk starts the specified app when the user signs in to the device. The Start menu is disabled, as is Cortana. A HoloLens 2 device does not respond to the [Start](hololens2-basic-usage.md#start-gesture) gesture. A HoloLens (1st gen) device does not respond to the [bloom](hololens1-basic-usage.md) gesture. Because only one app can run, the user cannot place other apps.
> [!NOTE]
> Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
A multi-app kiosk displays the Start menu when the user signs in to the device. The kiosk configuration determines which apps are available on the Start menu. You can use a multi-app kiosk to provide an easy-to-understand experience for users by presenting to them only the things that they have to use, and removing the things they don't need to use.
### Start layout file for MDM (Intune and others)
The following table lists the feature capabilities in the different kiosk modes.
Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
| &nbsp; |Start menu |Quick Actions menu |Camera and video |Miracast |Cortana |Built-in voice commands |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
|Single-app kiosk |Disabled |Disabled |Disabled |Disabled |Disabled |Enabled<sup>1</sup> |
|Multi-app kiosk |Enabled |Enabled<sup>2</sup> |Available<sup>2</sup> |Available<sup>2</sup> |Available<sup>2, 3</sup> |Enabled<sup>1</sup> |
> [!NOTE]
> If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package).
> <sup>1</sup> Voice commands that relate to disabled features do not function.
> <sup>2</sup> For more information about how to configure these features, see [Select kiosk apps](#plan-kiosk-apps).
> <sup>3</sup> Even if Cortana is disabled, the built-in voice commands are enabled.
The following table lists the user support features of the different kiosk modes.
| &nbsp; |Supported user types | Automatic sign-in | Multiple access levels |
| --- | --- | --- | --- |
|Single-app kiosk |Managed Service Account (MSA) in Azure Active Directory (AAD) or local account |Yes |No |
|Multi-app kiosk |AAD account |No |Yes |
For examples of how to use these capabilities, see the following table.
|Use a single-app kiosk for: |Use a multi-app kiosk for: |
| --- | --- |
|A device that runs only a Dynamics 365 Guide for new employees. |A device that runs both Guides and Remote Assistance for a range of employees. |
|A device that runs only a custom app. |A device that functions as a kiosk for most users (running only a custom app), but functions as a standard device for a specific group of users. |
### Plan kiosk apps
For general information about how to choose kiosk apps, see [Guidelines for choosing an app for assigned access (kiosk mode)](https://docs.microsoft.com/windows/configuration/guidelines-for-assigned-access-app).
If you use the Windows Device Portal to configure a single-app kiosk, you select the app during the setup process.
If you use a Mobile Device Management (MDM) system or a provisioning package to configure kiosk mode, you use the [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to specify applications. The CSP uses [Application User Model IDs (AUMIDs)](https://docs.microsoft.com/windows/configuration/find-the-application-user-model-id-of-an-installed-app) to identify applications. The following table lists the AUMIDs of some in-box applications that you can use in a multi-app kiosk.
> [!CAUTION]
> You cannot select the Shell app as a kiosk app. Addition, we recommend that you do **not** select Microsoft Edge, Microsoft Store, or File Explorer as a kiosk app.
<a id="aumids"></a>
|App Name |AUMID |
| --- | --- |
|3D Viewer |Microsoft.Microsoft3DViewer\_8wekyb3d8bbwe\!Microsoft.Microsoft3DViewer |
|Calendar |microsoft.windowscommunicationsapps\_8wekyb3d8bbwe\!microsoft.windowslive.calendar |
|Camera<sup>1, 2</sup> |HoloCamera\_cw5n1h2txyewy\!HoloCamera |
|Cortana<sup>3</sup> |Microsoft.549981C3F5F10\_8wekyb3d8bbwe\!App |
|Device Picker |HoloDevicesFlow\_cw5n1h2txyewy\!HoloDevicesFlow |
|Dynamics 365 Guides |Microsoft.Dynamics365.Guides\_8wekyb3d8bbwe\!MicrosoftGuides |
|Dynamics 365 Remote Assist |Microsoft.MicrosoftRemoteAssist\_8wekyb3d8bbwe\!Microsoft.RemoteAssist |
|Feedback&nbsp;Hub |Microsoft.WindowsFeedbackHub\_8wekyb3d8bbwe\!App |
|Mail |c5e2524a-ea46-4f67-841f-6a9465d9d515\_cw5n1h2txyewy\!App |
|Miracast<sup>4</sup> |&nbsp; |
|Movies & TV |Microsoft.ZuneVideo\_8wekyb3d8bbwe\!Microsoft.ZuneVideo |
|OneDrive |microsoft.microsoftskydrive\_8wekyb3d8bbwe\!App |
|Photos |Microsoft.Windows.Photos\_8wekyb3d8bbwe\!App |
|Settings |HolographicSystemSettings\_cw5n1h2txyewy\!App |
|Tips |Microsoft.HoloLensTips\_8wekyb3d8bbwe\!HoloLensTips |
> <sup>1</sup> To enable photo or video capture, you have to enable the Camera app as a kiosk app.
> <sup>2</sup> When you enable the Camera app, be aware of the following conditions:
> - The Quick Actions menu includes the Photo and Video buttons.
> - You should also enable an app (such as Photos, Mail, or OneDrive) that can interact with or retrieve pictures.
>
> <sup>3</sup> Even if you do not enable Cortana as a kiosk app, built-in voice commands are enabled. However, commands that are related to disabled features have no effect.
> <sup>4</sup> You cannot enable Miracast directly. To enable Miracast as a kiosk app, enable the Camera app and the Device Picker app.
### Plan user and device groups
In an MDM environment, you use groups to manage device configurations and user access.
The kiosk configuration profile includes the **User logon type** setting. **User logon type** identifies the user (or group that contains the users) who can use the app or apps that you add. If a user signs in by using an account that is not included in the configuration profile, that user cannot use apps on the kiosk.
> [!NOTE]
> The **User logon type** of a single-app kiosk specifies a single user account. This is the user context under which the kiosk runs. The **User logon type** of a multi-app kiosk can specify one or more user accounts or groups that can use the kiosk.
Before you can deploy the kiosk configuration to a device, you have to *assign* the kiosk configuration profile to a group that contains the device or a user who can sign in to the device. This setting produces behavior such as the following.
- If the device is a member of the assigned group, the kiosk configuration deploys to the device the first time that any user signs in on the device.
- If the device is not a member of the assigned group, but a user who is a member of that group signs in, the kiosk configuration deploys to the device at that time.
For a full discussion of the effects of assigning configuration profiles in Intune, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-profile-assign).
> [!NOTE]
> The following examples describe multi-app kiosks. Single-app kiosks behave in a similar manner, but only one user account gets the kiosk experience.
**Example 1**
You use a single group (Group 1) for both devices and users. One device and users A, B, and C are members of this group. You configure the kiosk configuration profile as follows:
- **User logon type**: Group 1
- **Assigned group**: Group 1
Regardless of which user signs on to the device first (and goes through the Out-of-Box Experience, or OOBE), the kiosk configuration deploys to the device. Users A, B, and C can all sign in to the device and get the kiosk experience.
**Example 2**
You contract out devices to two different vendors who need different kiosk experiences. Both vendors have users, and you want all the users to have access to kiosks from both their own vendor and the other vendor. You configure groups as follows:
- Device Group 1:
- Device 1 (Vendor 1)
- Device 2 (Vendor 1)
- Device Group 2:
- Device 3 (Vendor 2)
- Device 4 (Vendor 2)
- User Group:
- User A (Vendor 1)
- User B (Vendor 2)
You create two kiosk configuration profiles that have the following settings:
- Kiosk Profile 1:
- **User logon type**: User Group
- **Assigned group**: Device Group 1
- Kiosk Profile 2:
- **User logon type**: User Group
- **Assigned group**: Device Group 2
These configurations produce the following results:
- When any user signs in to Device 1 or Device 2, Intune deploys Kiosk Profile 1 to that device.
- When any user signs in to Device 3 or Device 4, Intune deploys Kiosk Profile 2 to that device.
- User A and user B can sign in to any of the four devices. If they sign in to Device 1 or Device 2, they see the Vendor 1 kiosk experience. If they sign in to Device 3 or Device 4, they see the Vendor 2 kiosk experience.
#### Profile conflicts
If two or more kiosk configuration profiles target the same device, they conflict. In the case of Intune-managed devices, Intune does not apply any of the conflicting profiles.
Other kinds of profiles and policies, such as device restrictions that are not related to the kiosk configuration profile, do not conflict with the kiosk configuration profile.
### Select a deployment method
You can select one of the following methods to deploy kiosk configurations:
- [Microsoft Intune or other mobile device management (MDM) service](#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk)
- [Provisioning package](#use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk)
- [Windows Device Portal](#use-the-windows-device-portal-to-set-up-a-single-app-kiosk)
> [!NOTE]
> Because this method requires that Developer Mode be enabled on the device, we recommend that you use it only for demonstrations.
The following table lists the capabilities and benefits of each of the deployment methods.
| &nbsp; |Deploy by using Windows Device Portal |Deploy by using a provisioning package |Deploy by using MDM |
| --------------------------- | ------------- | -------------------- | ---- |
|Deploy single-app kiosks | Yes | Yes | Yes |
|Deploy multi-app kiosks | No | Yes | Yes |
|Deploy to local devices only | Yes | Yes | No |
|Deploy by using Developer Mode |Required | Not required | Not required |
|Deploy by using Azure Active Directory (AAD) | Not required | Not required | Required |
|Deploy automatically | No | No | Yes |
|Deployment speed | Fastest | Fast | Slow |
|Deploy at scale | Not recommended | Not recommended | Recommended |
## Use Microsoft Intune or other MDM to set up a single-app or multi-app kiosk
To set up kiosk mode by using Microsoft Intune or another MDM system, follow these steps.
1. [Prepare to enroll the devices](#mdmenroll).
1. [Create a kiosk configuration profile](#mdmprofile).
1. Configure the kiosk.
- [Configure the settings for a single-app kiosk](#mdmconfigsingle).
- [Configure the settings for a multi-app kiosk](#mdmconfigmulti).
1. [Assign the kiosk configuration profile to a group](#mdmassign).
1. Deploy the devices.
- [Deploy a single-app kiosk](#mdmsingledeploy).
- [Deploy a multi-app kiosk](#mdmmultideploy).
### <a id="mdmenroll"></a>MDM, step 1 &ndash; Prepare to enroll the devices
You can configure your MDM system to enroll HoloLens devices automatically when the user first signs in, or have users enroll devices manually. The devices also have to be joined to your Azure AD domain, and assigned to the appropriate groups.
For more information about how to enroll the devices, see [Enroll HoloLens in MDM](hololens-enroll-mdm.md) and [Intune enrollment methods for Windows devices](https://docs.microsoft.com/mem/intune/enrollment/windows-enrollment-methods).
### <a id="mdmprofile"></a>MDM, step 2 &ndash; Create a kiosk configuration profile
1. Open the [Azure](https://portal.azure.com/) portal and sign in to your Intune administrator account.
1. Select **Microsoft Intune** > **Device configuration - Profiles** > **Create profile**.
1. Enter a profile name.
1. Select **Platform** > **Windows 10 and later**, and then select **Profile type** >**Device restrictions**.
1. Select **Configure** > **Kiosk**, and then select one of the following:
- To create a single-app kiosk, select **Kiosk Mode** > **Single-app kiosk**.
- To create a multi-app kiosk, select **Kiosk Mode** > **Multi-app kiosk**.
1. To start configuring the kiosk, select **Add**.
Your next steps differ depending on the type of kiosk that you want. For more information, select one of the following options:
- [Single-app kiosk](#mdmconfigsingle)
- [Multi-app kiosk](#mdmconfigmulti)
For more information about how to create a kiosk configuration profile, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](https://docs.microsoft.com/intune/configuration/kiosk-settings).
### <a id="mdmconfigsingle"></a>MDM, step 3 (single-app) &ndash; Configure the settings for a single-app kiosk
This section summarizes the settings that a single-app kiosk requires. For more details, see the following articles:
- For information about how to configure a kiosk configuration profile in Intune, see [How to Configure Kiosk Mode Using Microsoft Intune](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
- For more information about the available settings for single-app kiosks in Intune, see [Single full-screen app kiosks](https://docs.microsoft.com/intune/configuration/kiosk-settings-holographic#single-full-screen-app-kiosks)
- For other MDM services, check your provider's documentation for instructions. If you have to use a custom XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#ppkioskconfig).
1. Select **User logon type** > **Local user account**, and then enter the user name of the local (device) account or Microsoft Account (MSA) that can sign in to the kiosk.
> [!NOTE]
> **Autologon** user account types aren't supported on Windows Holographic for Business.
1. Select **Application type** > **Store app**, and then select an app from the list.
Your next step is to [assign](#mdmassign) the profile to a group.
### <a id="mdmconfigmulti"></a>MDM, step 3 (multi-app) &ndash; Configure the settings for a multi-app kiosk
This section summarizes the settings that a multi-app kiosk requires. For more detailed information, see the following articles:
- For information about how to configure a kiosk configuration profile in Intune, see [How to Configure Kiosk Mode Using Microsoft Intune](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
- For more information about the available settings for multi-app kiosks in Intune, see [Multi-app kiosks](https://docs.microsoft.com/mem/intune/configuration/kiosk-settings-holographic#multi-app-kiosks)
- For other MDM services, check your provider's documentation for instructions. If you need to use a custom XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#ppkioskconfig). If you use an XML file, make sure to include the [Start layout](#start-layout-for-hololens).
- You can optionally use a custom Start layout with Intune or other MDM services. For more information, see [Start layout file for MDM (Intune and others)](#start-layout-file-for-mdm-intune-and-others).
1. Select **Target Windows 10 in S mode devices** > **No**.
>[!NOTE]
> S mode isn't supported on Windows Holographic for Business.
1. Select **User logon type** > **Azure AD user or group** or **User logon type** > **HoloLens visitor**, and then add one or more user groups or accounts.
Only users who belong to the groups or accounts that you specify in **User logon type** can use the kiosk experience.
1. Select one or more apps by using the following options:
- To add an uploaded line-of-business app, select **Add store app** and then select the app that you want.
- To add an app by specifying its AUMID, select **Add by AUMID** and then enter the AUMID of the app. [See the list of available AUMIDs](#aumids)
Your next step is to [assign](#mdmassign) the profile to a group.
### <a id="mdmassign"></a>MDM, step 4 &ndash; Assign the kiosk configuration profile to a group
Use the **Assignments** page of the kiosk configuration profile to set where you want the kiosk configuration to deploy. In the simplest case, you assign the kiosk configuration profile to a group that will contain the HoloLens device when the device enrolls in MDM.
### <a id="mdmsingledeploy"></a>MDM, step 5 (single-app) &ndash; Deploy a single-app kiosk
When you use an MDM system, you can enroll the device in MDM during OOBE. After OOBE finishes, signing in to the device is easy.
During OOBE, follow these steps:
1. Sign in by using the account that you specified in the kiosk configuration profile.
1. Enroll the device. Make sure that the device is added to the group that the kiosk configuration profile is assigned to.
1. Wait for OOBE to finish, for the store app to download and install, and for policies to be applied. Then restart the device.
The next time you sign in to the device, the kiosk app should automatically start.
If you don't see your kiosk configuration at this point, [check the assignment status](https://docs.microsoft.com/intune/configuration/device-profile-monitor).
### <a id="mdmmultideploy"></a>MDM, step 5 (multi-app) &ndash; Deploy a multi-app kiosk
When you use an MDM system, you can join the device to your Azure AD tenant and enroll the device in MDM during OOBE. If appropriate, provide the enrollment information to the users so that they have it available during the OOBE process.
> [!NOTE]
> If you have assigned the kiosk configuration profile to a group that contains users, make sure that one of those user accounts is the first account to sign in to the device.
During OOBE, follow these steps:
1. Sign in by using the account that belongs to the **User logon type** group.
1. Enroll the device.
1. Wait for any apps that are part of the kiosk configuration profile to download and install. Also, wait for policies to be applied.
1. After OOBE finishes, you can install additional apps from the Microsoft store or by sideloading. [Required apps](https://docs.microsoft.com/mem/intune/apps/apps-deploy#assign-an-app) for the group that the device belongs to install automatically.
1. After the installation finishes, restart the device.
The next time you sign in to the device by using an account that belongs to the **User logon type**, the kiosk app should automatically launch.
If you don't see your kiosk configuration at this point, [check the assignment status](https://docs.microsoft.com/intune/configuration/device-profile-monitor).
## Use a provisioning package to set up a single-app or multi-app kiosk
To set up kiosk mode by using a provisioning package, follow these steps.
1. [Create an XML file that defines the kiosk configuration.](#ppkioskconfig), including a [Start layout](#start-layout-for-hololens).
2. [Add the XML file to a provisioning package.](#ppconfigadd)
3. [Apply the provisioning package to HoloLens.](#ppapply)
### <a id="ppkioskconfig"></a>Provisioning package, step 1 &ndash; Create a kiosk configuration XML file
Follow [the general instructions to create a kiosk configuration XML file for Windows desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#create-xml-file), except for the following:
- Do not include Classic Windows applications (Win32). HoloLens does not support these applications.
- Use the [placeholder Start layout XML](#start-layout-for-hololens) for HoloLens.
- Optional: Add guest access to the kiosk configuration
#### <a id="ppkioskguest"></a>Optional: Add guest access to the kiosk configuration
In the [**Configs** section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured to support the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data that is associated with the account is deleted when the account signs out.
To enable the **Guest** account, add the following snippet to your kiosk configuration XML:
```xml
<LayoutModificationTemplate
xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
Version="1">
<RequiredStartGroupsCollection>
<RequiredStartGroups>
<AppendGroup Name="">
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="placeholderpackagename_kzf8qxf38zg5c!App" />
</AppendGroup>
</RequiredStartGroups>
</RequiredStartGroupsCollection>
</LayoutModificationTemplate>
<Configs>
<Config>
<SpecialGroup Name="Visitor" />
<DefaultProfile Id="enter a profile ID"/>
</Config>
</Configs>
```
### Start layout for a provisioning package
#### <a id="start-layout-for-hololens"></a>Placeholder Start layout for HoloLens
You will [create an XML file](#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
If you use a [provisioning package](##use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Windows Holographic for Business. Therefore, you'll have to use a placeholder Start layout.
> [!NOTE]
> Because a single-app kiosk starts the kiosk app when a user signs in, it does not use a Start menu and does not have to have a Start layout.
> [!NOTE]
> If you use [MDM](#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk) to set up a multi-app kiosk, you can optionally use a Start layout. For more information, see [Placeholder Start layout file for MDM (Intune and others)](#start-layout-file-for-mdm-intune-and-others).
For the Start layout, add the following **StartLayout** section to the kiosk provisioning XML file:
```xml
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
@ -104,116 +381,94 @@ You will [create an XML file](#set-up-kiosk-mode-using-a-provisioning-package-wi
<!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
```
## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803)
#### <a id="start-layout-file-for-mdm-intune-and-others"></a>Placeholder Start layout file for MDM (Intune and others)
For HoloLens devices that are managed by Microsoft Intune, directions can be found [here](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune).
Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
## Set up kiosk mode using a provisioning package (Windows 10, version 1803)
Process:
1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file)
2. [Add the XML file to a provisioning package.](#add-the-kiosk-configuration-xml-file-to-a-provisioning-package)
3. [Apply the provisioning package to HoloLens.](#apply-the-provisioning-package-to-hololens)
### Create a kiosk configuration XML file
Follow [the instructions for creating a kiosk configuration XML file for desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package), with the following exceptions:
- Do not include Classic Windows applications (Win32) since they aren't supported on HoloLens.
- Use the [placeholder Start XML](#start-layout-for-hololens) for HoloLens.
#### Add guest access to the kiosk configuration (optional)
In the [Configs section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured with the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data associated with the account is deleted when the account signs out.
Use the following snippet in your kiosk configuration XML to enable the **Guest** account:
> [!NOTE]
> If you have to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-hololens).
```xml
<Configs>
<Config>
<SpecialGroup Name="Visitor" />
<DefaultProfile Id="enter a profile ID"/>
</Config>
</Configs>
<LayoutModificationTemplate
xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
Version="1">
<RequiredStartGroupsCollection>
<RequiredStartGroups>
<AppendGroup Name="">
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="placeholderpackagename_kzf8qxf38zg5c!App" />
</AppendGroup>
</RequiredStartGroups>
</RequiredStartGroupsCollection>
</LayoutModificationTemplate>
```
### Add the kiosk configuration XML file to a provisioning package
### <a id="ppconfigadd"></a>Prov. package, step 2 &ndash; Add the kiosk configuration XML file to a provisioning package
1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22).
2. Choose **Advanced provisioning**.
3. Name your project, and click **Next**.
4. Choose **Windows 10 Holographic** and click **Next**.
5. Select **Finish**. The workspace for your package opens.
6. Expand **Runtime settings** &gt; **AssignedAccess** &gt; **MultiAppAssignedAccessSettings**.
7. In the center pane, click **Browse** to locate and select the kiosk configuration XML file that you created.
1. Select **Advanced provisioning**, enter a name for your project, and then select **Next**.
1. Select **Windows 10 Holographic**, and then select **Next**.
1. Select **Finish**. The workspace for your package opens.
1. Select **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
1. In the center pane, select **Browse** to locate and select the kiosk configuration XML file that you created.
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](./images/multiappassignedaccesssettings.png)
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
10. On the **File** menu, select **Save.**
11. On the **Export** menu, select **Provisioning package**.
12. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
1. **Optional**. (If you want to apply the provisioning package after the initial setup of the device, and there is an admin user already available on the kiosk device, skip this step.) Select **Runtime settings** &gt; **Accounts** &gt; **Users**, and then create a user account. Provide a user name and password, and then select **UserGroup** > **Administrators**.
By using this account, you can view the provisioning status and logs.
1. **Optional**. (If you already have a non-admin account on the kiosk device, skip this step.) Select **Runtime settings** &gt; **Accounts** &gt; **Users**, and then create a local user account. Make sure that the user name is the same as for the account that you specify in the configuration XML. Select **UserGroup** > **Standard Users**.
1. Select **File** > **Save**.
1. Select **Export** > **Provisioning package**, and then select **Owner** > **IT Admin**. This sets the precedence of this provisioning package higher than provisioning packages that are applied to this device from other sources.
1. Select **Next**.
1. On the **Provisioning package security** page, select a security option.
> [!IMPORTANT]
> If you select **Enable package signing**, you also have to select a valid certificate to use for signing the package. To do this, select **Browse** and select the certificate that you want to use to sign the package.
> [!CAUTION]
> Do not select **Enable package encryption**. On HoloLens devices, this setting causes provisioning to fail.
1. Select **Next**.
1. Specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. If you want to change the output location, select **Browse**. When you are finished, select **Next**.
1. Select **Build** to start building the package. The provisioning package doesn't take long to build. The build page displays the project information, and the progress bar indicates the build status.
13. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
### <a id="ppapply"></a>Provisioning package, step 3 &ndash; Apply the provisioning package to HoloLens
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
The "Configure HoloLens by using a provisioning package" article provides detailed instructions to apply the provisioning package under the following circumstances:
14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
- You can initially [apply a provisioning package to HoloLens during setup](hololens-provisioning.md#apply-a-provisioning-package-to-hololens-during-setup).
15. Click **Next**.
- You can also [apply a provisioning package to HoloLens after setup](hololens-provisioning.md#4-apply-a-provisioning-package-to-hololens-after-setup).
16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
## Use the Windows Device Portal to set up a single-app kiosk
To set up kiosk mode by using the Windows Device Portal, follow these steps.
> [!IMPORTANT]
> Kiosk mode is available only if the device has [Windows Holographic for Business](hololens1-upgrade-enterprise.md) installed.
1. [Set up the HoloLens device to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
> [!CAUTION]
> When you set up HoloLens to use the Device Portal, you have to enable Developer Mode on the device. Developer Mode on a device that has Windows Holographic for Business enables you to side-load apps. However, this setting creates a risk that a user can install apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable Developer Mode by using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider). [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
### Apply the provisioning package to HoloLens
1. On a computer, connect to the HoloLens by using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#connecting_over_usb).
1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
3. HoloLens will show up as a device in File Explorer on the PC.
4. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
5. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page.
6. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.
## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803)
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
> [!IMPORTANT]
> When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb).
3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up.
1. Do one of the following:
- If you are connecting to the Windows Device Portal for the first time, [create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#creating_a_username_and_password)
- Enter the user name and password that you previously set up.
> [!TIP]
> If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#security_certificate).
> If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#security_certificate).
4. In the Windows Device Portal, click **Kiosk Mode**.
1. In the Windows Device Portal, select **Kiosk Mode**.
1. Select **Enable Kiosk Mode**, select an app to run when the device starts, and then select **Save**.
![Kiosk Mode](images/kiosk.png)
> [!NOTE]
> The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
## Kiosk app recommendations
- You cannot select Microsoft Edge, Microsoft Store, or the Shell app as a kiosk app.
- We recommend that you do **not** select the Settings app and the File Explorer app as a kiosk app.
- You can select Cortana as a kiosk app.
- To enable photo or video capture, the HoloCamera app must be enabled as a kiosk app.
1. Restart HoloLens. If you still have your Device Portal page open, you can select **Restart** at the top of the page.
## More information
Watch how to configure a kiosk in a provisioning package.
Watch how to configure a kiosk by using a provisioning package.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]

89
devices/hololens/hololens-known-issues.md
View File

@ -4,7 +4,7 @@ description: This is the list of known issues that may affect HoloLens developer
keywords: troubleshoot, known issue, help
author: mattzmsft
ms.author: mazeller
ms.date: 8/30/2019
ms.date: 4/20/2020
ms.topic: article
ms.custom:
- CI 111456
@ -13,14 +13,60 @@ HoloLens and holograms: Frequently asked questions
manager: jarrettr
ms.prod: hololens
appliesto:
- HoloLens 1
- HoloLens (1st Gen)
- HoloLens 2
---
# Known issues for HoloLens
This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
This is the current list of known issues for HoloLens devices. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
## Unable to connect and deploy to HoloLens through Visual Studio
>[!NOTE]
> - If you discover an issue that is not blocking you please report it on your HoloLens device via [Feedback Hub](hololens-feedback.md).
> - If the issue you are facing is blocking you, in addtion to filing feedback, please [file a support request](https://aka.ms/hlsupport).
- [Known issues for all HoloLens generations](#known-issues-for-all-hololens-generations)
- [Known issues for HoloLens 2 devices](#known-issues-for-hololens-2-devices)
- [Known issues for HoloLens (1st Gen)](#known-issues-for-hololens-1st-gen)
- [Known issues for HoloLens emulator](#known-issues-for-hololens-emulator)
## Known issues for all HoloLens generations
### Unity
- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
### Windows Device Portal
- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
## Known issues for HoloLens 2 devices
### Blue screen is shown after unenrolling from Insider preview builds on a device reflashed with a Insider build
This is an issue affecting that affects users who are were on an Insider preview build, reflashed their HoloLens 2 with a new insider preview build, and then unenrolled from the Insider program.
This does not affect:
- Users who are not enrolled in Windows Insider
- Insiders:
- If a device has been enrolled since Insider builds were version 18362.x
- If they flashed a Insider signed 19041.x build AND stay enrolled in the Insider program
Work-around:
- Avoid the issue
- Flash a non-insider build. One of the regular monthly updates.
- Stay on Insider Preview
- Reflash the device
1. Put the [HoloLens 2 into flashing mode](https://review.docs.microsoft.com/hololens/hololens-recovery?branch=master#hololens-2) manually by fully powering down while not connect. Then while holding Volume up, tap the Power button.
1. Connect to the PC and open Advanced Recovery Companion.
1. Flash the HoloLens 2 to the default build.
## Known issues for HoloLens (1st Gen)
### Unable to connect and deploy to HoloLens through Visual Studio
> [!NOTE]
> Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
@ -29,7 +75,7 @@ Visual Studio has released VS 2019 Version 16.2 which includes a fix to this iss
Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail. This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \<ip\> due to error 80004005.
### Workaround
#### Workaround
Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging:
@ -79,7 +125,7 @@ Our team is currently working on a fix. In the meantime, you can use the followi
We will provide further updates as they become available.
## Issues launching the Microsoft Store and apps on HoloLens
### Issues launching the Microsoft Store and apps on HoloLens
> [!NOTE]
> Last Update: 4/2 @ 10 AM - Issue resolved.
@ -126,38 +172,27 @@ If your device is still unable to load apps, you can sideload a version of the .
We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
## Device Update
### Device Update
- 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
## Visual Studio
### Visual Studio
- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development.
- When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed.
## Emulator
- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
- You cannot use the PC webcam in the Emulator.
- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
## Unity
- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
## Windows Device Portal
- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
## API
### API
- If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward).
## Xbox Wireless Controller
### Xbox Wireless Controller
- Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens.
- If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens.
- If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it.
## Known issues for HoloLens emulator
- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
- You cannot use the PC webcam in the Emulator.
- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.

6
devices/hololens/hololens-provisioning.md
View File

@ -33,7 +33,7 @@ Some of the HoloLens configurations that you can apply in a provisioning package
- Set up a Wi-Fi connection
- Apply certificates to the device
- Enable Developer Mode
- Configure Kiosk mode (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803).
- Configure Kiosk mode (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk).
## Provisioning package HoloLens wizard
@ -49,7 +49,7 @@ The HoloLens wizard helps you configure the following settings in a provisioning
- Enroll the device in Azure Active Directory, or create a local account
- Add certificates
- Enable Developer Mode
- Configure kiosk mode (for detailed instructions,see [Set up kiosk mode using a provisioning package](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803)
- Configure kiosk mode. (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md##use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk)).
> [!WARNING]
> You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.
@ -64,6 +64,8 @@ Provisioning packages can include management instructions and policies, custom n
1. **Option 1:** [From Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). This includes HoloLens 2 capabilities.
2. **Option 2:** [From the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configuration Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box. This option does not include HoloLens 2 capabilities.
> [!NOTE]
> If you know you will be using an offline PC that needs access to Windows Configuration Designer please follow the offline app install [here](https://docs.microsoft.com/hololens/hololens-recovery#downloading-arc-without-using-the-app-store) for Advanced Recovery Companion but making Windows Confiugration Desinger your selection instead.
### 2. Create the provisioning package

40
devices/hololens/hololens-recovery.md
View File

@ -7,7 +7,7 @@ ms.prod: hololens
ms.sitesec: library
author: mattzmsft
ms.author: mazeller
ms.date: 08/30/2019
ms.date: 04/27/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
@ -82,7 +82,7 @@ If you're still having problems, press the power button for 4 seconds, until all
If your HoloLens is still experiencing issues after restarting, try resetting it to factory state. Resetting your HoloLens keeps the version of the Windows Holographic software that's installed on it and returns everything else to factory settings.
If you reset your device, all your personal data, apps, and settings will be erased. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth).
If you reset your device, all your personal data, apps, and settings will be erased, including TPM reset. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth).
1. Launch the Settings app, and then select **Update** > **Reset**.
1. Select the **Reset device** option and read the confirmation message.
@ -100,7 +100,7 @@ All of the data HoloLens needs to reset is packaged in a Full Flash Update (ffu)
### HoloLens 2
The Advanced Recovery Companion is a new app in Microsoft Store restore the operating system image to your HoloLens 2 device.
The Advanced Recovery Companion is a new app in Microsoft Store restore the operating system image to your HoloLens 2 device. Advanced Recovery Companion erases all your personal data, apps, and settings, and resets TPM.
1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store.
2. Connect HoloLens 2 to your computer.
@ -109,6 +109,8 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper
5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.)
6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
#### Manual flashing mode
> [!TIP]
> In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion:
@ -117,6 +119,38 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper
1. The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device.
1. Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2.
#### Downloading ARC without using the app store
If an IT environment prevents the use of the Windows Store app or limits access to the retail store, IT administrators can make this app available through other offline deployment paths.
- This process may also be used for other apps, as seen in step 2. This guide will focus on Advanced Recovery Companion, but my be modified for other offline apps.
This deployment path can be enabled with the following steps:
1. Go to the [Store For Business website](https://businessstore.microsoft.com) and sign-in with an Azure AD identity.
1. Go to **Manage Settings**, and turn on **Show offline apps** under **Shopping experience** as described at https://businessstore.microsoft.com/manage/settings/shop
1. Go to **shop for my group** and search for the [Advanced Recovery Companion](https://businessstore.microsoft.com/store/details/advanced-recovery-companion/9P74Z35SFRS8) app.
1. Change the **License Type** box to offline and click **Manage**.
1. Under Download the package for offline use click the second blue **“Download”** button . Ensure the file extension is .appxbundle.
1. At this stage, if the Desktop PC has Internet access, simply double click and install.
1. The IT administrator can also distribute this app through System Center Configuration Manager (SCCM) or Intune.
1. If the target PC has no Internet connectivity, some additional steps are needed:
1. Select the unencoded license and click **“Generate license”** and under **“Required Frameworks”** click **“Download.”**
1. PCs without internet access will need to use DISM to apply the package with the dependency and license. In an administrator command prompt, type:
```console
C:\WINDOWS\system32>dism /online /Add-ProvisionedAppxPackage /PackagePath:"C:\ARCoffline\Microsoft.AdvancedRecoveryCompanion_1.19050.1301.0_neutral_~_8wekyb3d8bbwe.appxbundle" /DependencyPackagePath:"C:\ARCoffline\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x86__8wekyb3d8bbwe.appx" /LicensePath:"C:\ARCoffline\Microsoft.AdvancedRecoveryCompanion_8wekyb3d8bbwe_f72ce112-dd2e-d771-8827-9cbcbf89f8b5.xml" /Region:all
```
> [!NOTE]
> The version number in this code example may not match the currently avalible version. You may have also choosen a different download location than in the example given. Please make sure to make any changes as needed.
> [!TIP]
> When planning to use Advanced Recovery Companion to install an ffu offline it may be useful to download your flashing image to be availible, here is the [current image for HoloLens 2](https://aka.ms/hololens2download).
Other resources:
- https://docs.microsoft.com/microsoft-store/distribute-offline-apps
- https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-app-package--appx-or-appxbundle--servicing-command-line-options
### HoloLens (1st gen)
If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool.

244
devices/hololens/hololens-release-notes.md
View File

@ -1,5 +1,5 @@
---
title: HoloLens release notes
title: HoloLens 2 release notes
description: Learn about updates in each new HoloLens release.
author: scooley
ms.author: scooley
@ -8,25 +8,167 @@ ms.prod: hololens
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 12/02/2019
ms.date: 05/12/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
- HoloLens 2
---
# HoloLens release notes
# HoloLens 2 release notes
## HoloLens 2
## Windows Holographic, version 2004
Build - 19041.1103
We are excited to announce our May 2020 major software update for HoloLens 2, **Windows Holographic, version 2004**. This release includes a host of exciting new capabilities, such as support for Windows Autopilot, app dark mode, USB Ethernet support for 5G/LTE hotspots, and much more. To update to the latest release, open the**Settingsapp**, go to**Update & Security**, then select the**Check for Updates**button.
| Feature | Description |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|
| Windows Autopilot | Pre-configure and seamlessly set up new devices for production, with Windows AutoPilot |
| FIDO 2 support | Support for FIDO2 Security Keys to enable fast and secure authentication for shared devices |
| Improved provisioning | Seamlessly apply a provisioning package from a USB drive to your HoloLens |
| Application install status | Check install status for apps have been pushed to HoloLens 2 via MDM, in the Settings app |
| Configuration Service Providers (CSPs) | Added new Configuration Service Providers (CSPs) enhancing admin control capabilities. |
| USB 5G/LTE support | Expanded USB Ethernet capability enables support for 5G/LTE dongles |
| Dark App Mode | Dark App Mode for apps that support both dark and light modes, improving the viewing experience |
| Voice Commands | Support for additional system voice commands to control HoloLens, hands-free |
| Hand Tracking improvements | Hand Tracking improvements make buttons and 2D slate interactions more accurate |
| Quality improvements and fixes | Various system performance and reliability improvements across the platform |
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
### April Update - build 18362.1059
### Support for Windows Autopilot
Windows Autopilot for HoloLens 2 lets the device sales channel pre-enroll HoloLens into your Intune tenant. When devices arrive, theyre ready to self-deploy as shared devices under your tenant. To take advantage of self-deployment, devices will need to connect to a network during the first screen in setup using either a USB-C to ethernet dongle or USB-C to LTE dongle.
When a user starts the Autopilot self-deploying process, the process completes the following steps:
1. Join the device to Azure Active Directory (Azure AD).
1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
1. Download the device-targeted policies, certificates, and networking profiles.
1. Provision the device.
1. Present the sign-in screen to the user.
Learn more from the [Windows Autopilot for HoloLens 2 evaluation guide](https://docs.microsoft.com/hololens/hololens2-autopilot).
**Contact your Account Manager to join the AutoPilot preview now. Autopilot-ready devices will begin shipping soon.**
### FIDO2 Security Key support
Many of you share a HoloLens device with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long usernames and passwords.
FIDO lets anyone in your organization (AAD tenant) seamlessly sign into HoloLens without entering a username or password.
FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign-in to their resources without a username or password using an external security key or a platform key built into a device.
Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started.
### Improved MDM enrollment via provisioning package
Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel. In addition, provisioning packages support a new field to enroll in device management so there is no manual set up post-provisioning.
1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC.
1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices**
1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device.
1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
### Line of Business application install status
MDM app deployment and management for Line of Business (LOB) apps is critical for our customers. Admins and users need to be able to view app install status, for auditing and diagnosis purposes. In this release we are adding more details in **Settings > Accounts > Access work or school > Click on your account > Info.**
### Additional CSPs and Policies
A [configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference?redirectedfrom=MSDN) is an interface to read, set, modify, or delete configuration settings on a device. In this release, we are adding support for more policies, increasing the control administrators have over deployed HoloLens devices. For the list of CSPs supported by HoloLens, visit this [link](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). New in this release:
**Policy CSP**
The Policy configuration service provider enables the enterprise to configure policies on Windows devices. In this release, we are adding new policies for HoloLens, listed below. You can learn more about supported policies [here](https://docs.microsoft.com/windows/client-management/mdm/policies-supported-by-hololens2).
- LetAppsAccessCamera_ForceAllowTheseApps
- LetAppsAccessCamera_ForceDenyTheseApps
- LetAppsAccessCamera_UserInControlOfTheseApps
- LetAppsAccessGazeInput
- LetAppsAccessGazeInput_ForceAllowTheseApps
- LetAppsAccessGazeInput_ForceDenyTheseApps
- LetAppsAccessGazeInput_UserInControlOfTheseApps
- LetAppsAccessMicrophone_ForceAllowTheseApps
- LetAppsAccessMicrophone_ForceDenyTheseApps
- LetAppsAccessMicrophone_UserInControlOfTheseApps
- AllowWiFi
**NetworkQoSPolicy CSP**
The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. You can learn more about this policy [here](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp).
### Expanded USB Ethernet support for 5G/LTE tethered devices
Support has been added to enable certain mobile broadband devices, such as 5G/LTE phones and WiFi hotpots when tethered to the HoloLens 2 via USB. These devices will be displayed in network settings as another ethernet connection. Mobile broadband devices that require an external driver are not supported. This enables high bandwidth connections in scenarios where WiFi is not available, and WiFi tethering isnt performant enough. You can learn more about supported USB devices [here](https://docs.microsoft.com/hololens/hololens-connect-devices).
### Hand Tracking Improvements
Hand tracking has received several improvements in this release.
- **Pointing pose stability:** The system will now resist bending the index finger when it becomes occluded by the palm. This improves accuracy when pushing buttons, typing, scrolling content, and more!
- **Reduced accidental AirTaps:** Weve improved detection of the AirTap gesture. Now there are fewer accidental activations in several common cases, such as dropping your hands to your side.
- **User switch reliability:** The system is now faster and more reliable at updating the hand size when sharing a device back and forth.
- **Reduced hand stealing:** Weve improved handling of cases where there are more than 2 hands in view of the sensors. If multiple people are working close together, there is now a much lower chance that the tracked hand will jump from the user to the hand of someone else in the scene.
- **System reliability:** Fixed an issue that would cause hand tracking to stop working for a period if the device is under high load.
### Dark mode
Many Windows apps now support both dark and light modes, and HoloLens 2 customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to Settings > System > Colors to find "Choose your default app mode." Here are some of the in-box apps that support Dark mode:
- Settings
- Microsoft Store
- Mail
- Calendar
- File Explorer
- Feedback Hub
- OneDrive
- Photos
- 3D Viewer
- Movies & TV
![Dark mode windows tiled](images/hololens-darkmode-tiled-picture.jpg)
### System voice commands
You can now quickly access and use commands with your voice while using any app on the device. If you're running your system with a different language, please try the appropriate commands in that language. For more details on the commands and how to use them, see our documentation [here](https://docs.microsoft.com/hololens/hololens-cortana).
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands mentioned above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
> [!NOTE]
> There's currently an issue we're investigating that requires you to launch the app after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Quality improvements and fixes
Improvements and Fixes also in the update:
- The update introduces an active display calibration system. This improves the stability and alignment of holograms, which helps them stay in place when moving your head side-to-side.
- Fixed a bug where Wi-Fi streaming to HoloLens gets disrupted periodically. If an application indicates that it needs low latency streaming this fix is can be accomplished by calling [this function](https://docs.microsoft.com/windows/win32/api/socketapi/nf-socketapi-setsocketmediastreamingmode).
- Fixed an issue where the device could hang during streaming in research mode.
- Fixed bug where in some cases the right user would not be displayed on sign-in screen when resuming session.
- Fixed an issue where users could not export MDM logs through settings.
- Fixed an issue where the accuracy of eye tracking immediately following out-of-box-setup could be lower than specification.
- Fixed an issue where eye tracking subsystem would fail to initialize and/or perform calibration under certain conditions.
- Fixed an issue where eye calibration would be prompted for an already calibrated user.
- Fixed an issue where a driver would crash during eye calibration.
- Fixed an issue where repeated power button presses can cause a 60 second system time-out and shell crash.
- Improved stability for depth buffers.
- Added Share button in Feedback Hub so users can more easily share feedback.
- Fixed a bug where RoboRaid did not install correctly.
## Windows Holographic, version 1903 - May 2020 Update
- Build 18362.1061
This monthly quality update does not contain any changes of note because the team has been focused on providing you with the highest quality Feature Update now available in the Windows Holographic, version 2004 May Update detailed above. Please take this opportunity to move to the latest feature update to get a ton of exciting new changes.
## Windows Holographic, version 1903 - April 2020 Update
- Build 18362.1059
**Dark mode for supported apps**
@ -51,100 +193,50 @@ Here are some of the in-box apps that support dark mode:
- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod DepthReprojection algorithm is used.
- Fixed WinRT IStreamSocketListener API Class Not Registered error on 32-bit ARM app.
### March Update - build 18362.1056
## Windows Holographic, version 1903 - March 2020 Update
- Build 18362.1056
Improvements and fixes in the update:
- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod AutoPlanar algorithm is used.
- Ensures the coordinate system attached to a depth MF sample is consistent with public documentation.
- Developers productivity improvement by enabling customers to paste large amount of text through device portal.
### February Update - build 18362.1053
## Windows Holographic, version 1903 - February 2020 Update
- Build 18362.1053
Improvements and fixes in the update:
- Temporarily disabled the HolographicSpace.UserPresence API for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled.
- Fixed a random HUP crash cased by hand tracking, in which user will notice an UI freeze then back to shell after several seconds.
- We made an improvement in hand tracking so that while poking using index finger, the upper part of that finger will be less likely to curl unexpectedly.
- Improved reliability of head tracking, spatial mapping, and other runtimes.
### January Update - build 18362.1043
## Windows Holographic, version 1903 - January 2020 Update
- Build 18362.1043
Improvement in the update:
- Stability improvements for exclusive apps when working with the HoloLens 2 emulator.
### December Update - build 18362.1042
## Windows Holographic, version 1903 - December 2019 Update
- Build 18362.1042
Improvements and fixes in the update:
- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
- Fixes stability of exclusive apps and navigation between exclusive apps.
- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
- Improves hologram stability.
### November Update - build 18362.1039
## Windows Holographic, version 1903 - November 2019 Update
- Build 18362.1039
Improvements and fixes in the update:
- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions.
- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again.
- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator.
## HoloLens (1st gen)
### Windows 10 Holographic, version 1809
> **Applies to:** Hololens (1st gen)
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png) |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
#### For international customers
| Feature | Details |
| --- | --- |
| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
#### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) |IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
![Provisioning HoloLens devices](images/provision-hololens-devices.png)
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

2
devices/hololens/hololens-requirements.md
View File

@ -66,7 +66,7 @@ There are two types of Kiosk Modes: Single app and multi-app. Single app kiosk m
**How to Configure Kiosk Mode:**
There are two main ways ([provisioning packages](hololens-kiosk.md#set-up-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) and [MDM](hololens-kiosk.md#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc.
There are two main ways ([provisioning packages](hololens-kiosk.md#use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk) and [MDM](hololens-kiosk.md#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc.
### Apps and App Specific Scenarios

84
devices/hololens/hololens1-release-notes.md Normal file
View File

@ -0,0 +1,84 @@
---
title: HoloLens 1st (Gen) release notes
description: Learn about updates in each new HoloLens release.
author: evmill
ms.author: v-evmill
manager: yannisle
ms.prod: hololens
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 05/12/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
---
# HoloLens 1st (Gen) release notes
### Windows 10 Holographic, version 1809
> **Applies to:** Hololens (1st gen)
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br> |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
#### For international customers
| Feature | Details |
| --- | --- |
| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
#### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) |IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

67
devices/hololens/hololens2-autopilot.md
View File

@ -31,7 +31,7 @@ When a user starts the Autopilot self-deploying process, the process completes t
> [!NOTE]
> Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join.
1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
1. Download the device-targeted policies, certificates, and networking profiles.
1. Download the device-targeted policies, user-targeted apps, certificates, and networking profiles.
1. Provision the device.
1. Present the sign-in screen to the user.
@ -39,8 +39,8 @@ When a user starts the Autopilot self-deploying process, the process completes t
The following steps summarize the process of setting up your environment for the Windows Autopilot for HoloLens 2. The rest of this section provides the details of these steps.
1. Enroll in the Windows Autopilot for HoloLens 2 program.
1. Make sure that you meet the requirements for Windows Autopilot for HoloLens.
1. Enroll in the Windows Autopilot for HoloLens 2 program.
1. Verify that your tenant is flighted (enrolled to participate in the program).
1. Register devices in Windows Autopilot.
1. Create a device group.
@ -49,7 +49,36 @@ The following steps summarize the process of setting up your environment for the
1. Configure a custom configuration profile for HoloLens devices (known issue).
1. Verify the profile status of the HoloLens devices.
### 1. Enroll in the Windows Autopilot for HoloLens 2 program
### 1. Make sure that you meet the requirements for Windows Autopilot for HoloLens
For the latest information about how to participate in the program, review [Windows Insider Release Notes](hololens-insider.md#windows-insider-release-notes).
Review the following sections of the Windows Autopilot requirements article:
- [Network requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#networking-requirements)
- [Licensing requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#licensing-requirements)
- [Configuration requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#configuration-requirements)
> [!IMPORTANT]
> Unlike other Windows Autopilot programs, Windows Autopilot for HoloLens 2 has specific operating system requirements.
Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying#requirements)" section of the Windows Autopilot Self-Deploying mode article. Your environment has to meet these requirements as well as the standard Windows Autopilot requirements.
> [!NOTE]
> You do not have to review the "Step by step" and "Validation" sections of the article. The procedures later in this article provide corresponding steps that are specific to HoloLens.
> [!IMPORTANT]
> For information about how to register devices and configure profiles, see [4. Register devices in Windows Autopilot](#4-register-devices-in-windows-autopilot) and [6. Create a deployment profile](#6-create-a-deployment-profile) in this article. These sections provide steps that are specific to HoloLens.
Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements:
- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune.
- Every device can connect to the internet. You can "USB C to Ethernet" adapters for wired internet connectivity or "USB C to Wifi" adapters for wireless internet connectivity.
- Every device can connect to a computer by using a USB-C cable, and that computer has the following available:
- Advanced Recovery Companion (ARC)
- The latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version)
To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
### 2. Enroll in the Windows Autopilot for HoloLens 2 program
To participate in the program, you have to use a tenant that is flighted for HoloLens. To do this, go to [Windows Autopilot for HoloLens Private Preview request](https://aka.ms/APHoloLensTAP) or use the following QR code to submit a request.
@ -62,36 +91,6 @@ In this request, provide the following information:
- Number of HoloLens 2 devices that are participating in this evaluation
- Number of HoloLens 2 devices that you plan to deploy by using Autopilot self-deploying mode
### 2. Make sure that you meet the requirements for Windows Autopilot for HoloLens
For the latest information about how to participate in the program, review [Windows Insider Release Notes](hololens-insider.md#windows-insider-release-notes).
Review the following sections of the Windows Autopilot requirements article:
- [Network requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#networking-requirements)
- [Licensing requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#licensing-requirements)
- [Configuration requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#configuration-requirements)
> [!IMPORTANT]
> For information about how to register devices and configure profiles, see [4. Register devices in Windows Autopilot](#4-register-devices-in-windows-autopilot) and [6. Create a deployment profile](#6-create-a-deployment-profile) in this article. These sections provide steps that are specific to HoloLens.
> [!IMPORTANT]
> Unlike other Windows Autopilot programs, Windows Autopilot for HoloLens 2 has specific operating system requirements.
Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying#requirements)" section of the Windows Autopilot Self-Deploying mode article. Your environment has to meet these requirements as well as the standard Windows Autopilot requirements.
> [!NOTE]
> You do not have to review the "Step by step" and "Validation" sections of the article. The procedures later in this article provide corresponding steps that are specific to HoloLens.
Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements:
- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune.
- Every device can connect to the internet. You can use a wired or wireless connection.
- Every device can connect to a computer by using a USB-C cable, and that computer has the following available:
- Advanced Recovery Companion (ARC)
- The latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version)
To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
### 3. Verify that your tenant is flighted
To verify that your tenant is flighted for the Autopilot program after you submit your request, follow these steps:
@ -108,7 +107,7 @@ To register a HoloLens device in the Windows Autopilot program, you have to obta
**Retrieve a device hardware hash**
1. Start the HoloLens 2 device, and make sure that you sign in by using an account that is the device owner.
1. Start the HoloLens 2 device.
1. On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files.
1. Use a USB-C cable to connect the device to a computer.
1. On the computer, open File Explorer. Open **This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents**, and locate the AutopilotDiagnostics.zip file.

25
devices/hololens/hololens2-hardware.md
View File

@ -123,7 +123,6 @@ In order to maintain/advance Internal Battery Charge Percentage while the device
- Windows Holographic Operating System
- Microsoft Edge
- Dynamics 365 Remote Assist
- Dynamics 365 Layout
- Dynamics 365 Guides
- 3D Viewer
- OneDrive for Business
@ -134,27 +133,11 @@ In order to maintain/advance Internal Battery Charge Percentage while the device
### Safety
HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
[Product Safety](https://support.microsoft.com/en-us/help/4023454/safety-information)
Eye safety: HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
## Care and cleaning
Handle your HoloLens carefully. Use the headband to lift and carry the HoloLens 2.
As you would for eyeglasses or protective eye-wear, try to keep the HoloLens visor free of dust and fingerprints. When possible, avoid touching the visor. Repeated cleaning could damage the visor, so keep your device clean!
Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it.
To clean the visor, remove any dust by using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion.
Clean the rest of the device, including the headband and device arms, with a lint-free microfiber cloth moistened with mild soap and water. Let your HoloLens dry completely before reuse.
![Image that shows how to clean the visor](images/hololens-cleaning-visor.png)
### Replace the brow pad
The brow pad is magnetically attached to the device. To detach it, pull gently away. To replace it, snap it back into place.
![Remove or replace the brow pad](images/hololens2-remove-browpad.png)
### Regulatory Information
[HoloLens Regulatory](https://support.microsoft.com/en-us/help/13761/hololens-regulatory-information)
## Next step

4
devices/hololens/hololens2-maintenance.md
View File

@ -1,5 +1,5 @@
---
title: HoloLens 2 device care and cleaning FAQ
title: HoloLens 2 cleaning FAQ
description:
author: Teresa-Motiv
ms.author: v-tea
@ -17,7 +17,7 @@ appliesto:
- HoloLens 2
---
# Frequently asked questions about cleaning HoloLens 2 devices
# HoloLens 2 cleaning FAQ
> [!IMPORTANT]
> Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection.

BIN
devices/hololens/images/hololens-darkmode-tiled-picture.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
devices/hololens/images/hololens-feedback-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 343 KiB

BIN
devices/hololens/images/hololens-start-feedback.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
devices/hololens/images/hololens2-feedbackhub-tile.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

2
devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
View File

@ -144,7 +144,7 @@ Next, you enable the device account with [Skype for Business Online](#skype-for-
To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: |
| Skype room system scenario | If you have Office 365 Premium, Microsoft 365 Apps for enterprise, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: |
| --- | --- | --- | --- |
| Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL |
| Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL |

17
devices/surface-hub/miracast-over-infrastructure.md
View File

@ -6,13 +6,13 @@ ms.sitesec: library
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 06/20/2019
ms.date: 04/24/2020
ms.reviewer:
manager: laurawi
ms.localizationpriority: medium
---
# Miracast on existing wireless network or LAN
# Miracast over infrastructure
In the Windows 10, version 1703, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx).
@ -28,7 +28,12 @@ Miracast over Infrastructure offers a number of benefits:
## How it works
Users attempt to connect to a Miracast receiver as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection.
Users attempt to connect to a Miracast receiver through their Wi-Fi adapter as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection.
> [!NOTE]
> For more information on the connection negotiation sequence, see [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx)
## Enabling Miracast over Infrastructure
@ -36,13 +41,19 @@ Users attempt to connect to a Miracast receiver as they did previously. When the
If you have a Surface Hub or other Windows 10 device that has been updated to Windows 10, version 1703, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment:
- The Surface Hub or device (Windows PC or phone) needs to be running Windows 10, version 1703.
- Open TCP port: **7250**.
- A Surface Hub or Windows PC can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*.
- As a Miracast receiver, the Surface Hub or device must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Surface Hub or device is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself.
- As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
- The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname.
- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
- On Windows 10 PCs, the **Projecting to this PC** feature must be enabled in System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests that only occur through the Wi-Fi adapter.
It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and dont have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method.
The **InBoxApps/WirelessProjection/PinRequired** setting in the [SurfaceHub configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp) is not required for Miracast over Infrastructure. This is because Miracast over Infrastructure only works when both devices are connected to the same enterprise network. This removes the security restriction that was previously missing from Miracast. We recommend that you continue using this setting (if you used it previously) as Miracast will fall back to regular Miracast if the infrastructure connection does not work.
## FAQ
**Why do I still need Wi-Fi to use Miracast over infrastructure?**<br>
Discovery requests to identify Miracast receivers can only occur through the Wi-Fi adapter. Once the receivers have been identified, Windows 10 can then attempt the connection to the network.

10
devices/surface-hub/surface-hub-2s-recover-reset.md
View File

@ -60,16 +60,6 @@ Using Surface Hub 2S, you can reinstall the device by using a recovery image. By
When the first-time setup screen appears,remove the USB drive.
## Recover a locked Surface Hub
At the end of a session, Surface Hub 2S may occasionally encounter an error during the cleanup of user and app data at the end of a session. If this occurs, the device automatically reboots and resumes the data cleanup. However, if this operation repeatedly fails, the device automatically locks to protect user data.
**To unlock a Surface Hub 2S:** <br>
- Reset or recover the device from the Windows Recovery Environment. For more information, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx)
> [!NOTE]
> To enter recovery mode, unplug the power cord and plug it in again three times.
## Contact Support
If you have questions or need help, you can [create a support request](https://support.microsoft.com/supportforbusiness/productselection).

4
devices/surface-hub/surface-hub-technical-84.md
View File

@ -134,7 +134,7 @@ RJ11, bottom I/O | ![](images/rj11.png) | Connects to room control systems.
---
***Removable lifting handles on 84” Surface Hub ***
***Removable lifting handles on 84” Surface Hub***
![](images/sh-84-hand.png)
@ -142,7 +142,7 @@ RJ11, bottom I/O | ![](images/rj11.png) | Connects to room control systems.
---
***Wall mount threads on back of 84” Surface Hub ***
***Wall mount threads on back of 84” Surface Hub***
![](images/sh-84-wall.png)

17
devices/surface-hub/surface-hub-update-history.md
View File

@ -24,6 +24,23 @@ Please refer to the “[Surface Hub Important Information](https://support.micro
## Windows 10 Team Creators Update 1703
<details>
<summary>May 4, 2020—update for Surface Hub 2S</summary>
This update is specific to the Surface Hub 2S and provides the driver and firmware updates outlined below:
* Surface USB audio driver - 15.3.6.0
* Improves directional audio performance.
* Intel(R) display audio driver - 10.27.0.5
* Improves screen sharing scenarios.
* Intel(R) graphics driver - 26.20.100.7263
* Improves system stability.
* Surface System driver - 1.7.139.0
* Improves system stability.
* Surface SMC Firmware update - 1.176.139.0
* Improves system stability.
</details>
<details>
<summary>February 28, 2020—update for Surface Hub 2S</summary>

5
devices/surface/TOC.md
View File

@ -4,6 +4,9 @@
## Overview
### [What's new in Surface Dock 2](surface-dock-whats-new.md)
### [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md)
### [Surface Book 3 Quadro RTX 3000 technical overview](surface-book-quadro.md)
### [Surface Pro 7 for Business](https://www.microsoft.com/surface/business/surface-pro-7)
### [Surface Pro X for Business](https://www.microsoft.com/surface/business/surface-pro-x)
### [Surface Laptop 3 for Business](https://www.microsoft.com/surface/business/surface-laptop-3)
@ -26,11 +29,11 @@
### [Deploy Surface devices](deploy.md)
### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
### [Windows Virtual Desktop on Surface](windows-virtual-desktop-surface.md)
### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

14
devices/surface/battery-limit.md
View File

@ -6,12 +6,13 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.reviewer:
manager: laurawi
ms.author: v-jokai
ms.reviewer: jesko
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
manager: laurawi
audience: itpro
ms.date: 5/06/2020
---
# Battery Limit setting
@ -32,6 +33,11 @@ The Surface UEFI Battery Limit setting can be configured by booting into Surface
![Screenshot of Advanced options](images/enable-bl.png)
## Enabling battery limit on Surface Go and Surface Go 2
The Surface Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **boot configuration**, and then, under **Kiosk Mode**, move the slider to the right to set Battery Limit to **Enabled**.
![Screenshot of Kiosk Mode Battery Limit in Surface Go](images/go-batterylimit.png)
## Enabling Battery Limit in Surface UEFI (Surface Pro 3)
The Surface UEFI Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **Kiosk Mode**, select **Battery Limit**, and then choose **Enabled**.

776
devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: medium
ms.audience: itpro
ms.reviewer:
manager: laurawi
ms.date: 04/24/2020
---
# Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit
@ -27,779 +28,8 @@ manager: laurawi
- Surface 3
- Windows 10
This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app.
> [!NOTE]
> MDT is not currently supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
By following the procedures in this article, you can create an up-to-date reference image and deploy this image to your Surface devices, a process known as *reimaging*. Reimaging will erase and overwrite the existing environment on your Surface devices. This process allows you to rapidly configure your Surface devices with identical environments that can be configured to precisely fit your organizations requirements.
An alternative to the reimaging process is an upgrade process. The upgrade process is non-destructive and instead of erasing the existing environment on your Surface device, it allows you to install Windows 10 while retaining your user data, applications, and settings. You can read about how to manage and automate the upgrade process of Surface devices to Windows 10 at [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md).
The goal of the deployment process presented in this article is automation. By leveraging the many technologies and tools available from Microsoft, you can create a process that requires only a single touch on the devices being deployed. The automation can load the deployment environment; format the device; prepare an updated Windows image with the drivers required for the device; apply that image to the device; configure the Windows environment with licensing, membership in a domain, and user accounts; install applications; apply any Windows updates that were not included in the reference image; and log out.
By automating each aspect of the deployment process, you not only greatly decrease the effort involved, but you create a process that can be easily repeated and where human error becomes less of a factor. Take for example a scenario where you create a reference image for the device manually, but you accidentally install conflicting applications and cause the image to become unstable. In this scenario you have no choice but to begin again the manual process of creating your image. If in this same scenario you had automated the reference image creation process, you could repair the conflict by simply editing a step in the task sequence and then re-running the task sequence.
## Deployment tools
The deployment process described in this article leverages a number of Microsoft deployment tools and technologies. Some of these tools and technologies are included in Windows client and Windows Server, such as Hyper-V and Windows Deployment Services (WDS), while others are available as free downloads from the [Microsoft Download Center](https://www.microsoft.com/download/windows.aspx).
#### Microsoft Deployment Toolkit
The Microsoft Deployment Toolkit (MDT) is the primary component of a Windows deployment. It serves as a unified interface for most of the Microsoft deployment tools and technologies, such as the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), User State Migration Tool (USMT), and many other tools and technologies. Each of these is discussed throughout this article. The unified interface, called the *Deployment Workbench*, facilitates automation of the deployment process through a series of stored deployment procedures, known as a *task sequence*. Along with these task sequences and the many scripts and tools that MDT provides, the resources for a Windows deployment (driver files, application installation files, and image files) are stored in a network share known as the *deployment share*.
You can download and find out more about MDT at [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741).
#### Windows Assessment and Deployment Kit
Although MDT is the tool you will interact with most during the deployment process, the deployment tools found in the Windows ADK perform most of the deployment tasks during the deployment process. The resources for deployment are held within the MDT deployment share, but it is the collection of tools included in Windows ADK that access the image files, stage drivers and Windows updates, run the deployment experience, provide instructions to Windows Setup, and back up and restore user data.
You can download and find out more about the Windows ADK at [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit#windowsadk).
#### Windows 10 installation media
Before you can perform a deployment with MDT, you must first supply a set of operating system installation files and an operating system image. These files and image can be found on the physical installation media (DVD) for Windows 10. You can also find these files in the disk image (ISO file) for Windows 10, which you can download from the [Volume Licensing Service Center (VLSC)](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
>[!NOTE]
>The installation media generated from the [Get Windows 10](https://www.microsoft.com/software-download/windows10/) page differs from physical media or media downloaded from the VLSC, in that it contains an image file in Electronic Software Download (ESD) format rather than in the Windows Imaging (WIM) format. Installation media with an image file in WIM format is required for use with MDT. Installation media from the Get Windows 10 page cannot be used for Windows deployment with MDT.
#### Windows Server
Although MDT can be installed on a Windows client, to take full advantage of Windows Deployment Services ability to network boot, a full Windows Server environment is recommended. To provide network boot for UEFI devices like Surface with WDS, you will need Windows Server 2008 R2 or later.
>[!NOTE]
>To evaluate the deployment process for Surface devices or to test the deployment process described in this article with the upcoming release of Windows Server 2016, you can download evaluation and preview versions from the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter).
#### Windows Deployment Services
Windows Deployment Services (WDS) is leveraged to facilitate network boot capabilities provided by the Preboot Execution Environment (PXE) server. The boot media generated by MDT is loaded onto the Surface device simply by pressing Enter at the prompt when the device attempts to boot from the attached network adapter or Surface Dock.
#### Hyper-V virtualization platform
The process of creating a reference image should always be performed in a virtual environment. When you use a virtual machine as the platform to build your reference image, you eliminate the need for installation of additional drivers. The drivers for a Hyper-V virtual machine are included by default in the factory Windows 10 image. When you avoid the installation of additional drivers especially complex drivers that include application components like control panel applications you ensure that the image created by your reference image process will be as universally compatible as possible.
>[!NOTE]
>A Generation 1 virtual machine is recommended for the preparation of a reference image in a Hyper-V virtual environment.
Because customizations are performed by MDT at the time of deployment, the goal of reference image creation is not to perform customization but to increase performance during deployment by reducing the number of actions that need to occur on each deployed device. The biggest action that can slow down an MDT deployment is the installation of Windows updates. When MDT performs this step during the deployment process, it downloads the updates on each deployed device and installs them. By installing Windows updates in your reference image, the updates are already installed when the image is deployed to the device and the MDT update process only needs to install updates that are new since the image was created or are applicable to products other than Windows (for example, Microsoft Office updates).
>[!NOTE]
>Hyper-V is available not only on Windows Server, but also on Windows clients, including Professional and Enterprise editions of Windows 8, Windows 8.1, and Windows 10. Find out more at [Client Hyper-V on Windows 10](https://msdn.microsoft.com/virtualization/hyperv_on_windows/windows_welcome) and [Client Hyper-V on Windows 8 and Windows 8.1](https://technet.microsoft.com/library/hh857623) in the TechNet Library. Hyper-V is also available as a standalone product, Microsoft Hyper-V Server, at no cost. You can download [Microsoft Hyper-V Server 2012 R2](https://www.microsoft.com/evalcenter/evaluate-hyper-v-server-2012-r2) or [Microsoft Hyper-V Server 2016 Technical Preview](https://www.microsoft.com/evalcenter/evaluate-hyper-v-server-technical-preview) from the TechNet Evaluation Center.
#### Surface firmware and drivers
For your deployed Windows environment to function correctly on your Surface devices, you will need to install the drivers used by Windows to communicate with the components of your device. These drivers are available for download in the Microsoft Download Center for each Surface device. You can find the correct Microsoft Download Center page for your device at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
When you browse to the specific Microsoft Download Center page for your device, you will find a Windows Installer (.msi) file. This file is used to update drivers on devices that are already running Windows or that have device management solutions. Firmware updates maintain the instructions used by the device hardware to communicate between components and Windows. The firmware of Surface device components is updated by installation of specific driver files and thus is installed along with the other drivers during deployment. For more information, see [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
>[!NOTE]
>Beginning in Windows 10, the drivers for Surface devices are included in the Windows Preinstallation Environment (WinPE). In earlier versions of Windows, specific drivers (like network drivers) had to be imported and configured in MDT for use in WinPE to successfully deploy to Surface devices.
#### Application installation files
In addition to the drivers that are used by Windows to communicate with the Surface devices hardware and components, you will also need to provide the installation files for any applications that you want to install on your deployed Surface devices. To automate the deployment of an application, you will also need to determine the command-line instructions for that application to perform a silent installation. In this article, the Surface app and Microsoft Office 365 will be installed as examples of application installation. The application installation process can be used with any application with installation files that can be launched from command line.
>[!NOTE]
>If the application files for your application are stored on your organizations network and will be accessible from your Surface devices during the deployment process, you can deploy that application directly from that network location. To use installation files from a network location, use the **Install Application Without Source Files or Elsewhere on the Network** option in the MDT New Application Wizard, which is described in the [Import applications](#import-applications) section later in this article.
#### Microsoft Surface Deployment Accelerator
If you want to deploy only to Surface devices or you want an accelerated method to perform deployment to Surface devices, you can use the Microsoft Surface Deployment Accelerator to generate an MDT deployment share complete with Surface device drivers, Surface apps, and pre-configured task sequences to create a reference image and perform deployment to Surface devices. Microsoft Surface Deployment Accelerator can automatically import boot images into WDS and prepare WDS for network boot (PXE). You can download the Microsoft Surface Deployment Accelerator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
### Install the deployment tools
Before you can configure the deployment environment with Windows images, drivers, and applications, you must first install the deployment tools that will be used throughout the deployment process. The three main tools to be installed are WDS, Windows ADK, and MDT. WDS provides the capacity for network boot, Windows ADK provides several deployment tools that perform specific deployment tasks, and MDT provides automation and a central interface from which to manage and control the deployment process.
To boot from the network with either your reference virtual machines or your Surface devices, your deployment environment must include a Windows Server environment. The Windows Server environment is required to install WDS and the WDS PXE server. Without PXE support, you will be required to create physical boot media, such as a USB stick to perform your deployment MDT and Windows ADK will still be required, but Windows Server is not required. Both MDT and Windows ADK can be installed on a Windows client and perform a Windows deployment.
>[!NOTE]
>To download deployment tools directly to Windows Server, you must disable [Internet Explorer Enhanced Security Configuration](https://technet.microsoft.com/library/dd883248). On Windows Server 2012 R2, this can be performed directly through the **Server Manager** option on the **Local Server** tab. In the **Properties** section, **IE Enhanced Security Configuration** can be found on the right side. You may also need to enable the **File Download** option for the **Internet** zone through the **Security** tab of **Internet Options**.
#### Install Windows Deployment Services
Windows Deployment Services (WDS) is a Windows Server role. To add the WDS role to a Windows Server 2012 R2 environment, use the Add Roles and Features Wizard, as shown in Figure 1. Start the Add Roles and Features Wizard from the **Manage** button of **Server Manager**. Install both the Deployment Server and Transport Server role services.
![Install the Windows Deployment Services role](images/surface-deploymdt-fig1.png "Install the Windows Deployment Services role")
*Figure 1. Install the Windows Deployment Services server role*
After the WDS role is installed, you need to configure WDS. You can begin the configuration process from the WDS node of Server Manager by right-clicking your servers name and then clicking **Windows Deployment Services Management Console**. In the **Windows Deployment Services** window, expand the **Servers** node to find your server, right-click your server, and then click **Configure** in the menu to start the Windows Deployment Services Configuration Wizard, as shown in Figure 2.
![Configure PXE response for Windows Deployment Services](images/surface-deploymdt-fig2.png "Configure PXE response for Windows Deployment Services")
*Figure 2. Configure PXE response for Windows Deployment Services*
>[!NOTE]
>Before you configure WDS make sure you have a local NTFS volume that is not your system drive (C:) available for use with WDS. This volume is used to store WDS boot images, deployment images, and configuration.
Using the Windows Deployment Services Configuration Wizard, configure WDS to fit the needs of your organization. You can find detailed instructions for the installation and configuration of WDS at [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426). On the **PXE Server Initial Settings** page, be sure to configure WDS so that it will respond to your Surface devices when they attempt to boot from the network. If you have already installed WDS or need to change your PXE server response settings, you can do so on the **PXE Response** tab of the **Properties** of your server in the Windows Deployment Services Management Console.
>[!NOTE]
>You will add boot images to WDS when you update your boot images in MDT. You do not need to add boot images or Windows images to WDS when you configure the role.
#### Install Windows Assessment and Deployment Kit
To install Windows ADK, run the Adksetup.exe file that you downloaded from [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit#adkwin10). Windows ADK must be installed before MDT. You should always download and use the most recent version of Windows ADK. A new version is usually released corresponding with each new version of Windows.
>[!NOTE]
>You can also use the Adksetup.exe file to download the Windows ADK installation files locally for use on other devices.
When you get to the **Select the features you want to install** page, you only need to select the **Deployment Tools** and **Windows Preinstallation Environment (Windows PE)** check boxes to deploy Windows 10 using MDT, as shown in Figure 3.
![Required options for deployment with MDT](images/surface-deploymdt-fig3.png "Required options for deployment with MDT")
*Figure 3. Only Deployment Tools and Windows PE options are required for deployment with MDT*
#### Install Microsoft Deployment Toolkit
After the Windows ADK installation completes successfully, you can install MDT. When you download MDT, ensure that you download the version that matches the architecture of your deployment server environment. For Windows Server the architecture is 64-bit. Download the MDT installation file that ends in **x64**. When MDT is installed you can use the default options during the installation wizard, as shown in Figure 4.
![MDT installation with default options](images/surface-deploymdt-fig4.png "MDT installation with default options")
*Figure 4. Install the Microsoft Deployment Toolkit with default options*
Before you can open the MDT Deployment Workbench, you must enable execution of scripts in PowerShell. If you do not do this, the following error message may be displayed: *"Initialization Error PowerShell is required to use the Deployment Workbench. Please install PowerShell then relaunch Deployment Workbench."*
To enable the execution of scripts, run the following cmdlet in PowerShell as an Administrator:
`Set-ExecutionPolicy RemoteSigned -Scope CurrentUser`
## Create a reference image
Now that you have installed the required tools, you can begin the first step of customizing your deployment environment to your needs create a reference image. Because the reference image should be created in a virtual machine where there is no need for drivers to be installed, and because the reference image will not include applications, you can use the MDT deployment environment almost entirely with default settings.
### Create a deployment share
Now that you have the tools installed, the next step is to configure MDT for the creation of a reference image. Before you can perform the process of creating a reference image, MDT needs to be set up with a repository for scripts, images, and other deployment resources. This repository is known as the *deployment share*. After the deployment share is created, you must supply MDT with a complete set of Windows 10 installation files, the last set of tools required before MDT can perform reference image creation.
To create the deployment share, follow these steps:
1. Open the Deployment Workbench from your Start menu or Start screen, as shown in Figure 5.
![The MDT Deployment Workbench](images/surface-deploymdt-fig5.png "The MDT Deployment Workbench")
*Figure 5. The MDT Deployment Workbench*
2. Right-click the **Deployment Shares** folder, and then click **New Deployment Share** to start the New Deployment Share Wizard, as shown in Figure 6.
![Summary page of the New Deployment Share Wizard](images/surface-deploymdt-fig6.png "Summary page of the New Deployment Share Wizard")
*Figure 6. The Summary page of the New Deployment Share Wizard*
3. Create a new deployment share with New Deployment Share Wizard with the following steps:
* **Path** Specify a local folder where the deployment share will reside, and then click **Next**.
>[!NOTE]
>Like the WDS remote installation folder, it is recommended that you put this folder on an NTFS volume that is not your system volume.
* **Share** Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
>[!NOTE]
>The share name cannot contain spaces.
>[!NOTE]
>You can use a Dollar Sign (**$**) to hide your network share so that it will not be displayed when users browse the available network shares on the server in File Explorer.
* **Descriptive Name** Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
* **Options** You can accept the default options on this page. Click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
* **Progress** While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
* **Confirmation** When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
4. When the New Deployment Share Wizard is complete, you can expand the Deployment Shares folder to find your newly created deployment share.
5. You can expand your deployment share, where you will find several folders for the resources, scripts, and components of your MDT deployment environment are stored.
To secure the deployment share and prevent unauthorized access to the deployment resources, you can create a local user on the deployment share host and configure permissions for that user to have read-only access to the deployment share only. It is especially important to secure access to the deployment share if you intend to automate the logon to the deployment share during the deployment boot process. By automating the logon to the deployment share during the boot of deployment media, the credentials for that logon are stored in plaintext in the bootstrap.ini file on the boot media.
>[!NOTE]
>If you intend to capture images (such as the reference image) with this user, the user must also have write permission on the Captures folder in the MDT deployment share.
You now have an empty deployment share that is ready for you to add the resources that will be required for reference image creation and deployment to Surface devices.
### Import Windows installation files
The first resources that are required to perform a deployment of Windows are the installation files from Windows 10 installation media. Even if you have an already prepared reference image, you still need to supply the unaltered installation files from your installation media. The source of these files can be a physical disk, or it can be an ISO file like the download from the Volume Licensing Service Center (VLSC).
>[!NOTE]
>A 64-bit operating system is required for compatibility with Surface devices except Surface Pro X which cannot be managed with MDT.
To import Windows 10 installation files, follow these steps:
1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench, and then click **New Folder** to open the **New Folder** page, as shown in Figure 7.
![Create a new folder on the New Folder page](images/surface-deploymdt-fig7.png "Create a new folder on the New Folder page")
*Figure 7. Create a new folder on the New Folder page*
2. On the **New Folder** page a series of steps is displayed, as follows:
* **General Settings** Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
* **Summary** Review the specified configuration of the new folder on this page, and then click **Next**.
* **Progress** A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
* **Confirmation** When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
3. Expand the Operating Systems folder to see the newly created folder.
4. Right-click the newly created folder, and then click **Import Operating System** to launch the Import Operating System Wizard, as shown in Figure 8.
![Import source files with the Import Operating System Wizard](images/surface-deploymdt-fig8.png "Import source files with the Import Operating System Wizard")
*Figure 8. Import source files with the Import Operating System Wizard*
5. The Import Operating System Wizard walks you through the import of your operating system files, as follows:
* **OS Type** Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
* **Source** Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
* **Destination** Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the installation files are imported, a progress bar is displayed on this page.
* **Confirmation** When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
6. Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
Now that youve imported the installation files from the installation media, you have the files that MDT needs to create the reference image and you are ready to instruct MDT how to create the reference image to your specifications.
### Create reference image task sequence
As described in the [Deployment tools](#deployment-tools) section of this article, the goal of creating a reference image is to keep the Windows environment as simple as possible while performing tasks that would be common to all devices being deployed. You should now have a basic MDT deployment share configured with default options and a set of unaltered, factory installation files for Windows 10. This simple configuration is perfect for reference image creation because the deployment share contains no applications or drivers to interfere with the process.
>[!NOTE]
>For some organizations keeping a simple deployment share without applications or drivers is the simplest solution for creation of reference images. You can easily connect to more than one deployment share from a single Deployment Workbench and copy images from a simple, reference-image-only deployment share to a production deployment share complete with drivers and applications.
To create the reference image task sequence, follow these steps:
1. Right-click the **Task Sequences** folder under your deployment share in the Deployment Workbench, and then click **New Task Sequence** to start the New Task Sequence Wizard, as shown in Figure 9.
![Create new task sequence to deploy and update a Windows 10 reference environment](images/surface-deploymdt-fig9.png "Create new task sequence to deploy and update a Windows 10 reference environment")
*Figure 9. Create a new task sequence to deploy and update a Windows 10 reference environment*
2. The New Task Sequence Wizard presents a series of steps, as follows:
* **General Settings** Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
* **Select Template** Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
* **Select OS** Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
* **Specify Product Key** Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
* **OS Settings** Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
* **Admin Password** Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
>[!NOTE]
>During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
* **Progress** While the task sequence is created, a progress bar is displayed on this page.
* **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
3. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
4. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
![Enable Windows Update in the reference image task sequence](images/surface-deploymdt-fig10.png "Enable Windows Update in the reference image task sequence")
*Figure 10. Enable Windows Update in the reference image task sequence*
5. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
6. Click the **Options** tab, and then clear the **Disable This Step** check box.
7. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
8. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
### Generate and import MDT boot media
To boot the reference virtual machine from the network, the MDT deployment share first must be updated to generate boot media with the resources that have been added in the previous sections.
To update the MDT boot media, follow these steps:
1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard, as shown in Figure 11.
![Generate boot images with the Update Deployment Share Wizard](images/surface-deploymdt-fig11.png "Generate boot images with the Update Deployment Share Wizard")
*Figure 11. Generate boot images with the Update Deployment Share Wizard*
2. Use the Update Deployment Share Wizard to create boot images with the following process:
* **Options** Click **Completely Regenerate the Boot Images**, and then click **Next**.
>[!NOTE]
>Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
* **Summary** Review the specified options on this page before you click **Next** to begin generation of boot images.
* **Progress** While the boot images are being generated, a progress bar is displayed on this page.
* **Confirmation** When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
3. Confirm that boot images have been generated by navigating to the deployment share in File Explorer and opening the Boot folder. The following files should be displayed, as shown in Figure 12:
* **LiteTouchPE_x86.iso**
* **LiteTouchPE_x86.wim**
* **LiteTouchPE_x64.iso**
* **LiteTouchPE_x64.wim**
![Boot images in the Boot folder after Update Deployment Share Wizard completes](images/surface-deploymdt-fig12.png "Boot images in the Boot folder after Update Deployment Share Wizard completes")
*Figure 12. Boot images displayed in the Boot folder after completion of the Update Deployment Share Wizard*
To import the MDT boot media into WDS for PXE boot, follow these steps:
1. Open Windows Deployment Services from the Start menu or Start screen.
2. Expand **Servers** and your deployment server.
3. Click the **Boot Images** folder, as shown in Figure 13.
![Start the Add Image Wizard from the Boot Images folder](images/surface-deploymdt-fig13.png "Start the Add Image Wizard from the Boot Images folder")
*Figure 13. Start the Add Image Wizard from the Boot Images folder*
4. Right-click the **Boot Images** folder, and then click **Add Boot Image** to open the Add Image Wizard, as shown in Figure 14.
![Import the LiteTouchPE_x86.wim MDT boot image](images/surface-deploymdt-fig14.png "Import the LiteTouchPE_x86.wim MDT boot image")
*Figure 14. Import the LiteTouchPE_x86.wim MDT boot image*
5. The Add Image Wizard displays a series of steps, as follows:
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections to import a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
>[!NOTE]
>Only the 32-bit boot image, LiteTouchPE_x86.wim, is required to boot from BIOS devices, including Generation 1 Hyper-V virtual machines like the reference virtual machine.
If your WDS configuration is properly set up to respond to PXE clients, you should now be able to boot from the network with any device with a network adapter properly configured for network boot (PXE).
>[!NOTE]
>If your WDS server resides on the same server as DHCP or in a different subnet than the devices you are attempting to boot, additional configuration may be required. For more information, see [Managing Network Boot Programs](https://technet.microsoft.com/library/cc732351).
### Deploy and capture a reference image
Your deployment environment is now set up to create a reference image for Windows 10 complete with Windows Updates.
>[!NOTE]
>You cannot install version updates (such as Windows 10, Version 1511) in a reference image. To create a reference image with a new version of Windows, you must use installation files from that version of Windows. When you install a version update in Windows, it effectively performs an upgrade to a new version of Windows, and upgraded installations of Windows cannot be prepared for deployment with Sysprep.<br/><br/>
By using a fully automated task sequence in an MDT deployment share dedicated to reference image creation, you can greatly reduce the time and effort required to create new reference images and it is the best way to ensure that your organization is ready for feature updates and new versions of Windows 10.
You can now boot from the network with a virtual machine to run the prepared task sequence and generate a reference image. When you prepare your virtual machine in Hyper-V for reference image creation, consider the following:
* Use a Generation 1 virtual machine for the simplicity of drivers and to ensure maximum compatibility with both BIOS and UEFI devices.
* Ensure your virtual machine has at least 1 GB of system memory at boot. You can ensure that the virtual machine has at least 1 GB of memory at boot but allow the memory to adjust after boot by using Dynamic Memory. You can read more about Dynamic Memory in the [Hyper-V Dynamic Memory Overview](https://technet.microsoft.com/library/hh831766).
* Ensure your virtual machine uses a legacy network adapter to support network boot (PXE); that network adapter should be connected to the same network as your deployment server, and that network adapter should receive an IP address automatically via DHCP.
* Configure your boot order such that PXE Boot is the first option.
When your virtual machine (VM) is properly configured and ready, start or boot the VM and be prepared to press the F12 key when prompted to boot via PXE from the WDS server.
Perform the reference image deployment and capture using the following steps:
1. Start your virtual machine and press the F12 key when prompted to boot to the WDS server via PXE, as shown in Figure 15.
![Start network boot by pressing the F12 key](images/surface-deploymdt-fig15.png "Start network boot by pressing the F12 key")
*Figure 15. Start network boot by pressing the F12 key*
2. Click **Run the Deployment Wizard to Install a New Operating System** to begin the MDT deployment process.
3. Enter your MDT username and password, a user with rights to access the MDT deployment share over the network and with rights to write to the Captures folder in the deployment share.
4. After your credentials are validated, the Windows Deployment Wizard will start and process the boot and deployment share rules.
5. The Windows Deployment Wizard displays a series of steps, as follows:
* **Task Sequence** Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
* **Computer Details** Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
* **Move Data and Settings** Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
* **User Data (Restore)** Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
* **Locale and Time** Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
* **Capture Image** Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
![Capture an image of the reference machine](images/surface-deploymdt-fig16.png "Capture an image of the reference machine")
*Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
* **Ready** You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
6. Your reference task sequence will run with the specified options.
As the task sequence processes the deployment, it will automatically perform the following tasks:
* Install the Windows 10 image from the installation files you supplied
* Reboot into Windows 10
* Run Windows updates until all Windows updates have been installed and the Windows environment is fully up to date
* Run Sysprep and prepare the Windows 10 environment for deployment
* Reboot into WinPE
* Capture an image of the Windows 10 environment and store it in the Captures folder in the MDT deployment share
>[!NOTE]
>The Windows Update process can take some time to complete as it searches the Internet for updates, downloads those updates, and then installs them. By performing this process now, in the reference environment, you eliminate the need to perform these tasks on each deployed device and significantly reduce the amount of time and bandwidth required to perform your deployment.
When the task sequence completes, your virtual machine will be off and a new reference image complete with updates will be ready in your MDT deployment share for you to import it and prepare your deployment environment for deployment to Surface devices.
## Deploy Windows 10 to Surface devices
With a freshly prepared reference image, you are now ready to configure the deployment process for deployment to the Surface devices. Use the steps detailed in this section to produce a deployment process that requires minimal effort on each Surface device to produce a complete and ready-to-use Windows 10 environment.
### Import reference image
After the reference image has been created and stored in the Captures folder, you need to add it to your MDT deployment share as an image for deployment. You perform this task by using the same process that you used to import the installation files for Windows 10.
To import the reference image for deployment, use the following steps:
1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench or the folder you created in when you imported Windows 10 installation files, and then click **Import Operating System** to start the Import Operating System Wizard.
2. Import the custom image with the Import Operating System Wizard by using the following steps:
* **OS Type** Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
* **Image** Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**.
* **Setup** Click **Setup Files are not Neededf**, and then click **Next**.
* **Destination** Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the image is imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
3. Expand the folder in which you imported the image to verify that the import completed successfully.
>[!NOTE]
>You can import the reference image into the same deployment share that you used to create your reference image, or you could import the reference image into a new deployment share for deployment to your Surface devices. If you chose to create a new deployment share for deployment of your reference image, remember that you still need to import a full set of installation files from installation media.
Now that your updated reference image is imported, it is time to prepare your deployment environment for deployment to Surface devices complete with drivers, applications, and automation.
### Import Surface drivers
Before you can deploy your updated reference image to Surface devices, or any physical environment, you need to supply MDT with the drivers that Windows will use to communicate with that physical environment. For Surface devices you can download all of the drivers required by Windows in a single archive (.zip) file in a format that is ready for deployment. In addition to the drivers that are used by Windows to communicate with the hardware and components, Surface firmware and driver packs also include updates for the firmware of those components. By installing the Surface firmware and driver pack, you will also bring your devices firmware up to date. If you have not done so already, download the drivers for your Surface device listed at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
Many devices require that you import drivers specifically for WinPE in order for the MDT boot media to communicate with the deployment share and to boot properly on that device. Even Surface Pro 3 required that network drivers be imported specifically for WinPE for deployment of Windows 8.1. Fortunately, for Windows 10 deployments to Surface devices, all of the required drivers for operation of WinPE are contained within the out-of-box drivers that are built into Windows 10. It is still a good idea to prepare your environment with folder structure and selection profiles that allow you to specify drivers for use in WinPE. You can read more about that folder structure in **Step 5: Prepare the drivers repository** in [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt/#sec05).
To import the Surface drivers (in this example, Surface Pro 4) into MDT, follow these steps:
1. Extract the downloaded archive (.zip) file to a folder that you can easily locate. Keep the driver files separate from other drivers or files.
2. Open the Deployment Workbench and expand the Deployment Shares node and your deployment share.
3. If you have not already created a folder structure by operating system version, you should do so now and create under the Windows 10 x64 folder a new folder for Surface Pro 4 drivers named Surface Pro 4. Your Out-of-Box Drivers folder should resemble the following structure, as shown in Figure 17:
* WinPE x86
* WinPE x64
* Windows 10 x64
* Microsoft Corporation
* Surface Pro 4
![Recommended folder structure for drivers](images/surface-deploymdt-fig17.png "Recommended folder structure for drivers")
*Figure 17. The recommended folder structure for drivers*
4. Right-click the **Surface Pro 4** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 18.
![Progress page during drivers import](images/surface-deploymdt-fig18.png "Progress page during drivers import")
*Figure 18. The Progress page during drivers import*
5. The Import Driver Wizard displays a series of steps, as follows:
* **Specify Directory** Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the drivers are imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
![Drivers for Surface Pro 4 imported and organized in the MDT deployment share](images/surface-deploymdt-fig19.png "Drivers for Surface Pro 4 imported and organized in the MDT deployment share")
*Figure 19. Drivers for Surface Pro 4 imported and organized in the MDT deployment share*
### Import applications
You can import any number of applications into MDT for installation on your devices during the deployment process. You can configure your applications and task sequences to prompt you during deployment to pick and choose which applications are installed, or you can use your task sequence to explicitly define which applications are installed. For more information, see **Step 4: Add an application** in [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt/#sec04).
#### Import Microsoft Office 365 Installer
The Office Deployment Tool is a free download available in the Microsoft Download Center that allows IT professionals and system administrators to download and prepare Office installation packages for Office Click-to-Run. You can find the Office Deployment Tool and instructions to download Click-to-Run for Office 365 installation source files at [Download Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/library/jj219424).
Download and install the version of Office Deployment Tool (ODT), for Office 2013 or Office 2016, that fits your organizations needs and use the steps provided by that page to download the Office installation files for use with MDT.
After you have downloaded the source files for your version of Office Click-to-Run, you need to edit the Configuration.xml file with instructions to install Office Click-to-Run silently. To configure the Office Deployment Tool for silent installation, follow these steps:
1. Right-click the existing **Configuration.xml** file, and then click **Edit**.
2. This action opens the file in Notepad. Replace the existing text with the following:
```
<Configuration>
<Add OfficeClientEdition="32">
<Product ID="O365ProPlusRetail" >
<Language ID="en-us" />
</Product>
</Add>
<Display Level="None" AcceptEULA="TRUE" /> </Configuration>
```
3. Save the file.
The default behavior of Setup.exe is to look for the source files in the path that contains **Setup.exe**. If the installation files are not found in this folder, the Office Deployment Tool will default to online source files from an Internet connection.
For MDT to perform an automated installation of office, it is important to configure the **Display Level** option to a value of **None**. This setting is used to suppress the installation dialog box for silent installation. It is required that the **AcceptEULA** option is set to **True** to accept the license agreement when the **Display Level** option is set to **None**. With both of these options configured, the installation of Office will occur without the display of dialog boxes which could potentially cause the installation to pause until a user can address an open dialog box.
Now that the installation and configuration files are prepared, the application can be imported into the deployment share by following these steps:
1. Open the Deployment Workbench.
2. Expand the deployment share, right-click the **Applications** folder, and then click **New Application** to start the New Application Wizard, as shown in Figure 20.
![Enter the command and directory for Office 2016 Click-to-Run](images/surface-deploymdt-fig20.png "Enter the command and directory for Office 2016 Click-to-Run")
*Figure 20. Enter the command and directory for Office 2016 Click-to-Run*
3. The New Application Wizard walks you through importing the Office 2016 Click-to-Run files, as follows:
* **Application Type** Click **Application with Source Files**, and then click **Next**.
* **Details** Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
* **Source** Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
* **Destination** Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
* **Command Details** Enter the Office Deployment Tool installation command line:
`Setup.exe /configure configuration.xml`
* **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
* **Progress** While the installation files are imported, a progress bar is displayed on this page.
* **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
4. You should now see the **Office 2016 Click-to-Run** item under the **Applications** folder in the Deployment Workbench.
#### Import Surface app installer
The Surface app is a Microsoft Store app that provides the user with greater control over specific Surface device functions and capabilities (for example, control over the sensitivity of the Surface Pen). It is a highly recommended app for Surface devices to provide end users with the best experience and greatest control over their device. Find out more about the Surface app at [Install and use the Surface app](https://www.microsoft.com/surface/support/apps-and-windows-store/surface-app?os=windows-10).
To perform a deployment of the Surface app, you will need to download the app files through Microsoft Store for Business. You can find detailed instructions on how to download the Surface app through Microsoft Store for Business at [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business).
After you have downloaded the installation files for Surface app, including the AppxBundle and license files, you can import these files into the deployment share through the same process as a desktop application like Microsoft Office. Both the AppxBundle and license files must be together in the same folder for the import process to complete successfully. Use the following command on the **Command Details** page to install the Surface app:
```
DISM.exe /Online /Add-ProvisionedAppxPackage /PackagePath: Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle /LicensePath: Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml
```
### Create deployment task sequence
The next step in the process is to create the deployment task sequence. This task sequence will be configured to completely automate the deployment process and will work along with customized deployment share rules to reduce the need for user interaction down to a single touch. Before you can make customizations to include all of this automation, the new task sequence has to be created from a template.
To create the deployment task sequence, follow these steps:
1. In the Deployment Workbench, under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
* **General Settings** Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
* **Select Template** Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
* **Select OS** Navigate to and select the reference image that you imported, and then click **Next**.
* **Specify Product Key** Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
* **OS Settings** Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
* **Admin Password** Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
* **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
* **Progress** While the task sequence is being created, a progress bar is displayed on this page.
* **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
After the task sequence is created it can be modified for increased automation, such as the installation of applications without user interaction, the selection of drivers, and the installation of Windows updates.
1. Click the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
2. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
3. Click the **Windows Update (Pre-Application Installation)** step, located under the **State Restore** folder.
4. Click the **Options** tab, and then clear the **Disable This Step** check box.
5. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
6. Between the two **Windows Update** steps is the **Install Applications** step. Click the **Install Applications** step, and then click **Add**.
7. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 21.
![A new Install Application step in the deployment task sequence](images/surface-deploymdt-fig21.png "A new Install Application step in the deployment task sequence")
*Figure 21. A new Install Application step in the deployment task sequence*
8. On the **Properties** tab of the new **Install Application** step, enter **Install Microsoft Office 2016 Click-to-Run** in the **Name** field.
9. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
10. Select Office 2016 Click-to-Run from the list of applications, and then click **OK**.
11. Repeat Steps 6 through 10 for the Surface app.
12. Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
13. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
14. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 22), configure the following options:
* **Name** Set DriverGroup001
* **Task Sequence Variable** DriverGroup001
* **Value** Windows 10 x64\%Make%\%Model%
![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-deploymdt-fig22.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
*Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
15. Select the **Inject Drivers** step, the next step in the task sequence.
16. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
![Configure deployment task sequence not to choose the drivers to inject into Windows](images/surface-deploymdt-fig23.png "Configure deployment task sequence not to choose the drivers to inject into Windows")
*Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
17. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
### Configure deployment share rules
The experience of users during a Windows deployment is largely governed by a set of rules that control how the MDT and Windows Deployment Wizard experience should proceed. These rules are stored in two configuration files. Boot media rules are stored in the Bootstrap.ini file that is processed when the MDT boot media is first run. Deployment share rules are stored in the Customsettings.ini file and tell the Windows Deployment Wizard how to operate (for example, what screens to show and what questions to ask). By using these the rules stored in these two files, you can completely automate the process of deployment to where you will not be asked to supply the answer to any questions during deployment and the deployment will perform all tasks completely on its own.
#### Configure Bootstrap.ini
Bootstrap.ini is the simpler of the two rule files. The purpose it serves is to provide instructions from when the MDT boot media starts on a device until the Windows Deployment Wizard is started. The primary use of this file is to provide the credentials that will be used to log on to the deployment share and start the Windows Deployment Wizard.
To automate the boot media rules, follow these steps:
1. Right-click your deployment share in the Deployment Workbench, and then click **Properties**.
2. Click the **Rules** tab, and then click **Edit Bootstrap.ini** to open Bootstrap.ini in Notepad.
3. Replace the text of the Bootstrap.ini file with the following text:
```
[Settings]
Priority=Model,Default
[Surface Pro 4]
DeployRoot=\\STNDeployServer\DeploymentShare$
UserDomain=STNDeployServer
UserID=MDTUser
UserPassword=P@ssw0rd
SkipBDDWelcome=YES
[Surface Pro 4]
DeployRoot=\\STNDeployServer\DeploymentShare$
```
4. Press Ctrl+S to save Bootstrap.ini, and then close Notepad.
You can use a number of variables in both boot media and deployment share rules to apply rules only when certain conditions are met. For example, you can use MAC addresses to identify specific machines where MDT will run fully automated, but will run with required user interaction on all other devices. You can also use the model of the device to instruct the MDT boot media to perform different actions based on computer model, much as the way **[Surface Pro 4]** is listed in Step 3. You can use the following cmdlet in a PowerShell session to see what the Model variable would be on a device:
```wmic csproduct get name```
Rules used in the text shown in Step 3 include:
* **DeployRoot** Used to specify the deployment share that the MDT boot media will connect to.
* **UserDomain** Used to specify the domain or computer where the MDT user account is located.
* **UserID** Used to specify the MDT user account for automatic logon to the deployment share.
* **UserPassword** Used to specify the MDT user password for automatic logon to the deployment share.
* **SkipBDDWelcome** Used to skip the Welcome page and to start the Windows Deployment Wizard immediately using the specified credentials and deployment share.
#### Configure CustomSettings.ini
The bulk of the rules used to automate the MDT deployment process are stored in the deployment share rules, or the Customsettings.ini file. In this file you can answer and hide all of the prompts from the Windows Deployment Wizard, which yields a deployment experience that mostly consists of a progress bar that displays the automated actions occurring on the device. The deployment share rules are shown directly in the **Rules** tab of the deployment share properties, as shown in Figure 24.
![Deployment share rules configured for automation of the Windows Deployment Wizard](images/surface-deploymdt-fig24.png "Deployment share rules configured for automation of the Windows Deployment Wizard")
*Figure 24. Deployment share rules configured for automation of the Windows Deployment Wizard*
To configure automation for the production deployment, copy and paste the following text into the text box on the **Rules** tab of your deployment share properties:
```
[Settings]
Priority=Model,Default
Properties=MyCustomProperty
[Surface Pro 4]
SkipTaskSequence=YES
TaskSequenceID=Win10SP4
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipBDDWelcome=YES
SkipUserData=YES
UserDataLocation=AUTO
SkipApplications=YES
SkipPackageDisplay=YES
SkipComputerName=YES
SkipDomainMembership=YES
JoinDomain=contoso.com
DomainAdmin=MDT
DomainAdminDomain=contoso
DomainAdminPassword=P@ssw0rd
SkipLocaleSelection=YES
KeyboardLocale=en-US
UserLocale=en-US
UILanguage=en-US
SkipTimeZone=YES
TimeZoneName=Pacific Standard Time
UserID=MDTUser
UserDomain=STNDeployServer
UserPassword=P@ssw0rd
SkipSummary=YES
SkipFinalSummary=YES
FinishAction=LOGOFF
```
Rules used in this example include:
* **SkipTaskSequence** This rule is used to skip the **Task Sequence** page where the user would have to select between available task sequences.
* **TaskSequenceID** This rule is used to instruct the Windows Deployment Wizard to run a specific task sequence. In this scenario the task sequence ID should match the deployment task sequence you created in the previous section.
* **OSInstall** This rule indicates that the Windows Deployment Wizard will be performing an operating system deployment.
* **SkipCapture** This rule prevents the **Capture Image** page from being displayed, prompting the user to create an image of this device after deployment.
* **SkipAdminPassword** This rule prevents the **Admin Password** page from being displayed. The Administrator password specified in the task sequence will still be applied.
* **SkipProductKey** This rule prevents the **Specify Product Key** page from being displayed. The product key specified in the task sequence will still be applied.
* **SkipComputerBackup** This rule prevents the **Move Data and Settings** page from being displayed, where the user is asked if they would like to make a backup of the computer before performing deployment.
* **SkipBitLocker** This rule prevents the **BitLocker** page from being displayed, where the user is asked if BitLocker Drive Encryption should be used to encrypt the device.
* **SkipBDDWelcome** This rule prevents the **Welcome** page from being displayed, where the user is prompted to begin Windows deployment.
* **SkipUserData** This rule prevents the **User Data (Restore)** page from being displayed, where the user is asked to restore previously backed up user data in the new environment.
* **UserDataLocation** This rule prevents the user from being prompted to supply a location on the User Data (Restore) page.
* **SkipApplications** This rule prevents the **Applications** page from being displayed, where the user is prompted to select from available applications to be installed in the new environment.
* **SkipPackageDisplay** This rule prevents the **Packages** page from being displayed, where the user is prompted to select from available packages to be installed in the new environment.
* **SkipComputerName** This rule, when combined with the **SkipDomainMembership** rule, prevents the **Computer Details** page from being displayed, where the user is asked to supply computer name and join a domain or workgroup.
* **SkipDomainMembership** This rule, when combined with the **SkipComputerName** rule, prevents the **Computer Details** page from being displayed, where the user is asked to supply computer name and join a domain or workgroup.
* **JoinDomain** This rule instructs the Windows Deployment Wizard to have the computer join the specified domain using the specified credentials.
* **DomainAdmin** This rule specifies the username for the domain join operation.
* **DomainAdminDomain** This rule specifies the domain for the username for the domain join operation.
* **DomainAdminPassword** This rule specifies the password for the username for the domain join operation.
* **SkipLocaleSelection** This rule, along with the **SkipTimeZone** rule, prevents the **Locale and Time** page from being displayed.
* **KeyboardLocale** This rule is used to specify the keyboard layout for the deployed Windows environment.
* **UserLocale** This rule is used to specify the geographical locale for the deployed Windows environment.
* **UILanguage** This rule is used to specify the language to be used in the deployed Windows environment.
* **SkipTimeZone** This rule, along with the **SkipLocaleSelection** rule, prevents the **Locale and Time** page from being displayed.
* **TimeZoneName** This rule is used to specify the time zone for the deployed Windows environment.
* **UserID** This rule is used to supply the username under which the MDT actions and task sequence steps are performed.
* **UserDomain** This rule is used to supply the domain for the username under which the MDT actions and task sequence steps are performed.
* **UserPassword** This rule is used to supply the password for the username under which the MDT actions and task sequence steps are performed.
* **SkipSummary** This rule prevents the **Summary** page from being displayed before the task sequence is run, where the user is prompted to confirm the selections before beginning the task sequence.
* **SkipFinalSummary** This rule prevents the **Summary** page from being displayed when the task sequence has completed.
* **FinishAction** This rule specifies whether to log out, reboot, or shut down the device after the task sequence has completed.
You can read about all of the possible deployment share and boot media rules in the [Microsoft Deployment Toolkit Reference](https://technet.microsoft.com/library/dn781091).
### Update and import updated MDT boot media
The process to update MDT boot media with these new rules and changes to the deployment share is very similar to the process to generate boot media from scratch.
To update the MDT boot media, follow these steps:
1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard.
2. The Update Deployment Share Wizard displays a series of steps, as follows:
* **Options** Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
* **Summary** Review the specified options on this page before you click **Next** to begin the update of boot images.
* **Progress** While the boot images are being updated a progress bar is displayed on this page.
* **Confirmation** When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
To import the updated MDT boot media into WDS for PXE boot, follow these steps:
1. Open Windows Deployment Services from the Start menu or Start screen.
2. Expand **Servers** and your deployment server.
3. Click the **Boot Images** folder.
4. Right-click the existing MDT boot image, and then click **Replace Image** to open the Replace Boot Image Wizard.
5. Replace the previously imported MDT boot image with the updated version by using these steps in the Replace Boot Image Wizard:
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
* **Available Images** Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections for importing a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
6. Right-click the **Boot Images** folder, and then click **Add Image** to open the Add Image Wizard.
7. Add the new 64-bit boot image for 64-bit UEFI device compatibility with the Add Image Wizard , as follows:
* **Image File** Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
* **Image Metadata** Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
* **Summary** Review your selections to import a boot image into WDS, and then click **Next**.
* **Task Progress** A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
>[!NOTE]
>Although it is a best practice to replace and update the boot images in WDS whenever the MDT deployment share is updated, for deployment to Surface devices the 32-bit boot image, LiteTouchPE_x86.wim, is not required. Only the 64-bit boot image is required for 64-bit UEFI devices.
### Deploy Windows to Surface
With all of the automation provided by the deployment share rules and task sequence, performing the deployment on each Surface device becomes as easy as a single touch.
>[!NOTE]
>For the deployment to require only a single touch, the Surface devices must be connected to a keyboard, connected to the network with a Microsoft Surface USB Ethernet Adapter or Surface Dock, and configured with PXE boot as the first boot option, as shown in Figure 25.
![Set boot priority for PXE boot](images/surface-deploymdt-fig25.png "Set boot priority for PXE boot")
*Figure 25. Setting boot priority for PXE boot*
On a properly configured Surface device, simply turn on the device and press Enter when you are prompted to boot from the network. The fully automated MDT deployment process will then take over and perform the following tasks:
* The MDT boot media will be loaded to your Surface device via the network
* The MDT boot media will use the provided credentials and rules to connect to the MDT deployment share
* The task sequence and drivers will be automatically selected for your device via make and model information
* The task sequence will deploy your updated Windows 10 image to the device complete with the selected drivers
* The task sequence will join your device to the domain
* The task sequence will install the applications you specified, Microsoft Office and Surface app
* Windows Update will run, installing any new Windows Updates or updates for installed applications, like Microsoft Office
* The task sequence will complete silently and log out of the device
>[!NOTE]
>For Surface devices not configured to boot to the network as the first boot option, you can hold Volume Down and press Power to boot the system immediately to a USB or network device.
The resulting configuration is a Surface device that is logged out and ready for an end user to enter their credentials, log on, and get right to work. The applications and drivers they need are already installed and up to date.
> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md).
For the latest information about using MDT, refer to [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).

14
devices/surface/enroll-and-configure-surface-devices-with-semm.md
View File

@ -24,7 +24,7 @@ For a more high-level overview of SEMM, see [Microsoft Surface Enterprise Manage
A streamlined method of managing firmware from the cloud on Surface Pro 7,Surface Pro X and Surface Laptop 3 is now available via public preview. For more information,refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
> [!NOTE]
> SEMM is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md).
> SEMM is supported on Surface Pro X via the UEFI Manager only. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md).
#### Download and install Microsoft Surface UEFI Configurator
The tool used to create SEMM packages is Microsoft Surface UEFI Configurator. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
@ -57,8 +57,10 @@ To create a Surface UEFI configuration package, follow these steps:
6. Click **Password Protection** to add a password to Surface UEFI. This password will be required whenever you boot to UEFI. If this password is not entered, only the **PC information**, **About**, **Enterprise management**, and **Exit** pages will be displayed. This step is optional.
7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank.
8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.)
> [!NOTE]
> You must select a device as none are selected by default.
![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility")
![Choose devices for package compatibility](images/surface-semm-enroll-fig3.jpg "Choose devices for package compatibility")
*Figure 3. Choose the devices for package compatibility*
@ -107,11 +109,11 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
3. Click **Finish** to complete the Surface UEFI configuration package installation and restart the Surface device when you are prompted to do so.
4. Surface UEFI will load the configuration file and determine that SEMM is not enabled on the device. Surface UEFI will then begin the SEMM enrollment process, as follows:
* Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
* Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
* Surface UEFI will prompt you to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
![SEMM enrollment requires last two characters of certificate thumbprint](images/surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint")
*Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
![SEMM enrollment requires last two characters of certificate thumbprint](images/surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint")
*Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
* Surface UEFI will store the SEMM certificate in firmware and apply the configuration settings that are specified in the Surface UEFI configuration file.

5
devices/surface/ethernet-adapters-and-surface-device-deployment.md
View File

@ -28,7 +28,7 @@ Network deployment to Surface devices can pose some unique challenges for system
Before you can address the concerns of how you will boot to your deployment environment or how devices will be recognized by your deployment solution, you have to use a wired network adapter.
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. For more information on potential conflicts with shared adapters, see [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) later in this article.
Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
@ -67,7 +67,6 @@ For Windows 10, version 1511 and later including the Windows Assessment and
## <a href="" id="manage-mac-addresses"></a>Manage MAC addresses with removable Ethernet adapters
Another consideration for administrators performing Windows deployment over the network is how you will identify computers when you use the same Ethernet adapter to deploy to more than one computer. A common identifier used by deployment technologies is the Media Access Control (MAC) address that is associated with each Ethernet adapter. However, when you use the same Ethernet adapter to deploy to multiple computers, you cannot use a deployment technology that inspects MAC addresses because there is no way to differentiate the MAC address of the removable adapter when used on the different computers.
The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks.
@ -85,7 +84,7 @@ To access the firmware of a Surface device, follow these steps:
When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](https://technet.microsoft.com/library/cc742034). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](https://technet.microsoft.com/library/cc732360) in **Windows Deployment Server Properties**.
The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm/ba-p/257374), a blog post on the Core Infrastructure and Security Blog.
 

82
devices/surface/get-started.yml
View File

@ -24,59 +24,51 @@ landingContent:
linkLists:
- linkListType: overview
links:
- text: Surface Pro 7 for Business
url: https://www.microsoft.com/surface/business/surface-pro-7
- text: Surface Pro X for Business
url: https://www.microsoft.com/surface/business/surface-pro-x
- text: Surface Laptop 3 for Business
url: https://www.microsoft.com/surface/business/surface-laptop-3
- text: Surface Book 2 for Business
url: https://www.microsoft.com/surface/business/surface-book-2
- text: Surface Studio 2 for Business
url: https://www.microsoft.com/surface/business/surface-studio-2
- text: Surface Go
url: https://www.microsoft.com/surface/business/surface-go
- linkListType: video
links:
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ
- text: Surface Go 2 for Business
url: https://www.microsoft.com/surface/business/surface-go-2
- text: Surface Book 3 for Business
url: https://www.microsoft.com/surface/business/surface-book-3
- text: Explore all Surface family products
url: https://www.microsoft.com/surface/business
# Card (optional)
- title: Get started
linkLists:
- linkListType: get-started
links:
- text: Surface and Endpoint Configuration Manager considerations
url: considerations-for-surface-and-system-center-configuration-manager.md
- text: Wake On LAN for Surface devices
url: wake-on-lan-for-surface-devices.md
- text: Surface Book 3 GPU technical overview
url: surface-book-gpu-overview.md
- text: Surface Book 3 Quadro RTX 3000 technical overview
url: surface-book-quadro.md
- text: Whats new in Surface Dock 2
url: surface-dock-whats-new.md
# Card
- title: Deploy Surface devices
linkLists:
- linkListType: deploy
links:
- text: Manage and deploy Surface driver and firmware updates
url: manage-surface-driver-and-firmware-updates.md
- text: Surface Deployment Accelerator tool
url: microsoft-surface-deployment-accelerator.md
- text: Autopilot and Surface devices
url: windows-autopilot-and-surface-devices.md
- text: Deploying, managing, and servicing Surface Pro X
url: surface-pro-arm-app-management.md
# Card
- text: Windows Virtual Desktop on Surface
url: windows-virtual-desktop-surface.md
# Card
- title: Manage Surface devices
linkLists:
- linkListType: how-to-guide
links:
- text: Optimize Wi-Fi connectivity for Surface devices
url: surface-wireless-connect.md
- text: Manage and deploy Surface driver and firmware updates
url: manage-surface-driver-and-firmware-updates.md
- text: Best practice power settings for Surface devices
url: maintain-optimal-power-settings-on-Surface-devices.md
- text: Manage battery limit with UEFI
url: battery-limit.md
- text: Optimize Wi-Fi connectivity for Surface devices
url: surface-wireless-connect.md
# Card
- title: Secure Surface devices
- title: Explore security guidance
linkLists:
- linkListType: how-to-guide
links:
@ -86,37 +78,39 @@ landingContent:
url: surface-enterprise-management-mode.md
- text: Surface Data Eraser tool
url: microsoft-surface-data-eraser.md
# Card
# Card
- title: Discover Surface tools
linkLists:
- linkListType: how-to-guide
links:
- text: Surface Dock Firmware Update
url: surface-dock-firmware-update.md
- text: Surface Diagnostic Toolkit for Business
url: surface-diagnostic-toolkit-for-business-intro.md
- text: SEMM and UEFI
url: surface-enterprise-management-mode.md
- text: Surface Brightness Control
url: microsoft-surface-brightness-control.md
- text: Battery Limit setting
url: battery-limit.md
# Card
- title: Support and community
# Card
- title: Browse support solutions
linkLists:
- linkListType: learn
links:
- text: Top support solutions
url: support-solutions-surface.md
- text: Maximize your Surface battery life
url: https://support.microsoft.com/help/4483194/maximize-surface-battery-life
- text: Protecting your data during Surface repair or service
url: https://support.microsoft.com/help/4023508/surface-faq-protecting-your-data-service
- text: Troubleshoot Surface Dock and docking stations
url: https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations
- linkListType: reference
# Card
- title: Participate in Surface Community
linkLists:
- linkListType: learn
links:
- text: Surface IT Pro blog
url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro
- text: Surface Devices Tech Community
url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ

BIN
devices/surface/images/enable-bl.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 235 KiB

After

Width:  |  Height:  |  Size: 289 KiB

BIN
devices/surface/images/go-batterylimit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 177 KiB

BIN
devices/surface/images/graphics-settings2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
devices/surface/images/surface-deployment-accelerator.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
devices/surface/images/surface-dock2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
devices/surface/images/surface-semm-enroll-fig3.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

9
devices/surface/index.yml
View File

@ -30,12 +30,7 @@ additionalContent:
# Card
- title: Surface Hub documentation
summary: Learn how to deploy and manage Surface Hub 2S, the all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device.
url: https://docs.microsoft.com/surface-hub/index
# Card
- title: Surface Hub adoption guidance
summary: Get best practices for technical readiness and adoption across your lines of business.
url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
url: https://docs.microsoft.com/surface-hub/index
- title: Other resources # < 60 chars (optional)
items:
# Card
@ -50,6 +45,8 @@ additionalContent:
links:
- text: Surface training on Microsoft Learn
url: https://docs.microsoft.com/learn/browse/?term=Surface
- text: Surface Hub 2S adoption guidance
url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit
- text: Microsoft Mechanics Surface videos
url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ

15
devices/surface/microsoft-surface-data-eraser.md
View File

@ -11,9 +11,10 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
audience: itpro
ms.date: 05/11/2020
---
# Microsoft Surface Data Eraser
@ -28,6 +29,8 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
* Surface Book 3
* Surface Go 2
* Surface Pro 7
* Surface Pro X
* Surface Laptop 3
@ -164,6 +167,14 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
### 3.30.139
*Release Date: 11 May 2020*
This version of Surface Data Eraser adds support for:
- Surface Book 3
- Surface Go 2
- New SSD in Surface Go
### 3.28.137
*Release Date: 11 Nov 2019*
This version of Surface Data Eraser:

131
devices/surface/microsoft-surface-deployment-accelerator.md
View File

@ -11,134 +11,33 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.audience: itpro
ms.date: 5/08/2020
---
# Microsoft Surface Deployment Accelerator
Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
> [!NOTE]
> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
Redesigned in April 2020 to simplify and automate deployment of Surface images in a corporate environment, the
SDA tool allows you to build a “factory-like” Windows image that you can customize to your organizational requirements.
SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
The open source, script-driven SDA tool leverages the Windows Assessment and Deployment Kit (ADK) for Windows 10, facilitating the creation of Windows images (WIM) in test or production environments. If the latest ADK is not already installed, it will be downloaded and installed when running the SDA tool.
**Download Microsoft Surface Deployment Accelerator**
The resulting image closely matches the configuration of Bare Metal Recovery (BMR) images, without any pre-installed applications such as Microsoft Office or the Surface UWP application.
You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
**To run SDA:**
1. Go to the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page on the Microsoft Download Center.
1. Go to [SurfaceDeploymentAccelerator](https://github.com/microsoft/SurfaceDeploymentAccelerator) on GitHub.
2. Select **Clone or Download** and review the Readme file.
3. Edit the script with the appropriate variables for your environment, as documented in the Readme, and review before running it in your test environment.
2. Click the **Download** button, select the **Surface\_Deployment\_Accelerator\_xxxx.msi** file, and then click **Next**.
![Running Surface Deployment Accelerator tool](images/surface-deployment-accelerator.png)
## Microsoft Surface Deployment Accelerator prerequisites
Before you install SDA, your environment must meet the following prerequisites:
- SDA must be installed on Windows Server 2012 R2 or later
- PowerShell Script Execution Policy must be set to **Unrestricted**
- DHCP and DNS must be enabled on the network where the Windows Server 2012 R2 environment is connected
- To download Surface drivers and apps automatically the Windows Server 2012 R2 environment must have Internet access and Internet Explorer Enhanced Security Configuration must be disabled
- To support network boot, the Windows Server 2012 R2 environment must have Windows Deployment Services installed and configured to respond to PXE requests
- Access to Windows source files or installation media is required when you prepare a deployment with SDA
- At least 6 GB of free space for each version of Windows you intend to deploy
## How Microsoft Surface Deployment Accelerator works
As you progress through the SDA wizard, you will be asked some basic questions about how your deployment solution should be configured. As you select the desired Surface models to be supported and apps to be installed (see Figure 1), the wizard will prepare scripts that download, install, and configure everything needed to perform a complete deployment and capture of a reference image. By using the network boot (PXE) capabilities of Windows Deployment Services (WDS), the resulting solution enables you to boot a Surface device from the network and perform a clean deployment of Windows.
![Software and driver selection window](images/sda-fig1-select-steps.png "Software and driver selection window")
*Figure 1. Select desired apps and drivers*
When the SDA completes, you can use the deployment share to deploy over the network immediately. Simply boot your Surface device from the network using a Surface Ethernet Adapter and select the Surface deployment share you created with the SDA wizard. Select the **1- Deploy Microsoft Surface** task sequence and the wizard will walk you through an automated deployment of Windows to your Surface device.
You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt#sec04), or to [pause the automated installation routine](https://blogs.technet.microsoft.com/mniehaus/2009/06/26/mdt-2010-new-feature-3-suspend-and-resume-a-lite-touch-task-sequence/). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
>[!NOTE]
>With SDA v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.
 
## <a href="" id="use-microsoft-surface-deployment-accelerator-without-an-internet-connection--"></a>Use Microsoft Surface Deployment Accelerator without an Internet connection
For environments where the SDA server will not be able to connect to the Internet, the required Surface files can be downloaded separately. To specify a local source for Surface driver and app files, select the **Copy from a local directory** option and specify the location of your downloaded files (see Figure 2). All of the driver and app files for your selected choices must be placed in the specified folder.
![Specify a local source for Surface driver and app files](images/sda-fig2-specify-local.png "Specify a local source for Surface driver and app files")
*Figure 2. Specify a local source for Surface driver and app files*
You can find a full list of available driver downloads at [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
>[!NOTE]
>Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder.
>[!NOTE]
>Using files from a local directory is not supported when including Office 365 in your deployment share. To include Office 365 in your deployment share, select the **Download from the Internet** check box.
## Changes and updates
SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator).
>[!NOTE]
>To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share.
### Version 2.8.136.0
This version of SDA supports deployment of the following:
* Surface Book 2
* Surface Laptop
* Surface Pro LTE
### Version 2.0.8.0
This version of SDA supports deployment of the following:
* Surface Pro
>[!NOTE]
>SDA version 2.0.8.0 includes support only for Surface Pro, and does not support other Surface devices such as Surface Pro 4 or Surface Book. To deploy these devices, please continue to use SDA version 1.96.0405.
 
### Version 1.96.0405
This version of SDA adds support for the following:
* Microsoft Deployment Toolkit (MDT) 2013 Update 2
* Office 365 Click-to-Run
* Surface 3 and Surface 3 LTE
* Reduced Windows Assessment and Deployment Kit (Windows ADK) footprint, only the following Windows ADK components are installed:
* Deployment tools
* Windows Preinstallation Environment (WinPE)
* User State Migration Tool (USMT)
### Version 1.90.0258
This version of SDA adds support for the following:
* Surface Book
* Surface Pro 4
* Windows 10
### Version 1.90.0000
This version of SDA adds support for the following:
* Local driver and app files can be used to create a deployment share without access to the Internet
### Version 1.70.0000
This version is the original release of SDA. This version of SDA includes support for:
* MDT 2013 Update 1
* Windows ADK
* Surface Pro 3
* Windows 8.1
## Related topics
[Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
[Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
## Related links
- [Open source image deployment tool released on GitHub](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/open-source-image-deployment-tool-released-on-github/ba-p/1314115)
- [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install)

410
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -1,410 +0,0 @@
---
title: Step by step Surface Deployment Accelerator (Surface)
description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices.
ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032
ms.reviewer:
manager: laurawi
ms.localizationpriority: medium
keywords: deploy, configure
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.topic: article
ms.date: 10/31/2019
---
# Step by step: Surface Deployment Accelerator
This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE).
> [!NOTE]
> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
## How to install Surface Deployment Accelerator
For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
1. Download SDA, which is included in [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) on the Microsoft Download Center.
2. Run the SDA installation file, named **Surface\_Deployment\_Accelerator\_*xxxx*.msi**, where *xxxx* is the current version number.
3. Accept the End User License Agreement (EULA) by selecting the check box, and then click **Install**, as shown in Figure 1.
![Surface Deployment Accelerator setup](images/sdasteps-fig1.png "Surface Deployment Accelerator setup")
*Figure 1. SDA setup*
4. Click **Finish** to complete the installation of SDA.
The tool installs in the SDA program group, as shown in Figure 2.
![SDA program group and icon](images/sdasteps-fig2.png "SDA program group and icon")
*Figure 2. The SDA program group and icon*
>[!NOTE]
>At this point, the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
## Create a deployment share
The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
>[!NOTE]
>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
2. On the **Welcome** page, click **Next** to continue.
3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
>[!NOTE]
>As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
> * Deployment tools
> * User State Migration Tool (USMT)
> * Windows Preinstallation Environment (WinPE)
> [!NOTE]
> As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
- **Configure Deployment Share for Windows 10**
- **Local Path** Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
- **Share Name** Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
- **Windows 10 Deployment Services**
- Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
- **Windows 10 Source Files**
- **Local Path** Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
![Specify Windows 10 deployment share options](images/sdasteps-fig3.png "Specify Windows 10 deployment share options")
*Figure 3. Specify Windows 10 deployment share options*
6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
![Firmware tool selection](images/sdasteps-fig4-select.png "Firmware tool selection")
*Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
>[!NOTE]
>You cannot select both Surface 3 and Surface 3 LTE models at the same time.
7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
- Download of Windows ADK
- Installation of Windows ADK
- Download of MDT
- Installation of MDT
- Download of Surface apps and drivers
- Creation of the deployment share
- Import of Windows installation files into the deployment share
- Import of the apps and drivers into the deployment share
- Creation of rules and task sequences for Windows deployment
![The installation progress window](images/sdasteps-fig5-installwindow.png "The installation progress window")
*Figure 5. The Installation Progress window*
### Optional: Workaround for Webclient exception
You may see this error message while installing the latest version of ADK or MDT: _An exception occurred during a WebClient request._ This is due to incompatibility between the Surface Deployment Accelerator (SDA) and Background Intelligent Transfer Service (BITS). To work around this issue, do the following.
In the two PowerShell scripts:
```PowerShell
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
```
Edit the $BITSTransfer variable in the input parameters to $False as shown below:
```PowerShell
Param(
[Parameter(
Position=0,
Mandatory=$False,
HelpMessage="Download via BITS bool true/false"
)]
[string]$BITSTransfer = $False
)
```
8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
### Optional: Create a deployment share without an Internet connection
If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver and app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.
>[!NOTE]
>All of the downloaded driver and applications files must be located in the same folder. If a required driver or application file is missing from the selected folder when you click **Next**, a warning is displayed and the wizard will not proceed to the next step.
>[!NOTE]
>The driver and app files do not need to be extracted from the downloaded .zip files.
>[!NOTE]
>Including Office 365 in your deployment share requires an Internet connection and cannot be performed if you use local files.
![Specify Surface driver and app files](images/sdasteps-fig6-specify-driver-app-files.png "Specify Surface driver and app files")
*Figure 6. Specify the Surface driver and app files from a local path*
>[!NOTE]
>The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
### <a href="" id="optional"></a>Optional: Prepare offline USB media
You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.
>[!NOTE]
>The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
1. **diskpart** Opens DiskPart to manage disks and partitions.
2. **list disk** Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive.
3. **sel disk 2** Selects your USB drive; use the number that corresponds with the disk in your system.
4. **clean** Removes all configuration from your USB drive.
>[!WARNING]
>This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command.
5. **create part pri** Creates a primary partition on the USB drive.
6. **format fs=fat32 quick** Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices.
7. **assign** Assigns the next available drive letter to the newly created FAT32 volume.
8. **active** Sets the partition to be active, which is required to boot the volume.
9. **exit** Exits DiskPart, after which you can close the PowerShell or Command Prompt window.
![Use DiskPart to prepare a USB drive for boot](images/sdasteps-fig7-diskpart.png "Use DiskPart to prepare a USB drive for boot")
*Figure 7. Use DiskPart to prepare a USB drive for boot*
>[!NOTE]
>You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen.
2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share.
3. Expand the folder **Advanced Configuration** and select the **Media** folder.
4. Right-click the **Media** folder and click **New Media** as shown in Figure 8 to start the New Media Wizard.
![The Media folder of the SDA deployment share](images/sdasteps-fig8-mediafolder.png "The Media folder of the SDA deployment share")
*Figure 8. The Media folder of the SDA deployment share*
5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**.
![Specify a location and selection profile for your offline media](images/sdasteps-fig9-location.png "Specify a location and selection profile for your offline media")
*Figure 9. Specify a location and selection profile for your offline media*
6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media.
7. A **Progress** page is displayed while the media is created.
8. On the **Confirmation** page, click **Finish** to complete creation of the media.
9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10.
![Rules of the SDA deployment share](images/sdasteps-fig10-rules.png "Rules of the SDA deployment share")
*Figure 10. Rules of the SDA deployment share*
10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text.
11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties.
12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab.
13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules.
14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text.
16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window.
17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
```PowerShell
UserID=
UserDomain=
UserPassword=
DeployRoot=\\SDASERVER\SDAWin10
UserID=
UserDomain=
UserPassword=
```
![The Bootstrap.ini file](images/sdasteps-fig11-bootstrap.ini.png "The Bootstrap.ini file")
*Figure 11. The Bootstrap.ini file of MEDIA001*
20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window.
21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share.
![Select the Update Media Content option](images/sdasteps-fig12-updatemedia.png "Select the Update Media Content option")
*Figure 12. Select the Update Media Content option*
22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
The final step is to copy the offline media files to your USB drive.
1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**.
2. Copy all of the files from the Content folder to the root of the USB drive.
Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device.
## SDA task sequences
The SDA deployment share is configured with all of the resources required to perform a Windows deployment to a Surface device. These resources include Windows source files, image, Surface drivers, and Surface apps. The deployment share also contains two pre-configured task sequences, as shown in Figure 13. These task sequences contain the steps required to perform a deployment to a Surface device using the default Windows image from the installation media or to create a reference image complete with Windows updates and applications. To learn more about task sequences, see [MDT 2013 Update 2 Lite Touch components](https://technet.microsoft.com/itpro/windows/deploy/mdt-2013-lite-touch-components).
![Task sequences in the Deployment Workbench](images/sdasteps-fig13-taskseq.png "Task sequences in the Deployment Workbench")
*Figure 13. Task sequences in the Deployment Workbench*
### Deploy Microsoft Surface
The **1 Deploy Microsoft Surface** task sequence is used to perform a complete deployment of Windows to a Surface device. This task sequence is pre-configured by the SDA wizard and is ready to perform a deployment as soon as the wizard completes. Running this task sequence on a Surface device deploys the unaltered Windows image copied directly from the Windows installation media you specified in the SDA wizard, along with the Surface drivers for your device. The drivers for your Surface device will be automatically selected through the pre-configured deployment share rules.
When you run the task sequence, you will be prompted to provide the following information:
- A computer name
- Your domain information and the credentials required to join the domain
- A product key, if one is required
>[!NOTE]
>If you are deploying the same version of Windows as the version that came on your device, no product key is required.
- A time zone
- An Administrator password
The Surface apps you specified on the **Configure** page of the SDA wizard are automatically installed when you run this task sequence on a Surface device.
### Create Windows reference image
The **2 Create Windows Reference Image** task sequence is used to perform a deployment to a virtual machine for the purpose of capturing an image complete with Windows Updates for use in a deployment to Surface devices. By installing Windows Updates in your reference image, you eliminate the need to download and install those updates on each deployed Surface device. The deployment process with an up-to-date image is significantly faster and more efficient than performing a deployment first and then installing Windows Updates on each device.
Like the **1 Deploy Microsoft Surface** task sequence, the **2 Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.
>[!NOTE]
>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and Microsoft Endpoint Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
In addition to the information required by the **1 Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard.
## Deployment to Surface devices
To perform a deployment from the SDA deployment share, follow this process on the Surface device:
1. Boot the Surface device to MDT boot media for the SDA deployment share. You can do this over the network by using PXE boot, or from a USB drive as described in the [Optional: Prepare offline USB media](#optional) section of this article.
2. Select the deployment share for the version of Windows you intend to deploy and enter your credentials when you are prompted.
3. Select the task sequence you want to run, usually the **1 Deploy Microsoft Surface** task sequence.
4. Address the task sequence prompts to pick applications, supply a password, and so on.
5. The task sequence performs the automated deployment using the options specified.
### Boot the Surface device from the network
To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
To boot the Surface device from the network, you must also use a Microsoft Surface Ethernet Adapter or the Ethernet port on a Microsoft Surface Dock. Third-party Ethernet adapters are not supported for network boot (PXE boot). A keyboard is also required. Both the Microsoft Surface Type Cover and keyboards connected via USB to the device or dock are supported.
To instruct your Surface device to boot from the network, start with the device powered off and follow these steps:
1. Press and hold the **Volume Down** button, press and release the **Power** button. Continue holding the **Volume Down** button until the device has begun to boot from the network.
2. Press **Enter** when prompted by the dialog on the screen. This prompt indicates that your device has found the WDS PXE server over the network.
3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
4. Enter the domain credentials that you use to log on to the server where SDA is installed when you are prompted, as shown in Figure 14.
![Prompt for credentials to the deployment share](images/sdasteps-fig14-credentials.png "Prompt for credentials to the deployment share")
*Figure 14. The prompt for credentials to the deployment share*
5. The Windows Deployment Wizard will start from the deployment share to walk you through the deployment process.
### Alternatively boot the devices from the USB stick
To boot a device from the USB stick:
1. Press and hold the **Volume Down** button, press and release the **Power** button. Continue holding the **Volume Down** button until the device has begun to boot from the USB drive.
2. The Windows Deployment Wizard will start from the deployment share to walk you through the deployment process.
### Run the Deploy Microsoft Surface task sequence
To run the Deploy Microsoft Surface task sequence:
1. On the **Task Sequence** page, select the **1 Deploy Microsoft Surface** task sequence as shown in Figure 15, and then click **Next.**
![Select the task sequence](images/sdasteps-fig15-deploy.png "Select the task sequence")
*Figure 15. Select the 1 Deploy Microsoft Surface task sequence*
2. On the **Computer Details** page, type a name for the Surface device in the **Computer Name** box. In the **Join a domain** section, type your domain name and credentials as shown in Figure 16, and then click **Next**.
![Computer name and domain credentials](images/sdasteps-fig16-computername.png "Computer name and domain credentials")
*Figure 16. Enter the computer name and domain information*
3. On the **Product Key** page, keep the **No product key is required** check box selected if you are deploying the same version and edition of Windows to your Surface devices as they came with from the factory. If you are deploying a different version or edition of Windows to the device, such as Windows Enterprise, select the licensing option that is applicable to your scenario.
4. On the **Locale and Time** page, select your desired **Language Settings** and **Time Zone**, and then click **Next.**
5. On the **Administrator Password** page, type a password for the local Administrator account on the Surface device, and then click **Next.**
6. On the **BitLocker** page, select the **Enable BitLocker** option along with your desired configuration of BitLocker protectors if you want to encrypt the device. Otherwise, keep the **Do not enable BitLocker for this computer** check box selected, and then click **Next.**
7. On the **Ready** page, verify your selections and then click **Begin** to start the automated deployment to this device. The deployment will not require user interaction again. The Windows Deployment Wizard will close and an **Installation Progress** window is displayed to show progress of the task sequence as the image is applied and applications are installed (Figure 17).
![Installation progress window](images/sdasteps-fig17-installprogresswindow.png "Installation progress window")
*Figure 17. The Installation Progress window*
8. When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.

62
devices/surface/support-solutions-surface.md
View File

@ -1,5 +1,5 @@
---
title: Top support solutions for Surface devices
title: Top support solutions for Surface devices in the enterprise
description: Find top solutions for common issues using Surface devices in the enterprise.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
ms.reviewer:
@ -20,16 +20,36 @@ ms.audience: itpro
# Top support solutions for Surface devices
> [!Note]
> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated. For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
These are the Microsoft Support solutions for common issues you may experience using Surface devices in an enterprise. If your issue is not listed here, [contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection).
## Surface Drivers and Firmware
These are the top Microsoft Support solutions for common issues experienced when using Surface devices in an enterprise.
Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated.
- [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history)
- [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined)
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482)
- [Deploy the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices)
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906)
## Surface Dock Issues
- [Troubleshoot Surface Dock and docking stations](https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations)
- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
## Device cover or keyboard issues
- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
## Screen cracked or scratched issues
- [Contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection)
- [Contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection)
## Surface Power or battery Issues
@ -41,29 +61,13 @@ These are the top Microsoft Support solutions for common issues experienced when
- [Maximize your Surface battery life](https://support.microsoft.com/help/4483194)
## Device cover or keyboard issues
## Reset device
- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
- [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/help/4023512)
## Surface Dock Issues
- [FAQ: Protecting your data if you send your Surface in for Service](https://support.microsoft.com/help/4023508)
- [Troubleshoot Surface Dock and docking stations](https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations)
- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
## Surface Drivers and Firmware
- [Surface Update History](https://support.microsoft.com/help/4036283)
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482)
- [Deploy the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices)
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906)
- [Microsoft Surface Data Eraser](https://docs.microsoft.com/surface/microsoft-surface-data-eraser)
## Deployment Issues
@ -72,11 +76,3 @@ These are the top Microsoft Support solutions for common issues experienced when
- [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105)
- [System SKU reference](https://docs.microsoft.com/surface/surface-system-sku-reference)
## Reset device
- [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/help/4023512)
- [FAQ: Protecting your data if you send your Surface in for Service](https://support.microsoft.com/help/4023508)
- [Microsoft Surface Data Eraser](https://docs.microsoft.com/surface/microsoft-surface-data-eraser)

166
devices/surface/surface-book-gpu-overview.md Normal file
View File

@ -0,0 +1,166 @@
---
title: Surface Book 3 GPU technical overview
description: This article provides a technical evaluation of GPU capabilities across Surface Book 3 models.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Surface Book 3 GPU technical overview
## Introduction
Surface Book 3, the most powerful Surface laptop yet released, integrates fully modernized compute and graphics capabilities into its famous detachable form factor. Led by the quad-core 10th Gen Intel® Core™ i7 and NVIDIA® Quadro RTX™ 3000 graphical processing unit (GPU) on the 15-inch model, Surface Book 3 comes in a wide range of configurations for consumers, creative professionals, architects, engineers, and data scientists. This article explains the major differences between the GPU configurations across 13-inch and 15-inch models of Surface Book 3.
A significant differentiator across Surface Book 3 models is the GPU configuration. In addition to the integrated Intel GPU built into all models, all but the entry-level, 13.5-inch core i5 device also feature a discrete NVIDIA GPU with Max-Q Design, which incorporates features that optimize energy efficiency for mobile form factors.
Built into the keyboard base, the additional NVIDIA GPU provides advanced graphics rendering capabilities and comes in two primary configurations: GeForce® GTX® 1650/1660 Ti for consumers or creative professionals and Quadro RTX 3000 for creative professionals, engineers, and other business professionals who need advanced graphics or deep learning capabilities. This article also describes how to optimize app utilization of GPUs by specifying which apps should use the integrated iGPU versus the discrete NVIDIA GPU.
## Surface Book 3 GPUs
This section describes the integrated and discrete GPUs across Surface Book 3 models. For configuration details of all models, refer to [Appendix A: Surface Book 3 SKUs](#).
### Intel Iris™ Plus Graphics
The integrated GPU (iGPU) included on all Surface Book 3 models incorporates a wider graphics engine and a redesigned memory controller with support for LPDDR4X. Installed as the secondary GPU on most Surface Book 3 models, Intel Iris Plus Graphics functions as the singular GPU in the core i5, 13.5-inch model. Although nominally the entry level device in the Surface Book 3 line, it delivers advanced graphics capabilities enabling consumers, hobbyists, and online creators to run the latest productivity software like Adobe Creative Cloud or enjoy gaming titles in 1080p.
### NVIDIA GeForce GTX 1650
NVIDIA GeForce GTX 1650 with Max-Q design delivers a major upgrade of the core streaming multiprocessor to more efficiently handle the complex graphics of modern games. Its
concurrent execution of floating point and integer operations boosts performance in compute-heavy workloads of modern games. A new unified memory architecture with twice the cache of its predecessor allows for better performance on complex modern games. New shading advancements improve performance, enhance image quality, and deliver new levels of geometric complexity.
### NVIDIA GeForce GTX 1660 Ti
Compared with the GeForce GTX 1650, the faster GeForce GTX 1660 Ti provides Surface Book 3 with additional performance improvements and includes the new and upgraded NVIDIA Encoder, making it better for consumers, gamers, live streamers, and creative professionals.
Thanks to 6 GB of GDDR6 graphics memory, Surface Book 3 models equipped with NVIDIA GeForce GTX 1660 TI provide superior speeds on advanced business productivity software and popular games especially when running the most modern titles or livestreaming. With an optional 2 TB SSD (available in U.S. only), the 15-inch model with GeForce GTX 1660 Ti delivers the most storage of any Surface Book 3 device.
### NVIDIA Quadro RTX 3000
NVIDIA Quadro RTX 3000 unlocks several key features for professional users: ray tracing rendering and AI acceleration, and advanced graphics and compute performance. A combination of 30 RT cores, 240 tensor cores, and 6 GB of GDDR6 graphics memory enables multiple advanced workloads including Al-powered workflows, 3D content creation, advanced video editing, professional broadcasting, and multi-app workflows. Enterprise level hardware and software support integrate deployment tools to maximize uptime and minimize IT support requirements. Certified for the worlds most advanced software, Quadro drivers are optimized for professional applications, and are tuned, tested, and validated to provide app certification, enterprise level stability, reliability, availability, and support with extended product availability.
## Comparing GPUs across Surface Book 3
NVIDIA GPUs provide users with great performance for gaming, live streaming, and content creation. GeForce GTX products are great for gamers and content creators. Quadro RTX products are targeted at professional users, provide great performance in gaming and content creation, and also add the following features:
- RTX acceleration for ray tracing and AI. This makes it possible to render film-quality, photorealistic objects and environments with physically accurate shadows, reflections and refractions. And its hardware accelerated AI capabilities means the advanced AI-based features in popular applications can run faster than ever before.
- Enterprise-level hardware, drivers and support, as well as ISV app certifications.
- IT management features including an additional layer of dedicated enterprise tools for remote management that help maximize uptime and minimize IT support requirements.
Unless you count yourself among the ranks of advanced engineering, design, architecture, or data science professionals, Surface Book 3 equipped with NVIDIA GeForce graphics capabilities will likely meet your needs. Conversely, if youre already in -- or aspiring to join -- a profession that requires highly advanced graphics capabilities in a portable form factor that lets you work from anywhere, Surface Book 3 with Quadro RTX 3000 deserves serious consideration. To learn more, refer to the Surface Book 3 Quadro RTX 3000 technical overview.
**Table 1. Discrete GPUs on Surface Book 3**
| | **GeForce GTX 1650** | **GeForce GTX 1660 Ti** | **Quadro RTX 3000** |
| -------------------- | -------------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
| **Target users** | Gamers, hobbyists and online creators | Gamers, creative professionals and online creators | Creative professionals, architects, engineers, developers, data scientists |
| **Workflows** | Graphic design<br>Photography<br>Video | Graphic design<br>Photography<br>Video | Al-powered Workflows <br>App certifications<br>High-res video<br>Pro broadcasting<br>Multi-app workflows |
| **Key apps** | Adobe Creative Suite | Adobe Creative Suite | Adobe Creative Suite<br>Autodesk AutoCAD<br>Dassault Systemes SolidWorks |
| **GPU acceleration** | Video and image processing | Video and image processing | Ray tracing + AI + 6K video<br>Pro broadcasting features<br>Enterprise support |
**Table 2. GPU tech specs on Surface Book 3**
| | **GeForce GTX 1650** | **GeForce GTX 1660 Ti** | **Quadro RTX 3000** |
| -------------------------------------------------------- | -------------------- | ----------------------- | ------------------- |
| **NVIDIA CUDA processing cores** | 1024 | 1536 | 1920 |
| **NVIDIA Tensor Cores** | No | No | 240 |
| **NVIDIA RT Cores** | No | No | 30 |
| **GPU memory** | 4 GB | 6 GB | 6 GB |
| **Memory Bandwidth (GB/sec)** | Up to 112 | Up to 288 | Up to 288 |
| **Memory type** | GDDR5 | GDDR6 | GDDR6 |
| **Memory interface** | 128-bit | 192-bit | 192-bit |
| **Boost clock MHz** | 1245 | 1425 | 1305 |
| **Base clock (MHz)** | 1020 | 1245 | 765 |
| **Real-time ray tracing** | No | No | Yes |
| **AI hardware acceleration** | No | No | Yes |
| **Hardware Encoder** | Yes | Yes | Yes |
| **Game Ready Driver (GRD)** | Yes <sup>1</sup> | Yes <sup>1</sup> |Yes <sup>2</sup>
| **Studio Driver (SD)** | Yes <sup>1</sup> | Yes<sup>1</sup> | Yes <sup>1</sup> |
| **Optimal Driver for Enterprise (ODE)** | No | No | Yes |
| **Quadro New Feature Driver (QNF)** | No | No | Yes |
| **Microsoft DirectX 12 API, Vulkan API, Open GL 4.6** | Yes | Yes | Yes |
| **High-bandwidth Digital Content Protection (HDCP) 2.2** | Yes | Yes | Yes |
| **NVIDIA GPU Boost** | Yes | Yes | Yes |
1. *Recommended*
2. *Supported*
## Optimizing power and performance on Surface Book 3
Windows 10 includes a Battery Saver mode with a performance slider that lets you maximize app performance (by sliding it to the right) or preserve battery life (by sliding it to the left). Surface Book 3 implements this functionality algorithmically to optimize power and performance across the following components:
- CPU Energy Efficiency Registers (Intel Speed Shift technology) and other SoC tuning parameters to maximize efficiency.
- Fan Maximum RPM with four modes: quiet, nominal, performance, and max.
- Processor Power Caps (PL1/PL2).
- Processor IA Turbo limitations.
By default, when the battery drops below 20 percent, the Battery Saver adjusts settings to extend battery life. When connected to power, Surface Book 3 defaults to “Best Performance” settings to ensure apps run in high performance mode on the secondary NVIDIA GPU present on all i7 Surface Book 3 systems.
Using default settings is recommended for optimal performance when used as a laptop or detached in tablet or studio mode. You can access Battery Saver by selecting the battery icon on the far right of the taskbar.
### Game mode
Surface Book 3 includes a new game mode that automatically selects maximum performance settings when launched.
### Safe Detach
New in Surface Book 3, apps enabled for Safe Detach let you disconnect while the app is using the GPU. For supported apps like *World of Warcraft*, your work is moved to the iGPU.
### Modifying app settings to always use a specific GPU
You can switch between the power-saving but still capable built-in Intel graphics and the more powerful discrete NVIDIA GPU and associate a GPU with a specific app. By default, Windows 10 automatically chooses the appropriate GPU, assigning graphically demanding apps to the discrete NVIDIA GPU. In most instances there is no need to manually adjust these settings. However, if you frequently detach and reattach the display from the keyboard base while using a graphically demanding app, youll typically need to close the app prior to detaching. To enable continuous use of the app without having to close it every time you detach or reattach the display, you can assign it to the integrated GPU, albeit with some loss of graphics performance.
In some instances, Windows 10 may assign a graphically demanding app to be iGPU; for example, if the app is not fully optimized for hybrid graphics. To remedy this, you can manually assign the app to the discrete NVIDIA GPU.
**To configure apps using custom per-GPU options:**
1. Go to **Settings** > **System** > **Display** and select **Graphics Settings**.
1. For a Windows desktop program, choose **Classic App** > **Browse** and then locate the program.
2. For a UWP app, choose **Universal App** and then select the app from the drop-down list.
2. Select **Add** to create a new entry on the list for your selected program, select Options to open Graphics Specifications, and then select your desired option.
![Select power saving or high performance GPU options](./images/graphics-settings2.png)
3. To verify which GPU are used for each app, open **Task Manager,** select **Performance,** and view the **GPU Engine** column.
## Appendix A: Surface Book 3 SKUs
| **Display** | **Processor** | **GPU** | **RAM** | **Storage** |
| ------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------- | ----------- |
| **13.5-inch** | Quad-core 10th Gen Core i5-1035G7 | Intel Iris™ Plus Graphics | 16 LPDDR4x | 256 GB |
| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 16 LPDDR4x | 256 GB |
| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 32 LPDDR4x | 512 GB |
| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 32 LPDDR4x | 1 TB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 16 LPDDR4x | 256 GB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 2 TB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB |
| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB |
> [!NOTE]
> 2TB SSD available in U.S. only: Surface Book 3 15” with NVIDIA GTX 1660Ti
## Summary
Built for performance, Surface Book 3 includes different GPU configurations optimized to meet specific workload and use requirements. An integrated Intel Iris graphics GPU functions as the sole GPU on the entry-level core i5 device and as a secondary GPU on all other models. GeForce GTX 1650 features a major upgrade of the core streaming multiprocessor to run complex graphics more efficiently. The faster GeForce GTX 1660 Ti provides Surface Book 3 with additional performance improvements making it better for consumers, gamers, live streamers, and creative professionals. Quadro RTX 3000 unlocks several key features for professional users: ray tracing rendering and AI acceleration, and advanced graphics and compute performance.
## Learn more
- [Surface Book 3 Quadro RTX 3000 technical overview](surface-book-quadro.md)
- [Surface for Business](https://www.microsoft.com/surface/business)

136
devices/surface/surface-book-quadro.md Normal file
View File

@ -0,0 +1,136 @@
---
title: Surface Book 3 GPU technical overview
description: This article describes the advanced capabilities enabled by Nvidia Quadro RTX 3000 in select Surface Book 3 for Business 15-inch models.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Surface Book 3 Quadro RTX 3000 technical overview
Surface Book 3 for Business powered by the NVIDIA® Quadro RTX™ 3000 GPU is built for professionals who need real-time rendering, AI acceleration, advanced graphics, and compute performance in a portable form factor. Quadro RTX 3000 fundamentally changes what you can do with the new Surface Book 3:
- **Ray Tracing** - Produce stunning renders, designs and animations faster than ever before with 30 RT Cores for hardware-accelerated ray tracing.
- **Artificial Intelligence** - Remove redundant, tedious tasks and compute intensive work with 240 Tensor Cores for GPU-accelerated AI.
- **Advanced Graphics and Compute Technology** - Experience remarkable speed and interactivity during your most taxing graphics and compute workloads with 1,920 CUDA Cores and 6GB of GDDR6 memory.
## Enterprise grade solution
Of paramount importance to commercial customers, Quadro RTX 3000 brings a fully professional grade solution that combines accelerated ray tracing and deep learning capabilities with an integrated enterprise level management and support solution. Quadro drivers are tested and certified for more than 100 professional applications by leading ISVs providing an additional layer of quality assurance to validate stability, reliability, and performance.
Quadro includes dedicated enterprise tools for remote management of Surface Book 3 devices with Quadro RTX 3000. IT admins can remotely configure graphics systems, save/restore configurations, continuously monitor graphics systems and perform remote troubleshooting if necessary. These capabilities along with deployment tools help maximize uptime and minimize IT support requirements.
NVIDIA develops and maintains Quadro Optimal Drivers for Enterprise (ODE) that are tuned, tested, and validated to provide enterprise level stability, reliability, availability, and support with extended product availability. Each driver release involves more than 2,000 man days of testing with professional applications test suites and test cases, as well as WHQL certification. Security threats are continually monitored, and regular security updates are released to protect against newly discovered vulnerabilities. In addition, Quadro drivers undergo an additional layer of testing by Surface engineering prior to release via Windows Update.
## Built for compute-intensive workloads
Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, enabling advanced professionals to work from anywhere.
- **Creative professionals such as designers and animators.** Quadro RTX enables real-time cinematic-quality rendering through Turing-optimized ray tracing APIs such as NVIDIA OptiX, Microsoft DXR, and Vulkan.
- **Architects and engineers using large, complex computer aided design (CAD) models and assemblies.** The RTX platform features the new NGX SDK to infuse powerful AI-enhanced capabilities into visual applications. This frees up time and resources through intelligent manipulation of images, automation of repetitive tasks, and optimization of compute-intensive processes.
- **Software developers across manufacturing, media & entertainment, medical, and other industries.** Quadro RTX speeds application development with ray tracing, deep learning, and rasterization capabilities through industry-leading software SDKs and APIs.
- **Data scientists using Tensor Cores and CUDA cores to accelerate computationally intensive tasks and other deep learning operations.** By using sensors, increased connectivity, and deep learning, researchers and developers can enable AI applications for everything from autonomous vehicles to scientific research.
**Table 1. Quadro RTX 3000 performance features**
| **Component** | **Description** |
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| RT cores | Dedicated hardware-based ray-tracing technology allows the GPU to render film quality, photorealistic objects and environments with physically accurate shadows, reflections, and refractions. The real-time ray-tracing engine works with NVIDIA OptiX, Microsoft DXR, and Vulkan APIs to deliver a level of realism far beyond what is possible using traditional rendering techniques. RT cores accelerate the Bounding Volume Hierarchy (BVH) traversal and ray casting functions using low number of rays casted through a pixel. |
| Enhanced tensor cores | Mixed-precision cores purpose-built for deep learning matrix arithmetic, deliver 8x TFLOPS for training compared with previous generation. Quadro RTX 3000 utilizes 240 Tensor Cores; each Tensor Core performs 64 floating point fused multiply-add (FMA) operations per clock, and each streaming multiprocessor (SM) performs a total of 1,024 individual floating-point operations per clock. In addition to supporting FP16/FP32 matrix operations, new Tensor Cores added INT8 (2,048 integer operations per clock) and experimental INT4 and INT1 (binary) precision modes for matrix operations. |
| Turing optimized software | Deep learning frameworks such as the Microsoft Cognitive Toolkit (CNTK), Caffe2, MXNet, TensorFlow, and others deliver significantly faster training times and higher multi-node training performance. GPU accelerated libraries such as cuDNN, cuBLAS, and TensorRT deliver higher performance for both deep learning inference and High-Performance Computing (HPC) applications. |
| NVIDIA CUDA parallel computing platform | Natively execute standard programming languages like C/C++ and Fortran, and APIs such as OpenCL, OpenACC and Direct Compute to accelerate techniques such as ray tracing, video and image processing, and computation fluid dynamics. |
| Advanced streaming multiprocessor (SM) architecture | Combined shared memory and L1 cache improve performance significantly, while simplifying programming and reducing the tuning required to attain best application performance. |
| High performance GDDR6 Memory | Quadro RTX 3000 features 6GB of frame buffer making it the ideal platform for handling large datasets and latency-sensitive applications. |
| Single instruction, multiple thread (SIMT) | New independent thread scheduling capability enables finer-grain synchronization and cooperation between parallel threads by sharing resources among small jobs. |
| Mixed-precision computing | 16-bit floating-point precision computing enables the training and deployment of larger neural networks. With independent parallel integer and floating-point data paths, the Turing SM handles workloads more efficiently using a mix of computation and addressing calculations. |
| Dynamic load balancing | Provides dynamic allocation capabilities of GPU resources for graphics and compute tasks as needed to maximize resource utilization. |
| Compute preemption | Preemption at the instruction-level provides finer grain control over compute tasks to prevent long-running applications from either monopolizing system resources or timing out. |
| H.264, H.265 and HEVC encode/decode engines | Enables faster than real-time performance for transcoding, video editing, and other encoding applications with two dedicated H.264 and HEVC encode engines and a dedicated decode engine that are independent of 3D/compute pipeline. |
| NVIDIA GPU boost 4.0 | Maximizes application performance automatically without exceeding the power and thermal envelope of the GPU. Allows applications to stay within the boost clock state longer under higher temperature threshold before dropping to a secondary temperature setting base clock. |
**Table 2. Quadro RTX tech specs**
| **Component** | **Description** |
| ---------------------------------------------------------- | --------------- |
| NVIDIA CUDA processing cores | 1,920 |
| NVIDIA RT Cores | 30 |
| Tensor Cores | 240 |
| GPU memory | 6 GB |
| Memory bandwidth | 288 Gbps |
| Memory type | GDDR6 |
| Memory interface | 192-bit |
| TGP max power consumption | 65W |
| Display port | 1.4 |
| OpenGL | 4.6 |
| Shader model | 5.1 |
| DirectX | 12.1 |
| PCIe generation | 3 |
| Single precision floating point performance (TFLOPS, Peak) | 5.4 |
| Tensor performance (TOPS, Peak) | 42.9 |
| NVIDIA FXAA/TX AA antialiasing | Yes |
| GPU direct for video | Yes |
| Vulkan support | Yes |
| NVIDIA 3D vision Pro | Yes |
| NVIDIA Optimus | Yes |
## App acceleration
The following table shows how Quadro RTX 3000 provides significantly faster acceleration across leading professional applications. It includes SPECview perf 13 benchmark test results comparing Surface Book 3 15-inch with NVIDIA Quadro RTX 3000 versus Surface Book 2 15-inch with NVIDIA GeForce GTX 1060 devices in market March 2020.
**Table 3. App acceleration on Surface Book 3 with Quadro RTX 3000**
| **App** | **Quadro RTX 3000 app acceleration capabilities**<br> |
| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Adobe Dimension | - RTX-accelerated ray tracing delivers photorealistic 3D rendering to 2D artists and designers. |
| Adobe Substance Alchemist | - Create and blend materials with ease, featuring RTX-accelerated AI. |
| Adobe Substance Painter | - Paint materials onto 3d models, featuring RTX accelerated bakers, and Iray RTX rendering which generates photorealistic imagery for interactive and batch rendering workflows. <br> |
| Adobe Substance Designer | - Author procedural materials featuring RTX accelerated bakers<br>- Uses NVIDIA Iray rendering including textures/substances and bitmap texture export to render in any Iray powered compatible with MDL.<br>- DXR-accelerated light and ambient occlusion baking. |
| Adobe Photoshop | - CUDA core acceleration enables faster editing with 30+ GPU-accelerated features such as blur gallery, liquify, smart sharpen, & perspective warp enable photographers and designers to modify images smoothly and quickly. |
| Adobe Lightroom | - Faster editing high res images with GPU-accelerated viewport, which enables the modeling of larger 3D scenes, and the rigging of more complex animations.<br>- GPU-accelerated image processing enables dramatically more responsive adjustments, especially on 4K or higher resolution displays.<br>- GPU-accelerated AI-powered “Enhance Details” for refining fine color detail of RAW images. |
| Adobe Illustrator | - Pan and zoom with GPU-accelerated canvas faster, which enables graphic designers and illustrators to pan across and zoom in and out of complex vector graphics smoothly and interactively. |
| Adobe<br>Premiere Pro | - Significantly faster editing and rendering video with GPU-accelerated effects vs CPU:<br>- GPU-accelerated effects with NVIDIA CUDA technology for real-time video editing and faster final frame rendering.<br>- GPU-accelerated AI Auto Reframe feature for intelligently converting landscape video to dynamically tracked portrait or square video. |
| Autodesk<br>Revit | - GPU-accelerated viewport for a smoother, more interactive design experience.<br>- Supports 3rd party GPU-accelerated 3D renderers such as V-Ray and Enscape. |
| Autodesk<br>3ds Max | - GPU-accelerated viewport graphics for fast, interactive 3D modelling and design.<br>- RTX-accelerated ray tracing and AI denoising ****with the default Arnold renderer.<br>- More than 70 percent faster compared with Surface Book 2 15”. |
| Autodesk<br>Maya | - RTX-accelerated ray tracing and AI denoising with the default Arnold renderer.<br>- OpenGL Viewport Acceleration. |
| Dassault Systemes<br>Solidworks | - Solidworks Interactive Ray Tracer (Visualize) accelerated by both RT Cores and Tensor Cores; AI-accelerated denoiser.<br>- Runs more than 50% faster compared with Surface Book 2 15” |
| Dassault Systemes<br>3D Experience Platform | - CATIA Interactive Ray Tracer (Live Rendering) accelerated by RT Cores.<br>- Catia runs more than 100% faster compared with Surface Book 2 15. |
| ImageVis3D | - Runs more than 2x faster compared with Surface Book 2 15”.. |
| McNeel & Associates<br>Rhino 3D | - GPU-accelerated viewport for a smooth and interactive modelling and design experience.<br>- Supports Cycles for GPU-accelerated 3D rendering. |
| Siemens NX | - Siemens NX Interactive Ray Tracer (Ray Traced Studio) accelerated by RT Cores.<br>- Runs more than 10 x faster compared with Surface Book 2 15”.. |
| Esri ArcGIS | - Real-time results from what took days & weeks, due to DL inferencing leveraging tensor cores. |
| PTC Creo | - Creo's real-time engineering simulation tool (Creo Simulation Live) built on CUDA.<br>- Runs more than 15% faster compared with Surface Book 2 15”. |
| Luxion KeyShot | - 3rd party Interactive Ray Tracer used by Solidworks, Creo, and Rhino. Accelerated by RT Cores, OptiX™ AI-accelerated denoising. |
| ANSYS<br>Discovery Live | - ANSYS real-time engineering simulation tool (ANSYS Discovery Live) built on CUDA |
## SKUs
**Table 4. Surface Book 3 with Quadro RTX 3000 SKUs**
| **Display** | **Processor** | **GPU** | **RAM** | **Storage** |
| ----------- | --------------------------------- | ------------------------------------------------------------------------------------------------ | ---------- | ----------- |
| 15-inch | Quad-core 10th Gen Core i7-1065G7 | Intel Iris™ Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB |
| 15-inch | Quad-core 10th Gen Core i7-1065G7 | Intel Iris™ Plus Graphics<br>NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB |
## Summary
Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance on any Surface laptop, providing architects, engineers, developers, and data scientists with the tools they need to work efficiently from anywhere:
- RTX-acceleration across multiple workflows like design, animation, video production, and more.
- Desktop-grade performance in a mobile form factor.
- Enterprise-class features, reliability, and support for mission-critical projects.
## Learn more
- [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md)
- [Surface for Business](https://www.microsoft.com/surface/business)
- [Microsoft Cognitive Toolkit (CNTK)](https://docs.microsoft.com/cognitive-toolkit/)

22
devices/surface/surface-diagnostic-toolkit-business.md
View File

@ -6,12 +6,12 @@ ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.date: 10/31/2019
ms.date: 05/11/2020
ms.reviewer: hachidan
manager: laurawi
ms.audience: itpro
audience: itpro
---
# Deploy Surface Diagnostic Toolkit for Business
@ -41,6 +41,9 @@ Command line | Directly troubleshoot Surface devices remotely without user inter
SDT for Business is supported on Surface 3 and later devices, including:
- Surface Book 3
- Surface Go 2
- Surface Pro X
- Surface Pro 7
- Surface Laptop 3
- Surface Pro 6
@ -116,6 +119,7 @@ In addition to the .exe file, SDT installs a JSON file and an admin.dll file (mo
*Figure 2. Files installed by SDT*
<span id="create-custom-sdt" />
## Preparing the SDT package for distribution
Creating a custom package allows you to target the tool to specific known issues.
@ -170,6 +174,18 @@ You can select to run a wide range of logs across applications, drivers, hardwar
- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
## Changes and updates
### Version 2.94.139.0
*Release date: May 11, 2020*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:
- Ability to skip Windows Update to perform hardware check.
- Ability to receive notifications for about the latest version update
- Surface Go 2
- Surface Book 3
- Show progress indicator
### Version 2.43.139.0
*Release date: October 21, 2019*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:

124
devices/surface/surface-dock-whats-new.md Normal file
View File

@ -0,0 +1,124 @@
---
title: Whats new in Surface Dock 2
description: This article highlights new features and functionality for the next generation Surface Dock.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/06/2020
ms.reviewer: brrecord
manager: laurawi
audience: itpro
---
# Whats new in Surface Dock 2
Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. An extended set of management tools will be released via Windows update upon commercial distribution.
## General system requirements
- Windows 10 version 1809. There is no support for Windows 7, Windows 8, or non-Surface host devices. Surface Dock 2 works with the following Surface devices:
- Surface Pro (5th Gen)
- Surface Pro (5th Gen) with LTE Advanced
- Surface Laptop (1st Gen)
- Surface Pro 6
- Surface Book 2
- Surface Laptop 2
- Surface Go
- Surface Go with LTE Advanced
- Surface Studio 2
- Surface Pro 7
- Surface Laptop 3
- Surface Book 3
- Surface Go 2
- Surface Go 2 with LTE Advanced
## Surface Dock 2 Components
![Surface Dock 2 Components](./images/surface-dock2.png)
### USB
- Two front facing USB-C ports.
- Two rear facing USB-C (gen 2) ports.
- Two rear facing USB-A ports.
### Video
- Dual 4K@60hz. Supports up to two displays on the following devices:
- Surface Book 3
- Surface Go 2
- Surface Go 2 with LTE Advanced
- Surface Pro 7
- Surface Pro X
- Surface Laptop 3
- Dual 4K@ 4K@30Hz. Supports up to two displays on the following devices:
- Surface Pro 6
- Surface Pro (5th Gen)
- Surface Pro (5th Gen) with LTE Advanced
- Surface Laptop 2
- Surface Laptop (1st Gen)
- Surface Go
- Surface Book 2.
### Ethernet
- 1 gigabit Ethernet port.
### External Power supply
- 199 watts supporting 100V-240V.
## Comparing Surface Dock 2
### Table 1. Surface Dock 2 tech specs comparison
|Component|Surface Dock|Surface Dock 2|
|---|---|---|
|Surflink|Yes|Yes|
|USB-A|2 front facing USB 3.1 Gen 1<br>2 rear facing USB 3.1 Gen 1|2 rear facing USB 3.2 Gen 2 (7.5W power)|
|Mini Display port|2 rear facing (DP1.2)|None|
|USB-C|None|2 front facing USB 3.2 Gen 2<br>[15W power]<br>2 rear facing USB 3.2 Gen 2 (DP1.4a)<br>[7.5W power]|
|3.5 mm Audio in/out|Yes|Yes|
|Ethernet|Yes, 1 gigabit|Yes 1 gigabit|
|DC power in|Yes|Yes|
|Kensington lock|Yes|Yes|
|Surflink cable length|65cm|80cm|
|Surflink host power|60W|120W|
|USB load power|30W|60W|
|USB bit rate|5 Gbps|10 Gbps|
|Monitor support|2 x 4k @30fps, or<br>1 x 4k @ 60fps|2 x 4K @ 60fps|
|Wake-on-LAN from Connected Standby<sup>1</sup>|Yes|Yes|
|Wake-on-LAN from S4/S5 sleep modes|No|Yes|
|Network PXE boot|Yes|Yes|
|SEMM host access control|No|Coming in Windows Update<sup>2</sup>|
|SEMM port access control<sup>3</sup>|No|Coming in Windows Update|
|Servicing support|MSI|Windows Update or MSI|
||||
1. *Devices must be configured for Wake on LAN via Surface Enterprise Management Mode (SEMM) or Device Firmware Control Interface (DFCI) to wake from Hibernation or Power-Off states. Wake from Hibernation or Power-Off is supported on Surface Pro 7, Surface Laptop 3, Surface Pro X, Surface Book 3, and Surface Go 2. Software license required for some features. Sold separately.*
2. *Pending release via Windows Update.*
3. *Software license required for some features. Sold separately.*
## Streamlined device management
Following the public announcement of Surface Dock 2, Surface will release streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features:
- **Frictionless updates**. Update your docks silently and automatically, with Windows Update or Microsoft Endpoint Configuration Manager, (formerly System Center Configuration Manager - SCCM) or other MSI deployment tools.
- **Wake from the network**. Manage and access corporate devices without depending on users to keep their devices powered on. Even when a docked device is in sleep, hibernation, or power off mode, your team can wake from the network for service and management, using Endpoint Configuration Manager or other enterprise management tools.
- **Centralized IT control**. Control who can connect to Surface Dock 2 by turning ports on and off. Restrict which host devices can be used with Surface Dock 2. Limit dock access to a single user or configure docks so they can only be accessed by specific users in your team or across the entire company.
## Next steps
- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
- [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)

12
devices/surface/surface-enterprise-management-mode.md
View File

@ -7,12 +7,13 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.reviewer: scottmca
manager: laurawi
ms.localizationpriority: medium
ms.audience: itpro
audience: itpro
ms.date: 05/11/2020
---
# Microsoft Surface Enterprise Management Mode
@ -95,7 +96,7 @@ The following list shows all the available devices you can manage in SEMM:
|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the Boot page is displayed. |
| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
@ -227,6 +228,11 @@ create a reset package using PowerShell to reset SEMM.
## Version History
The latest version of SEMM released May 11, 2020 includes:
- Support for Surface Go 2
- Support for Surface Book 3
- Bug fixes
### Version 2.59.
* Support to Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported.
- Support to Wake on Power feature

4
devices/surface/surface-pro-arm-app-management.md
View File

@ -139,10 +139,10 @@ The following tables show the availability of selected key features on Surface P
| Endpoint Configuration Manager | Yes | Yes | |
| Power on When AC Restore | Yes | Yes | |
| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | |
| Surface Dock Firmware Update | Yes | Yes | |
| Surface Dock Firmware Update | Yes | No | |
| Asset Tag Utility | Yes | Yes | |
| Surface Enterprise management Mode (SEMM) | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. |
| Surface UEFI Configurator | Yes | | No option to disable hardware. on Surface Pro X at the firmware level. |
| Surface UEFI Configurator | Yes | No | No option to disable hardware. on Surface Pro X at the firmware level. |
| Surface UEFI Manager | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. |

214
devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
View File

@ -13,6 +13,7 @@ ms.localizationpriority: medium
ms.audience: itpro
ms.reviewer:
manager: laurawi
ms.date: 04/24/2020
---
# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit
@ -37,216 +38,7 @@ manager: laurawi
- Surface Pro
- Windows 10
In addition to the traditional deployment method of reimaging devices, administrators that want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade. The process described in this article shows how to perform a Windows 10 upgrade deployment to Surface devices.
In addition to the traditional deployment method of reimaging devices, administrators who want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade.
If you are not already familiar with the deployment of Windows or the Microsoft deployment tools and technologies, you should read [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) and familiarize yourself with the traditional deployment method before you proceed.
For the latest information about upgrading surface devices using MDT, refer to [Perform an in-place upgrade to Windows 10 with MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit).
#### The upgrade concept
When you use the factory installation media to install Windows on a device, you are presented with two options or *installation paths* to install Windows on that device. The first of these installation paths *clean installation* allows you to apply a factory image of Windows to that device, including all default settings. The second of these installation paths *upgrade* allows you to apply Windows to the device but retains the devices users, apps, and settings.
When you perform a Windows deployment using traditional deployment methods, you follow an installation path that is very similar to a clean installation. The primary difference between the clean installation and the traditional deployment method of *reimaging* is that with reimaging, you can apply an image that includes customizations. Microsoft deployment technologies, such as the Microsoft Deployment Toolkit (MDT), expand the capabilities of the reimaging process by modifying the image during deployment. For example, MDT is able to inject drivers for a specific hardware configuration during deployment, and with pre and post imaging scripts to perform a number of tasks, such as the installation of applications.
For versions of Windows prior to Windows 10, if you wanted to install a new version of Windows on your devices and preserve the configuration of those systems, you had to perform additional steps during your deployment. For example, if you wanted to keep the data of users on the device, you had to back up user data with the User State Migration Tool (USMT) prior to the deployment and restore that data after the deployment had completed.
Introduced with Windows 10 and MDT 2013 Update 1, you can use the upgrade installation path directly with Microsoft deployment technologies such as the Microsoft Deployment Toolkit (MDT). With an upgrade deployment you can use the same deployment technologies and process, but you can preserve users settings, and applications of the existing environment on the device.
> [!NOTE]
> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
## Deployment tools and resources
Performing an upgrade deployment of Windows 10 requires the same tools and resources that are required for a traditional reimaging deployment. You can read about the tools required, including detailed explanations and installation instructions, in [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md). To proceed with the upgrade deployment described in this article, you will need the following tools installed and configured:
* [Microsoft Deployment Toolkit (MDT)](https://technet.microsoft.com/windows/dn475741)
* [Windows Assessment and Deployment Kit (Windows ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit#windowsadk), which includes:
* Deployment Image Servicing and Management (DISM)
* Windows Preinstallation Environment (Windows PE)
* Windows System Image Manager (Windows SIM)
You will also need to have available the following resources:
* Windows 10 installation files, such as the installation media downloaded from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx)
>[!NOTE]
>Installation media for use with MDT must contain a Windows image in Windows Imaging Format (.wim). Installation media produced by the [Get Windows 10](https://www.microsoft.com/software-download/windows10/) page does not use a .wim file, instead using an Electronic Software Download (.esd) file, which is not compatible with MDT.
* [Surface firmware and drivers](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) for Windows 10
* Application installation files for any applications you want to install, such as the Surface app
## Prepare the upgrade deployment
Before you begin the process described in this section, you need to have installed and configured the deployment tools outlined in the previous [Deployment tools and resources](#deployment-tools-and-resources) section. For instructions on how to install and configure the deployment tools, see the **Install the deployment tools** section in the [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md#install-the-deployment-tools) article. You will also have needed to create a deployment share with MDT, described in the section Create a Deployment Share in the aforementioned article.
### Import Windows 10 installation files
Windows 10 installation files only need to be imported if you have not already done so in the deployment share. To import Windows 10 installation files, follow the steps described in the **Import Windows installation files** section in the [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md#import-windows-installation-files) article.
### Import Surface drivers
In the import process example shown in the [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) article, drivers for Surface Pro 4 were imported for Windows 10. To perform an upgrade deployment of Windows 10 to Surface Pro 3, drivers for Surface Pro 3 must also be imported. To import the Surface drivers for Surface Pro 3, follow these steps:
1. Download the Surface Pro 3 firmware and driver pack for Windows 10 archive file (.zip), SurfacePro3_Win10_xxxxxx.zip, from the [Surface Pro 3 download page](https://www.microsoft.com/download/details.aspx?id=38826) in the Microsoft Download Center.
2. Extract the contents of the Surface Pro 3 firmware and driver pack archive file to a temporary folder. Keep the driver files separate from other drivers or files.
3. Open the Deployment Workbench and expand the Deployment Shares node and your deployment share.
4. If you have not already created a folder structure by operating system version, you should do so next. Under the **Windows 10 x64** folder, create a new folder for Surface Pro 3 drivers named **Surface Pro 3**. Your Out-of-Box Drivers folder should resemble the following structure:
* WinPE x86
* WinPE x64
* Windows 10 x64
* Microsoft Corporation
* Surface Pro 4
* Surface Pro 3
5. Right-click the **Surface Pro 3** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
![Import Surface Pro 3 drivers for Windows 10](images/surface-upgrademdt-fig1.png "Import Surface Pro 3 drivers for Windows 10")
*Figure 1. Import Surface Pro 3 drivers for Windows 10*
6. The Import Driver Wizard displays a series of steps, as follows:
- **Specify Directory** Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
- **Summary** Review the specified configuration on this page before you click **Next** to begin the import process.
- **Progress** While the drivers are imported, a progress bar is displayed on this page.
- **Confirmation** When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
7. Select the **Surface Pro 3** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 2.
![Drivers for Surface Pro 3 imported and organized in the MDT deployment share](images/surface-upgrademdt-fig2.png "Drivers for Surface Pro 3 imported and organized in the MDT deployment share")
*Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
### Import applications
Installation of applications in an upgrade deployment is not always necessary because the applications from the previous environment will remain on the device. (For example, in the [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) article, the deployment includes Office 365 which is not required in an upgrade deployment where the user is already using Office 365 on the device.)
There are still some circumstances where you will want to deploy an application, even during an upgrade deployment. For example, you may have Surface Pro 3 devices on which you would like to add the Surface app. To deploy the Surface app in an upgrade scenario use the same process as you would for a traditional deployment. See the [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business) article for instructions on how to add the Surface app to an MDT task sequence.
### Create the upgrade task sequence
After you have all of the resources in place to perform the deployment (including the installation files, Surface drivers, and application files), the next step is to create the upgrade task sequence. This task sequence is a series of steps that will be performed on the device being upgraded that applies the new Windows environment, compatible drivers, and any applications you have specified.
Create the upgrade task sequence with the following process:
1. In the Deployment Workbench under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
- **General Settings** Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
>[!NOTE]
>The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
- **Select Template** Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
- **Select OS** Navigate to and select the Windows image that you imported, and then click **Next**.
- **Specify Product Key** Select the product key entry that fits your organizations licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
- **OS Settings** Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
- **Admin Password** Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
- **Summary** Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
- **Progress** While the task sequence is being created, a progress bar is displayed on this page.
- **Confirmation** When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
After the task sequence is created, you can modify some additional settings to provide additional automation of the task sequence and require less interaction during deployment. Follow these steps to modify the task sequence:
1. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
2. Select the **Task Sequence** tab to view the steps that are included in the new task sequence.
3. Select the **Windows Update (Pre-Application Installation)** step, located under the **State Restore** folder.
4. Click the **Options** tab, and then clear the **Disable This Step** check box.
5. Repeat Step 3 and Step 4 for the **Windows Update (Post-Application Installation)** step.
6. Between the two Windows Update steps is an **Install Applications** step. Select that step and then click **Add**.
7. Hover the mouse over **General** under the **Add** menu, and then choose **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
![A new Install Application step in the deployment task sequence](images/surface-upgrademdt-fig3.png "A new Install Application step in the deployment task sequence")
*Figure 3. A new Install Application step in the deployment task sequence*
8. On the **Properties** tab of the new **Install Application** step, enter **Install Surface App** in the **Name** field.
9. Select **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
10. Select **Surface App** from the list of applications, and then click **OK**.
11. Expand the **Preinstall** folder and select the **Enable BitLocker (Offline)** step.
12. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
13. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 4) configure the following options:
- **Name** Set DriverGroup001
- **Task Sequence Variable** DriverGroup001
- **Value** Windows 10 x64\%Make%\%Model%
![Configure a new Set Task Sequence Variable step in the deployment task sequence](images/surface-upgrademdt-fig4.png "Configure a new Set Task Sequence Variable step in the deployment task sequence")
*Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
14. Select the **Inject Drivers** step, the next step in the task sequence.
15. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 5) configure the following options:
* In the **Choose a selection profile** drop-down menu, select **Nothing**.
* Click the **Install all drivers from the selection profile** button.
![Configure the deployment task sequence to not install drivers](images/surface-upgrademdt-fig5.png "Configure the deployment task sequence to not install drivers")
*Figure 5. Configure the deployment task sequence to not install drivers*
16. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
Steps 11 through 15 are very important to the deployment of Surface devices. These steps instruct the task sequence to install only drivers that are organized into the correct folder using the organization for drivers from the [Import Surface drivers](#import-surface-drivers) section.
### Deployment share rules
To automate the upgrade process, the rules of the MDT deployment share need to be modified to suppress prompts for information from the user. Unlike a traditional deployment, Bootstrap.ini does not need to be modified because the deployment process is not started from boot media. Similarly, boot media does not need to be imported into WDS because it will not be booted over the network with PXE.
To modify the deployment share rules and suppress the Windows Deployment Wizard prompts for information, copy and paste the following text into the text box on the **Rules** tab of your deployment share properties:
```
[Settings]
Priority=Model,Default
Properties=MyCustomProperty
[Surface Pro 4]
SkipTaskSequence=YES
TaskSequenceID=Win10SP4
[Surface Pro 3]
SkipTaskSequence=YES
TaskSequenceID=Win10SP3Up
[Default]
OSInstall=Y
SkipCapture=YES
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipBDDWelcome=YES
SkipUserData=YES
UserDataLocation=AUTO
SkipApplications=YES
SkipPackageDisplay=YES
SkipComputerName=YES
SkipDomainMembership=YES
JoinDomain=contoso.com
DomainAdmin=MDT
DomainAdminDomain=contoso
DomainAdminPassword=P@ssw0rd
SkipLocaleSelection=YES
KeyboardLocale=en-US
UserLocale=en-US
UILanguage=en-US
SkipTimeZone=YES
TimeZoneName=Pacific Standard Time
UserID=MDTUser
UserDomain=STNDeployServer
UserPassword=P@ssw0rd
SkipSummary=YES
SkipFinalSummary=YES
FinishAction=LOGOFF
```
For more information about the rules configured by this text, see the **Configure deployment share rules** section in the [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md#configure-deployment-share-rules) article.
### Update deployment share
To update the deployment share, right-click the deployment share in the Deployment Workbench and click **Update Deployment Share**, then proceed through the Update Deployment Share Wizard. See the **Update and import updated MDT boot media** section of the [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md#update-and-import-updated-mdt-boot-media) article for detailed steps.
### Run the upgrade deployment
Unlike a traditional deployment, the upgrade task sequence must be launched from within the Windows environment that will be upgraded. This requires that a user on the device to be upgraded navigate to the deployment share over the network and launch a script, LiteTouch.vbs. This script is the same script that displays the Windows Deployment Wizard in Windows PE in a traditional deployment. In this scenario, Litetouch.vbs will run within Windows. To perform the upgrade task sequence and deploy the upgrade to Windows 10 follow these steps:
1. Browse to the network location of your deployment share in File Explorer.
2. Navigate to the **Scripts** folder, locate **LiteTouch.vbs**, and then double-click **LiteTouch.vbs** to start the Windows Deployment Wizard.
3. Enter your credentials when prompted.
4. The upgrade task sequence for Surface Pro 3 devices will automatically start when the model of the device is detected and determined to match the deployment share rules.
5. The upgrade process will occur automatically and without user interaction.
The task sequence will automatically install the drivers for Surface Pro 3 and the Surface app, and will perform any outstanding Windows Updates. When it completes, it will log out and be ready for the user to log on with the credentials they have always used for this device.

51
devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
View File

@ -382,56 +382,11 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go.
The best way to view the most current Setting names and IDs for devices is to use the ConfigureSEMM.ps1 script or the ConfigureSEMM - <device name>.ps1 from the SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703).
*Table 1. Surface UEFI settings for Surface Pro 4*
Setting names and IDs for all devices can be seen in the ConfigureSEMM.ps1 script.
| Setting ID | Setting Name | Description | Default Setting |
| --- | --- | --- | --- |
|501| Password | UEFI System Password | |
|200| Secure Boot Keys | Secure Boot signing keys to enable for EFI applications | MsPlus3rdParty |
|300| Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled |
|301| Docking USB Port | Docking USB Port enabled or disabled | Enabled |
|302| Front Camera | Front Camera enabled or disabled | Enabled |
|303| Bluetooth | Bluetooth radio enabled or disabled | Enabled |
|304| Rear Camera | Rear Camera enabled or disabled | Enabled |
|305| IR Camera | InfraRed Camera enabled or disabled | Enabled |
|308| Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled |
|310| Type Cover | Surface Type Cover connector | Enabled |
|320| On-board Audio | On-board audio enabled or disabled | Enabled |
|330| Micro SD Card | Micro SD Card enabled or disabled | Enabled |
|370| USB Port 1 | Side USB Port (1) | UsbPortEnabled |
|400| IPv6 for PXE Boot | Enable IPv6 PXE boot before IPv4 PXE boot |Disabled |
|401| Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled |
|402| Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled |
|403| USB Boot | Enable booting from USB devices | Enabled |
|500| TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled |
|600| Security | UEFI Security Page Display enabled or disabled | Enabled |
|601| Devices | UEFI Devices Page Display enabled or disabled | Enabled |
|602| Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled |
*Table 2. Surface UEFI settings for Surface Book*
| Setting ID | Setting Name | Description | Default Setting |
| --- | --- | --- | --- |
| 501 | Password | UEFI System Password | |
| 200 | Secure Boot Keys | Secure Boot signing keys to enable for EFI applications | MsPlus3rdParty |
| 300 | Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled |
| 301 | Docking USB Port | Docking USB Port enabled or disabled | Enabled |
| 302 | Front Camera | Front Camera enabled or disabled | Enabled |
| 303 | Bluetooth | Bluetooth radio enabled or disabled | Enabled |
| 304 | Rear Camera | Rear Camera enabled or disabled | Enabled |
| 305 | IR Camera | InfraRed Camera enabled or disabled | Enabled |
| 308 | Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled |
| 320 | On-board Audio | On-board audio enabled or disabled | Enabled |
| 400 | IPv6 for PXE Boot Enable | IPv6 PXE boot before IPv4 PXE boot | Disabled |
| 401 | Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled |
| 402 | Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled |
| 403 | USB Boot | Enable booting from USB devices | Enabled |
| 500 | TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled |
| 600 | Security | UEFI Security Page Display enabled or disabled | Enabled |
| 601 | Devices | UEFI Devices Page Display enabled or disabled | Enabled |
| 602 | Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled |
Setting names and IDs for specific devices can be seen in the ConfigureSEMM - <device name>.ps1 scripts. For example, setting names and IDs for Surface Pro X can be found in the ConfigureSEMM ProX.ps1 script.
## Deploy SEMM Configuration Manager scripts

9
devices/surface/windows-autopilot-and-surface-devices.md
View File

@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.audience: itpro
@ -37,7 +37,7 @@ These Windows versions support a 4,000-byte (4k) hash value that uniquely identi
## Exchange experience on Surface devices in need of repair or replacement
Microsoft automatically checks every Surface for Autopilot enrollment and will deregister the device from the customers tenant. Microsoft ensures the replacement device is enrolled into Windows Autopilot once a replacement is shipped back to the customer. This service is available on all device exchange service orders directly with Microsoft.
Microsoft automatically checks every Surface for Autopilot enrollment and will deregister the device from the customer's tenant. Microsoft ensures the replacement device is enrolled into Windows Autopilot once a replacement is shipped back to the customer. This service is available on all device exchange service orders directly with Microsoft.
> [!NOTE]
> When customers use a Partner to return devices, the Partner is responsible for managing the exchange process including deregistering and enrolling devices into Windows Autopilot.
@ -52,10 +52,11 @@ Surface partners that are enabled for Windows Autopilot include:
|--------------|---------------|-------------------|
| * [CDW](https://www.cdw.com/) | * [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) | * [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/) |
| * [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) | * [ATEA](https://www.atea.com/) | * [Techdata](https://www.techdata.com/) |
| * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) | |
| * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) | * [Ingram](https://go.microsoft.com/fwlink/p/?LinkID=2128954) |
| * [SHI](https://www.shi.com/Surface) | * [Cancom](https://www.cancom.de/) | |
| * [LDI Connect](https://www.myldi.com/managed-it/) | * [Computacenter](https://www.computacenter.com/uk) | |
| * [F1](https://www.functiononeit.com/#empower) | |
| * [F1](https://www.functiononeit.com/#empower) | | |
| * [Protected Trust](https://go.microsoft.com/fwlink/p/?LinkID=2129005) | | |
## Learn more

158
devices/surface/windows-virtual-desktop-surface.md Normal file
View File

@ -0,0 +1,158 @@
---
title: Windows Virtual Desktop on Surface
description: This article explains how Surface devices deliver an ideal end node for Windows Virtual Desktop solutions, providing customers with flexible form factors, Windows 10 modern device security and manageability, and support for persistent, on-demand & just-in-time work scenarios.
ms.prod: w10
ms.mktglfcycl: manage
ms.localizationpriority: medium
ms.sitesec: library
author: coveminer
ms.author: greglin
ms.topic: article
ms.date: 5/20/2020
ms.reviewer: rohenr
manager: laurawi
audience: itpro
---
# Windows Virtual Desktop on Surface
## Introduction
Windows Virtual Desktop on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device blurring the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments. Representing another milestone in the evolution of computing, Windows Virtual Desktop on Surface <a href="#1"><sup>1</sup></a> combines Microsoft 365 - virtualized in the Azure cloud - with the advanced security protections, enterprise-level manageability, and enhanced productivity tools of Windows 10 on Surface. This fusion of premium form factor and Virtual Desktop Infrastructure in Azure provides exceptional customer value across user experiences, portability, security, business continuity, and modern management.
### Windows Virtual Desktop
Windows Virtual Desktop (WVD) is a comprehensive desktop and app virtualization service running in the Azure cloud. Its the only virtual desktop infrastructure that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. With WVD you can quickly deploy and scale Windows desktops and apps on Azure and get built-in security and compliance features.
### Windows Virtual Desktop partner integrations
For a list of approved partner providers and independent software vendors for Windows Virtual Desktop, see [Windows Virtual Desktop partner integrations](https://docs.microsoft.com/azure/virtual-desktop/partners). Some partners also provide Virtual Desktop as a Service (DaaS). DaaS frees you from having to maintain your own virtual machines (VMs) by providing a fully managed, turnkey desktop and virtualization service. The ability to deliver customized desktops to users anywhere in the world enables companies to quickly adjust to changing market conditions by spinning up cloud desktops on-demand - when and where theyre needed.
## Microsoft Surface Devices
Surface engineering has long set new standards for innovation by going beyond the keyboard and mouse to imagine more natural ways of interacting with devices, whether by touch, voice, ink, or Surface Dial. And with chip-to-cloud integration of Microsoft 365 and the security and manageability of Windows 10 Pro, Surface delivers connected hardware, software, apps, and services the way they were intended. Although its possible to run WVD from Windows devices dating back to Windows 7, Microsoft Surface devices provide unique advantages including support for:
- **Flexible form factors** - like 2-in-1 devices such as Surface Go 2, Surface Pro 7 and Surface Pro X with pen, touch and detachable keyboard.
- **Persistent, on-demand and just-in-time work scenarios** - with offline and on-device access for more productive experiences.
- **Windows 10 modern device security and manageability** - providing the flexibility to be productive anywhere.
## Flexible form factors and premium user experience
The Microsoft Surface for Business family comprises a diverse portfolio of form factors including traditional laptops, all-in-one machines, and 2-in-1 devices. Surface devices deliver experiences people love with the choice and flexibility they need in order to work on their terms.
### The modern virtual desktop endpoint
Surface 2-in-1 devices, including [Surface Go 2](https://www.microsoft.com/p/surface-go-2) (10.5”), [Surface Pro 7](https://www.microsoft.com/surface/devices/surface-pro-7/) (12”) and [Surface Pro X](https://www.microsoft.com/p/surface-pro-x/) (13”), provide users with the ideal cloud desktop endpoint bringing together the optimal balance of portability, versatility, power, and all-day battery. From site engineers relying on Surface Go 2 in tablet mode to financial advisors attaching Surface Pro 7 to a dock and multiple monitors, 2-in-1 devices deliver the versatility that has come to define the modern workplace.
Unlike traditional, fixed VDI “terminals”, Surface devices allow users to work from anywhere and enable companies to remain viable and operational during unforeseen events -- from severe weather to public health emergencies. With support for persistent, on-demand and just-in-time scenarios, Surface devices effectively help companies sustain ongoing operations and mitigate risk from disruptive events. Features designed to enhance productivity on Surface 2-in-1 devices include:
- Vibrant, high resolution displays with 3:2 aspect ratio to get work done.
- Natural inking and multi-touch for more immersive experiences.
- With a wide variety of built-in and third-party accessibility features, Surface devices let you choose how to interact with your device, express ideas, and get work done.
- Far-field mics and high-performance speakers for improved virtual meetings.
- Biometric security including built-in, Windows Hello camera that comes standard on every Surface device.
- Long battery life <a href="#2"><sup>2</sup></a> and fast charging.
- LTE options <a href="#3"><sup>3</sup></a> on modern devices like Surface Pro X and Surface Go 2 for hassle-free and secure connectivity.
- Support for a wide range of peripherals such as standard printers, 3D printers, cameras, credit card readers, barcode scanners, and many others. A large ecosystem of Designed for Surface partners provides licensed and certified Surface accessories.
- Broad range of Device Redirection support.
### Device Redirection Support
The Surface-centric productivity experiences listed above become even more compelling in Windows Virtual Desktop environments by taking advantage of device redirection capabilities with Windows 10. Surface provides a broad range of device redirection support, especially when compared to OEM thin clients and fixed terminals, Android, iOS/macOS and Web-based access. The Windows Inbox (MSTSC) and Windows Desktop (MSRDC) clients provide the most device redirection capabilities including Input Redirection (keyboard, mouse, pen and touch), Port Redirection (serial and USB) and Other Redirections (cameras, clipboard, local drive/storage, location, microphones, printers, scanners, smart cards and speakers). For a detailed comparison of device redirection support refer to the [device redirection documentation](https://docs.microsoft.com/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare#redirection-support).
### Familiar Desktop Experience
Not only does running the Windows Desktop Client on Surface devices provide users with a broad set of device redirection capabilities, it lets everyone launch apps in familiar ways — directly from the Start Menu or Search bar.
### Persistent, on-demand and just-in-time work scenarios
Windows Virtual Desktop on Surface helps customers meet increasingly complex business and security requirements across industries, employee roles, and work environments. These include:
- Multi-layered security of access to data and organizational resources.
- Compliance with industry regulations.
- Support for an increasingly elastic workforce.
- Employee-specific needs across a variety of job functions.
- Ability to support specialized, processor-intensive workloads.
- Resilience for sustaining operations during disruptions.
### Table 1. Windows Virtual Desktop business conversations
| Security & regulation | Elastic workforce | Work Roles | Special workloads | Business continuity |
| ---------------------------------------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------- |
| - Financial Services<br>- Healthcare<br>- Government | - Merger & acquisition<br>- Short term employees<br>- Contractors & partners | - BYOD & mobile<br>- Customer support/service<br>- Branch workers | - Design & engineering<br>- Support for legacy apps<br>- Software dev & test | - On demand<br>- Just-in-Time (JIT)<br>- Work @ Home |
### Offline and on-device access for more productive experiences
Traditionally, VDI solutions only work when the endpoint is connected to the internet. But what happens when the internet or power is unavailable for any reason (due to mobility, being on a plane, or power outages, and so on)?
To support business continuity and keep employees productive, Surface devices can easily augment the virtual desktop experience with offline access to files, Microsoft 365 and third-party applications. Traditional apps like Microsoft Office, available across .x86, x64, Universal Windows Platform, ARM platforms, enable users to stay productive in “offline mode”. Files from the virtual desktop cloud environment can be synced locally on Surface using OneDrive for Business for offline access as well. You can have the confidence that all locally “cached” information is up-to-date and secure.
In addition to adding support for offline access to apps and files, Surface devices are designed to optimize collaborative experiences like Microsoft Teams “On-Device”. Although some VDI solutions support the use of Teams through a virtual session, users can benefit from the more optimized experience provided by a locally installed instance of Teams. Localizing communications and collaboration apps for multimedia channels like voice, video, live captioning allows organizations to take full advantage of Surface devices ability to provide optimized Microsoft 365 experiences. The emergence of Surface artificial intelligence (AI) or “AI-on-device” brings new capabilities to life, such as eye gaze technology that adjusts the appearance of your eyes so the audience sees you looking directly at the camera when communicating via video.
An alternative to locally installing traditional applications is to take advantage of the latest version of Microsoft Edge, which comes with support for Progressive Web Apps (PWA). PWAs are just websites that are progressively enhanced to function like native apps on supporting platforms. The qualities of a PWA combine the best of the web and native apps by additional features, such as push notifications, background data refresh, offline support, and more.
### Virtual GPUs
GPUs are ideal for AI compute and graphics-intensive workloads, helping customers to fuel innovation through scenarios like high-end remote visualization, deep learning, and predictive analytics. However, this isnt ideal for professionals who need to work remotely or while on the go because varying degrees of internal GPU horsepower are tied to the physical devices, limiting mobility and flexibility.
To solve for this Azure offers the N-series family of Virtual Machines with NVIDIA GPU capabilities (vGPU). With vGPUs, IT can either share GPU performance across multiple virtual machines, or power demanding workloads by assigning multiple GPUs to a single virtual machine. For Surface this means that no matter what device youre using, from the highly portable Surface Go 2 to the slim and stylish Surface Laptop 3, your device has access to powerful server-class graphics performance. Surface and vGPUs allow you to combine all the things you love about Surface, to include pen, touch, keyboard, trackpad and PixelSense displays, with graphics capability only available in high performance computing environments.
Azure N-series brings these capabilities to life on your Surface device allowing you to work in any way you want, wherever you go. [Learn more about Azure N-Series and GPU optimized virtual machine sizes.](https://docs.microsoft.com/azure/virtual-machines/sizes-gpu)
## Microsoft 365 and Surface
Even in a virtualized desktop environment, Microsoft 365 and Surface deliver the experiences employees love, the protection organizations demand, and flexibility for teams to work their way. According to Forrester Research: <a href="#4"><sup>4</sup></a>
- Microsoft 365-powered Surface devices give users up to 5 hours in weekly productivity gains with up to 9 hours saved per week for highly mobile workers, providing organizations with 112 percent ROI on Microsoft 365 with Surface
- 75 percent agree Microsoft 365-powered Surface devices help improve employee satisfaction and retention
- agree that Microsoft 365- powered Surface devices have helped improve employee satisfaction and retention.
### Security and management
From chip to cloud, Microsoft 365 and Surface helps organizations stay protected and up to date.
With both Surface hardware and software designed, built, and tested by Microsoft, users can be confident theyre productive and protected by leading technologies from chip to cloud. With increased numbers of users working remotely, protecting corporate data and intellectual property becomes more paramount than ever. Windows Virtual Desktop on Surface is designed around a zero-trust security model in which every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access.
By maximizing efficiencies from cloud computing, modern management enables IT to better serve the needs of users, stakeholders and customers in an increasingly competitive business environment. For example, you can get Surface devices up-and-running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can manage devices regardless of their physical location.
Security and management features delivered with Windows Virtual Desktop on Surface include:
- **Windows Update.** Keeping Windows up to date helps you stay ahead of new security threats. Windows 10 has been engineered from the ground up to be more secure and utilize the latest hardware capabilities to improve security. With a purpose-built UEFI <a href="#5"><sup>5</sup></a> and Windows Update for Business that responds to evolving threats, end-to-end protection is secure and simplified.
- **Hardware encryption.** Device encryption lets you protect the data on your Surface so it can only be accessed by authorized individuals. All Surface for Business devices feature a discrete Trusted Platform Module (dTPM) that is hardware-protected against intrusion while software uses protected keys and measurements to verify software validity.
- **Windows Defender.** Windows Defender Antivirus brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices. The tool is built in and needs no extra agents to be deployed on-devices or in the VDI environment, simplifying management and optimizing device start up. Windows Defender is built in and needs no extra agents to be deployed on-device or in the VDI environment, simplifying management and optimizing device start up. The true out-of-the-box experience.
- **Removable drives** - A subset of newer Surface devices feature removable SSD drives <a href="#6"><sup>6</sup></a> providing greater control over data retention.
- **Modern authentication -** Microsoft 365 and Surface is a unified platform delivering every Windows security feature (subject to licensing and enablement). All Surface portfolio devices ship with a custom-built camera, designed for Windows Hello for Business providing biometric security that persists seamlessly from on-device to VDI-based experiences.
- **Modern firmware management** -Using Device Firmware Configuration Interface (DFCI),<a href="#7"><sup>7</sup></a> IT administrators can remotely disable hardware elements at a firmware level such as mics, USB ports, SD card slots, cameras, and Bluetooth which removes power to the peripheral. Windows Defender Credential Guard uses virtualization-based security so that only privileged system software can access them.
- **Backward and forward compatibility** - Windows 10 devices provide backward and forward compatibility across hardware, software and services. Microsoft has a strong history of maintaining legacy support of hardware, peripherals, software and services while incorporating the latest technologies. Businesses can plan IT investments to have a long useful life.
- **Bridge for legacy Windows 7 workloads** - For solution scenarios dependent on legacy Windows OS environments, enterprises can use VDI instances of Windows 7 running in Azure. This enables support on modern devices like Surface without the risk of relying on older Windows 7 machines that no longer receive the latest security updates. In addition to these “future proofing” benefits, migration of any legacy workloads becomes greatly simplified when modern Windows 10 hardware is already deployed.
- **Zero-Touch Deployment** - Autopilot is the recommended modern management deployment option for Surface devices. Windows Autopilot on Surface is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot on Surface to remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a hardware hash. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management.
### Surface devices: Minimizing environmental impacts
Surface performs life cycle assessments to calculate the environmental impact of devices across key stages of product life cycle enabling Microsoft to minimize these impacts. Each Surface product has an ECO profile that includes details on greenhouse gas emissions, primary energy consumption and material composition data, packaging, recycling, and related criteria. To download profiles for each Surface device, see [ECO Profiles](https://www.microsoft.com/download/details.aspx?id=55974) on the Microsoft Download Center.
## Summary
Windows Virtual Desktop on Surface provides organizations with greater flexibility and resilience in meeting the diverse needs of users, stakeholders, and customers. Running Windows Virtual Desktop solutions on Surface devices provides unique advantages over continued reliance on legacy devices. Flexible form factors like Surface Go 2 and Surface Pro 7 connected to the cloud (or offline), enable users to be productive from anywhere, at any time. Whether employees work in persistent, on-demand, or just-in-time scenarios, Windows Virtual Desktop on Surface affords businesses with the versatility to sustain productivity throughout disruptions from public health emergencies or other unforeseen events. Using the built in, multi-layered security and modern manageability of Windows 10, companies can take advantage of an expanding ecosystem of cloud-based services to rapidly deploy and scale Windows desktops and apps. Simply put, Windows Virtual Desktop on Surface delivers critically needed technology to organizations and businesses of all sizes.
## Learn more
For more information, see the following resources:
- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/)
- [Surface for Business](https://www.microsoft.com/surface/business)
- [Modernize your workforce with Microsoft Surface](https://boards.microsoft.com/public/prism/103849?token=754435c36d)
- [A guide to Surface Technical Content and Solutions](https://boards.microsoft.com/public/prism/104362/category/90968?token=09e688ec4a)
- [Microsoft zero-trust security](https://www.microsoft.com/security/business/zero-trust)
----------
<a id="1">1.</a> Windows Virtual Desktop on Surface refers to running Azure Virtual Desktop Infrastructure on a Surface device and is described here as an architectural solution, not a separately available product.<br>
<a id="2">2.</a> Battery life varies significantly with settings, usage and other factors.<br>
<a id="3">3.</a> Service availability and performance subject to service providers network. Contact your service provider for details, compatibility, pricing, SIM card, and activation. See all specs and frequencies at surface.com.<br>
<a id="4">4.</a> Forrester Consulting, “A Forrester Total Economic Impact™ Study: Maximizing Your ROI from Microsoft 365 Enterprise with Microsoft Surface,” commissioned by Microsoft, 2018.<br>
<a id="5">5.</a> Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. Find out more about managing Surface UEFI settings.<br>
<a id="6">6.</a> Removable SSD is available on Surface Laptop 3 and Surface Pro X. Note that hard drive is not user removable. Hard drive is only removable a by skilled technician following Microsoft instructions.<br>
<a id="7">7.</a> DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. [Find out more](https://docs.microsoft.com/surface/manage-surface-uefi-settings) about managing Surface UEFI settings.

2
education/windows/autopilot-reset.md
View File

@ -64,7 +64,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
**To trigger Autopilot Reset**
1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**.
1. From the Windows device lock screen, enter the keystroke: **CTRL + Windows key + R**.
![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png)

34
education/windows/configure-windows-for-education.md
View File

@ -9,7 +9,7 @@ ms.pagetype: edu
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.date: 08/31/2017
ms.date:
ms.reviewer:
manager: dansimp
---
@ -32,7 +32,7 @@ In Windows 10, version 1703 (Creators Update), it is straightforward to configur
| **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This is already set | This is already set | The policy must be set |
| **Cortana** | **AllowCortana** | Disables Cortana </br></br> * Cortana is enabled by default on all editions in Windows 10, version 1703 | If using Windows 10 Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. </br></br> See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | If using Windows 10 Pro Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. </br></br> See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. |
| **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This is already set | This is already set | The policy must be set |
| **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | Depending on your specific requirements, there are different ways to configure this as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
| **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge. See [Ad-free search with Bing](#ad-free-search-with-bing | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
| **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready </br></br> * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](https://docs.microsoft.com/uwp/api/windows.system.profile.educationsettings) | This is already set | This is already set | The policy must be set |
@ -150,34 +150,10 @@ For example:
![Set SetEduPolicies to True in Windows Configuration Designer](images/setedupolicies_wcd.png)
## Ad-free search with Bing
Provide an ad-free experience that is a safer, more private search option for K12 education institutions in the United States. Additional information is available at https://www.bing.com/classroom/about-us.
> [!NOTE]
> If you enable the guest account in shared PC mode, students using the guest account will not have an ad-free experience searching with Bing in Microsoft Edge unless the PC is connected to your school network and your school network has been configured as described in [IP registration for entire school network using Microsoft Edge](#ip-registration-for-entire-school-network-using-microsoft-edge).
Provide an ad-free experience that is a safer, more private search option for K12 education institutions in the United States.
### Configurations
#### IP registration for entire school network using Microsoft Edge
Ad-free searching with Bing in Microsoft Edge can be configured at the network level. To configure this, email bingintheclassroom@microsoft.com with the subject "New Windows 10, version 1703 (Creators Update) Registration: [School District Name]" and the include the following information in the body of the email.
**District information**
- **District or School Name:**
- **Outbound IP Addresses (IP Range + CIDR):**
- **Address:**
- **City:**
- **State Abbreviation:**
- **Zip Code:**
**Registrant information**
- **First Name:**
- **Last Name:**
- **Job Title:**
- **Email Address:**
- **Opt-In for Email Announcements?:**
- **Phone Number:**
This will suppress ads when searching with Bing on Microsoft Edge when the PC is connected to the school network.
#### Azure AD and Office 365 Education tenant
To suppress ads when searching with Bing on Microsoft Edge on any network, follow these steps:
@ -185,6 +161,8 @@ To suppress ads when searching with Bing on Microsoft Edge on any network, follo
2. Domain join the Windows 10 PCs to your Azure AD tenant (this is the same as your Office 365 tenant).
3. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
4. Have students sign in with their Azure AD identity, which is the same as your Office 365 identity, to use the PC.
> [!NOTE]
> If you are verifying your Office 365 domain to prove education status (step 1 above), you may need to wait up to 7 days for the ad-free experience to take effect. Microsoft recommends not to roll out the browser to your students until that time.
#### Office 365 sign-in to Bing
To suppress ads only when the student signs into Bing with their Office 365 account in Microsoft Edge, follow these steps:
@ -192,8 +170,6 @@ To suppress ads only when the student signs into Bing with their Office 365 acco
1. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
2. Have students sign into Bing with their Office 365 account.
### More information
For more information on all the possible Bing configuration methods, see https://aka.ms/e4ahor.
## Related topics
[Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)

12
education/windows/deploy-windows-10-in-a-school-district.md
View File

@ -558,16 +558,16 @@ Complete the following steps to select the appropriate Office 365 Education lice
1. Determine the number of faculty members and students who will use the classroom. Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.</li>
2. Determine the faculty members and students who need to install Microsoft Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 8 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.
2. Determine the faculty members and students who need to install Microsoft Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 8 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.
|Plan |Advantages |Disadvantages |
|----- |----------- |------------- |
|Office 365 Education |<ul><li>Less expensive than Office 365 ProPlus</li><li>Can be run from any device</li><li>No installation necessary</li></ul> | <ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Office 365 ProPlus</li></ul> |
|Office 365 ProPlus |<ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports the full set of Office features</li><li>Can be installed on five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul> |<ul><li>Requires installation</li><li>More expensive than Office 365 Education</li></ul>|
|Office 365 Education |<ul><li>Less expensive than Microsoft 365 Apps for enterprise</li><li>Can be run from any device</li><li>No installation necessary</li></ul> | <ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Microsoft 365 Apps for enterprise</li></ul> |
|Microsoft 365 Apps for enterprise |<ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports the full set of Office features</li><li>Can be installed on five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul> |<ul><li>Requires installation</li><li>More expensive than Office 365 Education</li></ul>|
*Table 8. Comparison of standard and Office 365 ProPlus plans*
*Table 8. Comparison of standard and Microsoft 365 Apps for enterprise plans*
The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
3. Determine whether students or faculty need Azure Rights Management.
@ -1259,7 +1259,7 @@ Your MDT deployment share and Microsoft Endpoint Configuration Manager are now r
## Capture the reference image
The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Office 365 ProPlus if you selected that student license plan.
The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Microsoft 365 Apps for enterprise if you selected that student license plan.
After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.

12
education/windows/deploy-windows-10-in-a-school.md
View File

@ -173,9 +173,9 @@ Complete the following steps to select the appropriate Office 365 Education lice
<ol>
<li>Determine the number of faculty members and students who will use the classroom.<br/>Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.
</li>
<li>Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 1 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.</li>
<li>Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 1 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.</li>
<br/>
<em>Table 1. Comparison of standard and Microsoft Office 365 ProPlus plans</em>
<em>Table 1. Comparison of standard and Microsoft Microsoft 365 Apps for enterprise plans</em>
<br/>
<table>
<colgroup>
@ -191,13 +191,13 @@ Complete the following steps to select the appropriate Office 365 Education lice
</tr>
</thead>
<tbody>
<tr><td>Standard</td><td><ul><li>Less expensive than Office 365 ProPlus</li><li>Can be run from any device</li><li>No installation necessary</li></ul></td><td><ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Office 365 ProPlus</li></ul></td></tr>
<tr><td>Standard</td><td><ul><li>Less expensive than Microsoft 365 Apps for enterprise</li><li>Can be run from any device</li><li>No installation necessary</li></ul></td><td><ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Microsoft 365 Apps for enterprise</li></ul></td></tr>
<tr><td>Office ProPlus</td><td><ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports full set of Office features</li></ul></td><td><ul><li>Requires installation</li><li>Can be installed on only five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul></td></tr>
</tbody>
</table>
<br/>
The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
<br/>
<li>Determine whether students or faculty need Azure Rights Management.<br/>You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when its shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see <a href="https://technet.microsoft.com/library/jj585024.aspx" data-raw-source="[Azure Rights Management](https://technet.microsoft.com/library/jj585024.aspx)">Azure Rights Management</a>.</li>
<li>Record the Office 365 Education license plans needed for the classroom in Table 2.<br/><br/>
@ -506,7 +506,7 @@ Assign SharePoint Online resource permissions to Office 365 security groups, not
**Note**&nbsp;&nbsp;If your institution has AD DS, dont create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
For information about creating security groups, see [Create and manage Office 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
For information about creating security groups, see [Create and manage Microsoft 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
You can add and remove users from security groups at any time.
@ -520,7 +520,7 @@ You can create email distribution groups based on job role (such as teachers, ad
**Note**&nbsp;&nbsp;Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until Office 365 completes the Exchange Online creation process before you can perform the following steps.
For information about how to create security groups, see [Create and manage Office 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
For information about how to create security groups, see [Create and manage Microsoft 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
### Summary

2
education/windows/education-scenarios-store-for-business.md
View File

@ -83,7 +83,7 @@ Applies to: IT admins
Self-service sign up makes it easier for teachers and students in your organization to get started with **Minecraft: Education Edition**. If you have self-service sign up enabled in your tenant, teachers can assign **Minecraft: Education Edition** to students before they have a work or school account. Students receive an email that steps them through the process of signing up for a work or school account. For more information on self-service sign up, see [Using self-service sign up in your organization](https://support.office.com/article/Using-self-service-sign-up-in-your-organization-4f8712ff-9346-4c6c-bb63-a21ad7a62cbd?ui=en-US&rs=en-US&ad=US).
### Domain verification
For education organizations, domain verification ensures you are on the academic verification list. As an admin, you might need to verify your domain using the Office 365 portal. For more information, see [Verify your Office 365 domain to prove ownership, nonprofit or education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590?ui=en-US&rs=en-US&ad=US).
For education organizations, domain verification ensures you are on the academic verification list. As an admin, you might need to verify your domain using the Microsoft 365 admin center. For more information, see [Verify your Office 365 domain to prove ownership, nonprofit or education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590?ui=en-US&rs=en-US&ad=US).
## Acquire apps
Applies to: IT admins and teachers

2
education/windows/set-up-school-pcs-whats-new.md
View File

@ -21,7 +21,7 @@ Learn whats new with the Set up School PCs app each week. Find out about new
## Week of September 23, 2019
### Easier way to deploy Office 365 to your classroom devices
Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Office 365 ProPlus. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.
Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Microsoft 365 Apps for enterprise. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.
## Week of June 24, 2019

2
education/windows/teacher-get-minecraft.md
View File

@ -93,7 +93,7 @@ Enter email addresses for your students, and each student will get an email with
![Assign to people showing student name](images/minecraft-assign-to-people-name.png)
You can assign the app to students with work or school accounts. </br>
If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Office 365 portal where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin.
If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Microsoft 365 admin center where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin.
**To finish Minecraft install (for students)**

2
mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
View File

@ -20,7 +20,7 @@ ms.date: 06/16/2016
After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
**Note**  
For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx).
**Note**
The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.

4
mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
View File

@ -101,7 +101,7 @@ Before you deploy Office by using App-V, review the following requirements.
<tr class="odd">
<td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
<ul>
<li><p>Office 365 ProPlus</p></li>
<li><p>Microsoft 365 Apps for enterprise</p></li>
<li><p>Visio Pro for Office 365</p></li>
<li><p>Project Pro for Office 365</p></li>
</ul></td>
@ -640,7 +640,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
2. Sequence your plug-ins using the App-V 5.0 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
2. Sequence your plug-ins using the App-V 5.0 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
3. Create an App-V 5.0 package that includes the desired plug-ins.

4
mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
View File

@ -100,7 +100,7 @@ Before you deploy Office by using App-V, review the following requirements.
<tr class="odd">
<td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
<ul>
<li><p>Office 365 ProPlus</p></li>
<li><p>Microsoft 365 Apps for enterprise</p></li>
<li><p>Visio Pro for Office 365</p></li>
<li><p>Project Pro for Office 365</p></li>
</ul></td>
@ -648,7 +648,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
2. Sequence your plug-ins using the App-V 5.1 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
2. Sequence your plug-ins using the App-V 5.1 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
3. Create an App-V 5.1 package that includes the desired plug-ins.

8
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -102,7 +102,7 @@ Before you deploy Office by using App-V, review the following requirements.
<tr class="odd">
<td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
<ul>
<li><p>Office 365 ProPlus</p></li>
<li><p>Microsoft 365 Apps for enterprise</p></li>
<li><p>Visio Pro for Office 365</p></li>
<li><p>Project Pro for Office 365</p></li>
</ul></td>
@ -293,7 +293,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
</tr>
<tr class="even">
<td align="left"><p>Channel (attribute of Add element)</p></td>
<td align="left"><p>Optional. Specifies the update channel for the product that you want to download or install. </p><p>For more information about update channels, see Overview of update channels for Office 365 ProPlus.</p></td>
<td align="left"><p>Optional. Specifies the update channel for the product that you want to download or install. </p><p>For more information about update channels, see Overview of update channels for Microsoft 365 Apps for enterprise.</p></td>
<td align="left"><p><code>Channel=&quot;Deferred&quot;</code></p></td>
</tr>
</tbody>
@ -348,7 +348,7 @@ After you download the Office 2016 applications through the Office Deployment To
The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model youre using. The steps in the sections that follow the table will specify the exact entries you need to make.
>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
<table>
<colgroup>
@ -588,7 +588,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
3. Create an App-V package that includes the desired plug-ins.

8
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
View File

@ -102,7 +102,7 @@ Before you deploy Office by using App-V, review the following requirements.
<tr class="odd">
<td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
<ul>
<li><p>Office 365 ProPlus</p></li>
<li><p>Microsoft 365 Apps for enterprise</p></li>
<li><p>Visio Pro for Office 365</p></li>
<li><p>Project Pro for Office 365</p></li>
</ul></td>
@ -293,7 +293,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
</tr>
<tr class="even">
<td align="left"><p>Branch (attribute of Add element)</p></td>
<td align="left"><p>Optional. Specifies the update branch for the product that you want to download or install. </p><p>For more information about update branches, see Overview of update branches for Office 365 ProPlus.</p></td>
<td align="left"><p>Optional. Specifies the update branch for the product that you want to download or install. </p><p>For more information about update branches, see Overview of update branches for Microsoft 365 Apps for enterprise.</p></td>
<td align="left"><p><code>Branch = &quot;Business&quot;</code></p></td>
</tr>
</tbody>
@ -348,7 +348,7 @@ After you download the Office 2016 applications through the Office Deployment To
The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model youre using. The steps in the sections that follow the table will specify the exact entries you need to make.
>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
<table>
<colgroup>
@ -588,7 +588,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
3. Create an App-V package that includes the desired plug-ins.

57
mdop/appv-v5/deploying-the-app-v-51-server.md
View File

@ -13,37 +13,27 @@ ms.prod: w10
ms.date: 06/16/2016
---
# Deploying the App-V 5.1 Server
You can install the Microsoft Application Virtualization (App-V) 5.1 server features by using different deployment configurations, which described in this topic. Before you install the server features, review the server section of [App-V 5.1 Security Considerations](app-v-51-security-considerations.md).
For information about deploying the App-V Server, see [About App-V 5.1](about-app-v-51.md#bkmk-migrate-to-51).
**Important**  
Before you install and configure the App-V 5.1 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
> [!IMPORTANT]
> Before you install and configure the App-V 5.1 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
## <a href="" id="---------app-v-5-1-server-overview"></a> App-V 5.1 Server overview
The App-V 5.1 Server is made up of five components. Each component serves a different purpose within the App-V 5.1 environment. Each of the five components is briefly described here:
- Management Server provides overall management functionality for the App-V 5.1 infrastructure.
- Management Database facilitates database predeployments for App-V 5.1 management.
- Publishing Server provides hosting and streaming functionality for virtual applications.
- Reporting Server provides App-V 5.1 reporting services.
- Reporting Database facilitates database predeployments for App-V 5.1 reporting.
- Management Server provides overall management functionality for the App-V 5.1 infrastructure.
- Management Database facilitates database predeployments for App-V 5.1 management.
- Publishing Server provides hosting and streaming functionality for virtual applications.
- Reporting Server provides App-V 5.1 reporting services.
- Reporting Database facilitates database predeployments for App-V 5.1 reporting.
## <a href="" id="---------app-v-5-1-stand-alone-deployment"></a> App-V 5.1 stand-alone deployment
The App-V 5.1 standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are deployed to a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V 5.1 components. Therefore, you should not use this topology for larger deployments.
[How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)
@ -52,7 +42,6 @@ The App-V 5.1 standalone deployment provides a good topology for a small deploym
## <a href="" id="---------app-v-5-1-server-distributed-deployment"></a> App-V 5.1 Server distributed deployment
The distributed deployment topology can support a large App-V 5.1 client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V 5.1 Server components are deployed across multiple computers, based on the structure and requirements of the organization.
[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md)
@ -67,19 +56,15 @@ The distributed deployment topology can support a large App-V 5.1 client base an
## Using an Enterprise Software Distribution (ESD) solution and App-V 5.1
You can also deploy the App-V 5.1 clients and packages by using an ESD without having to deploy App-V 5.1. The full capabilities for integration will vary depending on the ESD that you use.
**Note**  
The App-V 5.1 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.1 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
> [!NOTE]
> The App-V 5.1 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.1 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
[Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md)
## <a href="" id="---------app-v-5-1-server-logs"></a> App-V 5.1 Server logs
You can use App-V 5.1 server log information to help troubleshoot the server installation and operational events while using App-V 5.1. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events:
**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**
@ -92,14 +77,11 @@ In App-V 5.0 SP3, some logs were consolidated and moved. See [About App-V 5.0 SP
## <a href="" id="---------app-v-5-1-reporting"></a> App-V 5.1 reporting
App-V 5.1 reporting allows App-V 5.1 clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V 5.1 client collects:
- Information about the computer that runs the App-V 5.1 client.
- Information about virtualized packages on a specific computer that runs the App-V 5.1 client.
- Information about package open and shutdown for a specific user.
- Information about the computer that runs the App-V 5.1 client.
- Information about virtualized packages on a specific computer that runs the App-V 5.1 client.
- Information about package open and shutdown for a specific user.
The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports.
@ -111,19 +93,4 @@ Use the following link for more information [About App-V 5.1 Reporting](about-ap
## Other resources for the App-V server
[Deploying App-V 5.1](deploying-app-v-51.md)

1128
mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md
View File

File diff suppressed because it is too large Load Diff

105
mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md
View File

@ -13,75 +13,42 @@ ms.prod: w10
ms.date: 06/16/2016
---
# How to Deploy the App-V Databases by Using SQL Scripts
Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
- Install the App-V 5.1 databases
- Install the App-V 5.1 databases
- Upgrade the App-V databases to a later version
- Upgrade the App-V databases to a later version
> [!NOTE]
> If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not required to upgrade to App-V 5.1.
**Note**
If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not required to upgrade to App-V 5.1.
## How to install the App-V databases by using SQL scripts
1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
1. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
1. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
Example: appv\_server\_setup.exe /layout c:\\&lt;_temporary location path_&gt;
**How to install the App-V databases by using SQL scripts**
1. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions:
1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
| Database | Location of Readme.txt file to use |
|--|--|
| Management database | ManagementDatabase subfolder |
| Reporting database | ReportingDatabase subfolder |
2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
> [!CAUTION]
> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
Example: appv\_server\_setup.exe /layout c:\\&lt;temporary location path&gt;
4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Database</th>
<th align="left">Location of Readme.txt file to use</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Management database</p></td>
<td align="left"><p>ManagementDatabase subfolder</p></td>
</tr>
<tr class="even">
<td align="left"><p>Reporting database</p></td>
<td align="left"><p>ReportingDatabase subfolder</p></td>
</tr>
</tbody>
</table>
~~~
**Caution**
The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
**Important**
The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
> [!IMPORTANT]
> The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
~~~
## Updated management database README file content
**Updated management database README file content**
``` syntax
```plaintext
******************************************************************
Before you install and use the Application Virtualization Database Scripts you must:
1.Review the Microsoft Application Virtualization Server 5.0 license terms.
@ -107,7 +74,7 @@ Steps to install "AppVManagement" schema in SQL SERVER.
2. Ensure the target SQL Server instance and SQL Server Agent service are running.
3. If you are not running the scripts directly on the server, ensure the
3. If you are not running the scripts directly on the server, ensure the
necessary SQL Server client software is installed and available from
the specified location. Specifically, the "osql" command must
## be supported for these scripts to run.
@ -120,7 +87,7 @@ Steps to install "AppVManagement" schema in SQL SERVER.
defaults are likely sufficient, it is suggested that the following
settings be reviewed:
DATABASE - ensure name is satisfactory - default is "AppVManagement".
DATABASE - ensure name is satisfactory - default is "AppVManagement".
2. Review the Permissions.sql file and provide all the necessary account information
for setting up read and write access on the database. Note: Default settings
@ -130,23 +97,23 @@ Steps to install "AppVManagement" schema in SQL SERVER.
## INSTALLATION:
1. Run the database.sql against the "master" database. Your user
1. Run the database.sql against the "master" database. Your user
credential must have the ability to create databases.
This script will create the database.
2. Run the following scripts against the "AppVManagement" database using the
2. Run the following scripts against the "AppVManagement" database using the
same account as above in order.
CreateTables.sql
CreateStoredProcs.sql
UpdateTables.sql
## Permissions.sql
## Permissions.sql
```
**Updated reporting database README file content**
## Updated reporting database README file content
``` syntax
```plaintext
******************************************************************
Before you install and use the Application Virtualization Database Scripts you must:
1.Review the Microsoft Application Virtualization Server 5.0 license terms.
@ -188,7 +155,7 @@ Steps to install "AppVReporting" schema in SQL SERVER.
defaults are likely sufficient, it is suggested that the following
settings be reviewed:
DATABASE - ensure name is satisfactory - default is "AppVReporting".
DATABASE - ensure name is satisfactory - default is "AppVReporting".
2. Review the Permissions.sql file and provide all the necessary account information
for setting up read and write access on the database. Note: Default settings
@ -203,13 +170,13 @@ Steps to install "AppVReporting" schema in SQL SERVER.
## INSTALLATION:
1. Run the database.sql against the "master" database. Your user
1. Run the database.sql against the "master" database. Your user
credential must have the ability to create databases.
This script will create the database.
2. If upgrading the database, run UpgradeDatabase.sql This will upgrade database schema.
2. Run the following scripts against the "AppVReporting" database using the
2. Run the following scripts against the "AppVReporting" database using the
same account as above in order.
CreateTables.sql
@ -222,20 +189,10 @@ Steps to install "AppVReporting" schema in SQL SERVER.
```
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md)
[How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)

35
mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md
View File

@ -13,19 +13,17 @@ ms.prod: w10
ms.date: 06/16/2016
---
# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell
Use the following PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts.
Before attempting this procedure, you should read and understand the information and examples displayed in the following list:
- **.INPUTS** The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
- **.INPUTS** The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
- **Examples** -
- **Examples** -
**.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**.
@ -33,13 +31,10 @@ Before attempting this procedure, you should read and understand the information
**.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200**
\#&gt;
**To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)**
## To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)
1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**.
2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
1. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
```powershell
<#
@ -61,7 +56,7 @@ Before attempting this procedure, you should read and understand the information
function ConvertSIDToHexFormat
{
param(\[System.Security.Principal.SecurityIdentifier\]$sidToConvert)
param([System.Security.Principal.SecurityIdentifier]$sidToConvert)
$sb = New-Object System.Text.StringBuilder
[int] $binLength = $sidToConvert.BinaryLength
@ -79,7 +74,7 @@ Before attempting this procedure, you should read and understand the information
[string]::Format("{0}====== Description ======{0}{0}" +
" Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
" Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
" Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.ps1 DOMAIN\Account1 DOMAIN\Account2 ...'){0}" +
" The output is written to the console in the format 'Account name SID as string SID as hexadecimal'{0}" +
" And can be written out to a file using standard PowerShell redirection{0}" +
" Please specify user accounts in the format 'DOMAIN\username'{0}" +
@ -131,17 +126,21 @@ Before attempting this procedure, you should read and understand the information
Write-Output $SIDs
}
}
3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
```
1. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
For example,
**.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
**.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**
or
**$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
**.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200**
**.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md)

118
mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md
View File

@ -13,114 +13,74 @@ ms.prod: w10
ms.date: 06/16/2016
---
# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
**Note**
After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
> [!NOTE]
> After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
## To install the management database and the management server on separate computers
1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
1. On the **Getting Started** page, review and accept the license terms, and click **Next**.
1. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don't want to use Microsoft Update**. Click **Next**.
1. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**.
1. On the **Installation Location** page, accept the default location and click **Next**.
1. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**.
**To install the management database and the management server on separate computers**
1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I dont want to use Microsoft Update**. Click **Next**.
4. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**.
5. On the **Installation Location** page, accept the default location and click **Next**.
6. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**.
If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.\
If you are using a custom database name, then select **Custom configuration** and type the database name.
7. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
1. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
**Note**
If you plan to deploy the management server on the same computer you must select **Use this local computer**.
> [!NOTE]
> If you plan to deploy the management server on the same computer you must select **Use this local computer**.
1. Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
1. To start the installation, click **Install**.
## To install the reporting database and the reporting server on separate computers
~~~
Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
~~~
8. To start the installation, click **Install**.
**To install the reporting database and the reporting server on separate computers**
1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
2. On the **Getting Started** page, review and accept the license terms, and click **Next**.
3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I dont want to use Microsoft Update**. Click **Next**.
4. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**.
5. On the **Installation Location** page, accept the default location and click **Next**.
6. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**.
1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
1. On the **Getting Started** page, review and accept the license terms, and click **Next**.
1. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don't want to use Microsoft Update**. Click **Next**.
1. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**.
1. On the **Installation Location** page, accept the default location and click **Next**.
1. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**.
If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
If you are using a custom database name, then select **Custom configuration** and type the database name.
7. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
1. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
**Note**
If you plan to deploy the reporting server on the same computer you must select **Use this local computer**.
> [!NOTE]
> If you plan to deploy the reporting server on the same computer you must select **Use this local computer**.
1. Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
1. To start the installation, click **Install**.
## To install the management and reporting databases using App-V 5.1 database scripts
~~~
Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**.
~~~
1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on.
1. To extract the App-V 5.1 database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
8. To start the installation, click **Install**.
**appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR="InstallationExtractionLocation"**.
**To install the management and reporting databases using App-V 5.1 database scripts**
1. After the extraction has been completed, to access the App-V 5.1 database scripts and instructions readme file:
1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on.
- The App-V 5.1 Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
- The App-V 5.1 Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
2. To extract the App-V 5.1 database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
1. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
**appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**.
> [!NOTE]
> For more information about modifying the required SIDs contained in the scripts, see [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md).
3. After the extraction has been completed, to access the App-V 5.1 database scripts and instructions readme file:
1. Run the scripts on the computer running Microsoft SQL Server.
- The App-V 5.1 Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
- The App-V 5.1 Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
4. For each database, copy the scripts to a share and modify them following the instructions in the readme file.
**Note**
For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md).
5. Run the scripts on the computer running Microsoft SQL Server.
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
## Related topics
[Deploying App-V 5.1](deploying-app-v-51.md)

2
mdop/appv-v5/planning-for-using-app-v-with-office.md
View File

@ -61,7 +61,7 @@ The following table lists the versions of Microsoft Office that App-V supports,
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Office 365 ProPlus</p>
<td align="left"><p>Microsoft 365 Apps for enterprise</p>
<p>Also supported:</p>
<ul>
<li><p>Visio Pro for Office 365</p></li>

2
mdop/appv-v5/planning-for-using-app-v-with-office51.md
View File

@ -40,7 +40,7 @@ Microsoft Visio and Microsoft Project do not provide support for the Thai Langua
## <a href="" id="bkmk-office-vers-supp-appv"></a>Supported versions of Microsoft Office
See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products.
>**Note**&nbsp;&nbsp;You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
>**Note**&nbsp;&nbsp;You must use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.

6
mdop/mbam-v1/evaluating-mbam-10.md
View File

@ -55,21 +55,21 @@ Even when you set up a non-production instance of MBAM to evaluate in a lab envi
<td align="left"><p></p>
<p>Prepare your computing environment for the MBAM installation. To do so, you must enable the Transparent Data Encryption (TDE) on the SQL Server instances that will host MBAM databases. To enable TDE in your lab environment, you can create a .sql file to run against the master database that is hosted on the instance of the SQL Server that MBAM will use.</p>
<div class="alert">
<strong>Note</strong><br/><p>You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of <em>C:\Backup&lt;/em&gt;. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.</p>
<strong>Note</strong><br/><p>You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of <em>C:\Backup</em>. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.</p>
</div>
<div>
</div>
<pre class="syntax" space="preserve"><code>USE master;
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = &amp;amp;#39;P@55w0rd&#39;;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = &#39;P@55w0rd&#39;;
GO
CREATE CERTIFICATE tdeCert WITH SUBJECT = &#39;TDE Certificate&#39;;
GO
BACKUP CERTIFICATE tdeCert TO FILE = &#39;C:\Backup\TDECertificate.cer&#39;
WITH PRIVATE KEY (
FILE = &#39;C:\Backup\TDECertificateKey.pvk&#39;,
ENCRYPTION BY PASSWORD = &amp;amp;#39;P@55w0rd&#39;);
ENCRYPTION BY PASSWORD = &#39;P@55w0rd&#39;);
GO</code></pre></td>
<td align="left"><p><a href="mbam-10-deployment-prerequisites.md" data-raw-source="[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)">MBAM 1.0 Deployment Prerequisites</a></p>
<p><a href="https://go.microsoft.com/fwlink/?LinkId=269703" data-raw-source="[Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703)">Database Encryption in SQL Server 2008 Enterprise Edition</a></p></td>

20
smb/cloud-mode-business-setup.md
View File

@ -21,12 +21,12 @@ ms.localizationpriority: medium
**Applies to:**
- Office 365 Business Premium, Azure AD Premium, Intune, Microsoft Store for Business, Windows 10
- Microsoft 365 Business Standard, Azure AD Premium, Intune, Microsoft Store for Business, Windows 10
Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
- Acquire an Office 365 business domain
In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Microsoft 365 Business Standard, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
- Acquire an Microsoft 365 for business domain
- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
- Set up Microsoft Store for Business and manage app deployment and sync with Intune
- Add users and groups in Azure AD and Intune
@ -52,11 +52,11 @@ See <a href="https://support.office.com/en-us/article/Set-up-Office-365-for-busi
- Create Office 365 accounts and how to add your domain.
- Install Office
To set up your Office 365 business tenant, see <a href="https://support.office.com/en-us/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Office 365 for business</a>.
To set up your Microsoft 365 for business tenant, see <a href="https://support.office.com/en-us/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Microsoft 365 for business</a>.
If this is the first time you're setting this up, and you'd like to see how it's done, you can follow these steps to get started:
1. Go to the <a href="https://business.microsoft.com/en-us/products/office-365" target="_blank">Office 365</a> page in the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Office 365 Business Premium Trial or select **Buy now** to sign up for Office 365 Business Premium. In this walkthrough, we'll select **Try now**.
1. Go to the <a href="https://products.office.com/en-us/business/office-365-affiliate-program-buy-business-premium" target="_blank">Office 365</a> page in the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**.
**Figure 1** - Try or buy Office 365
@ -68,14 +68,14 @@ If this is the first time you're setting this up, and you'd like to see how it's
This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the admin portal).
4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
5. Select **You're ready to go...** which will take you to the Office 365 portal.
5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
> [!NOTE]
> In the Office 365 portal, icons that are greyed out are still installing.
> In the Microsoft 365 admin center, icons that are greyed out are still installing.
**Figure 2** - Office 365 portal
**Figure 2** - Microsoft 365 admin center
![Office 365 portal](images/office365_portal.png)
![Microsoft 365 admin center](images/office365_portal.png)
6. Select the **Admin** tile to go to the admin center.
@ -560,7 +560,7 @@ For other devices, such as those personally-owned by employees who need to conne
9. You can confirm that the new device and user are showing up as Intune-managed by going to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
### 4.2 Add a new user
You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
See [Add users to Office 365](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc?ui=en-US&rs=en-US&ad=US&fromAR=1) to learn more. Once you're done adding new users, go to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and verify that the same users were added to the Intune groups as well.

2
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -45,7 +45,7 @@ Before you get started, be sure to review these best practices and requirements:
**Best practices**
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.

Some files were not shown because too many files have changed in this diff Show More