mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Merge branch 'main' into aljupudi-6027362-improperacronyms-03
This commit is contained in:
Alekhya Jupudi
@ -861,7 +861,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici
|
||||
|DeferFeatureUpdates|REG_DWORD|1: defer feature updates<br><br>Other value or absent: don’t defer feature updates|
|
||||
|DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates|
|
||||
|PauseFeatureUpdates|REG_DWORD|1: pause feature updates<br><br>Other value or absent: don’t pause feature updates|
|
||||
|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers<br><br>Other value or absent: offer WU drivers|
|
||||
|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude Windows Update drivers<br><br>Other value or absent: offer Windows Update drivers|
|
||||
|
||||
Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices.
|
||||
|
||||
|
||||
@ -537,28 +537,32 @@ Supported operation is Exec only.
|
||||
|
||||
<a href="" id="provider-providerid-multiplesession-numallowedconcurrentusersessionforbackgroundsync"></a>**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync**
|
||||
|
||||
Optional. This node specifies maximum number of concurrent user sync sessions in background. Default value is 25.
|
||||
Optional. This node specifies maximum number of concurrent user sync sessions in background.
|
||||
|
||||
The default value is dynamically decided by the client based on CPU usage.
|
||||
|
||||
The values are : 0= none, 1= sequential, anything else= parallel.
|
||||
|
||||
Supported operations are Get, Add, Replace and Delete.
|
||||
|
||||
Value type is integer. Only applicable for Windows 10 multi-session.
|
||||
Value type is integer. Only applicable for Windows Enterprise multi-session.
|
||||
|
||||
|
||||
<a href="" id="provider-providerid-multiplesession-numallowedconcurrentusersessionatuserlogonsync"></a>**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync**
|
||||
Optional. This node specifies maximum number of concurrent user sync sessions at User Login. Default value is 25.
|
||||
Optional. This node specifies maximum number of concurrent user sync sessions at User Login.
|
||||
|
||||
The default value is dynamically decided by the client based on CPU usage.
|
||||
|
||||
The values are : 0= none, 1= sequential, anything else= parallel.
|
||||
|
||||
Supported operations are Get, Add, Replace and Delete.
|
||||
|
||||
Value type is integer. Only applicable for Windows 10 multi-session.
|
||||
Value type is integer. Only applicable for Windows Enterprise multi-session.
|
||||
|
||||
<a href="" id="provider-providerid-multiplesession-intervalforscheduledretriesforusersession"></a>**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession**
|
||||
Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `/<ProviderID>/Poll/NumberOfScheduledRetriesForUserSession`.
|
||||
|
||||
If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 1440. If the value is set to 0, this schedule is disabled.
|
||||
If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 0. If the value is set to 0, this schedule is disabled.
|
||||
|
||||
This configuration is only applicable for Windows Multi-session Editions.
|
||||
|
||||
@ -626,7 +630,7 @@ The status error mapping is listed below.
|
||||
|--- |--- |
|
||||
|0|Success|
|
||||
|1|Failure: invalid PFN|
|
||||
|2|Failure: invalid or expired device authentication with MSA|
|
||||
|2|Failure: invalid or expired device authentication with Microsoft account|
|
||||
|3|Failure: WNS client registration failed due to an invalid or revoked PFN|
|
||||
|4|Failure: no Channel URI assigned|
|
||||
|5|Failure: Channel URI has expired|
|
||||
|
||||
@ -27,12 +27,12 @@ The table below shows the applicability of Windows:
|
||||
|
||||
The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
|
||||
|
||||
> [!Note]
|
||||
> To make WIP functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
|
||||
> [!NOTE]
|
||||
> To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
|
||||
|
||||
While WIP has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
|
||||
While Windows Information Protection has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
|
||||
|
||||
To learn more about WIP, see the following articles:
|
||||
To learn more about Windows Information Protection, see the following articles:
|
||||
|
||||
- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
|
||||
- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
|
||||
@ -63,8 +63,8 @@ The root node for the Windows Information Protection (WIP) configuration setting
|
||||
<a href="" id="settings-edpenforcementlevel"></a>**Settings/EDPEnforcementLevel**
|
||||
Set the WIP enforcement level.
|
||||
|
||||
> [!Note]
|
||||
> Setting this value isn't sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running.
|
||||
> [!NOTE]
|
||||
> Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running.
|
||||
|
||||
The following list shows the supported values:
|
||||
|
||||
@ -76,14 +76,13 @@ The following list shows the supported values:
|
||||
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
|
||||
|
||||
<a href="" id="settings-enterpriseprotecteddomainnames"></a>**Settings/EnterpriseProtectedDomainNames**
|
||||
A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
|
||||
A list of domains used by the enterprise for its user identities separated by pipes ("|"). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
|
||||
|
||||
Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
|
||||
|
||||
> [!Note]
|
||||
> [!NOTE]
|
||||
> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
|
||||
|
||||
|
||||
Here are the steps to create canonical domain names:
|
||||
|
||||
1. Transform the ASCII characters (A-Z only) to lowercase. For example, Microsoft.COM -> microsoft.com.
|
||||
@ -242,7 +241,7 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
|
||||
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
|
||||
|
||||
<a href="" id="settings-revokeonunenroll"></a>**Settings/RevokeOnUnenroll**
|
||||
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
|
||||
This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
|
||||
|
||||
The following list shows the supported values:
|
||||
|
||||
@ -252,7 +251,7 @@ The following list shows the supported values:
|
||||
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
|
||||
|
||||
<a href="" id="settings-revokeonmdmhandoff"></a>**Settings/RevokeOnMDMHandoff**
|
||||
Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
|
||||
Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
|
||||
|
||||
- 0 - Don't revoke keys.
|
||||
- 1 (default) - Revoke keys.
|
||||
@ -265,7 +264,7 @@ TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS t
|
||||
Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID).
|
||||
|
||||
<a href="" id="settings-allowazurermsforedp"></a>**Settings/AllowAzureRMSForEDP**
|
||||
Specifies whether to allow Azure RMS encryption for WIP.
|
||||
Specifies whether to allow Azure RMS encryption for Windows Information Protection.
|
||||
|
||||
- 0 (default) – Don't use RMS.
|
||||
- 1 – Use RMS.
|
||||
@ -278,7 +277,7 @@ When this policy isn't specified, the existing auto-encryption behavior is appli
|
||||
Supported operations are Add, Get, Replace and Delete. Value type is string.
|
||||
|
||||
<a href="" id="settings-edpshowicons"></a>**Settings/EDPShowIcons**
|
||||
Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app.
|
||||
Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app.
|
||||
The following list shows the supported values:
|
||||
|
||||
- 0 (default) - No WIP overlays on icons or tiles.
|
||||
@ -287,7 +286,7 @@ The following list shows the supported values:
|
||||
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
|
||||
|
||||
<a href="" id="status"></a>**Status**
|
||||
A read-only bit mask that indicates the current state of WIP on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
|
||||
A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
|
||||
|
||||
Suggested values:
|
||||
|
||||
@ -299,7 +298,7 @@ Bit 0 indicates whether WIP is on or off.
|
||||
|
||||
Bit 1 indicates whether AppLocker WIP policies are set.
|
||||
|
||||
Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
|
||||
Bit 3 indicates whether the mandatory Windows Information Protection policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
|
||||
|
||||
Here's the list of mandatory WIP policies:
|
||||
|
||||
|
||||
@ -80,17 +80,17 @@ Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided
|
||||
|
||||
MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback:
|
||||
|
||||
- [AppLocker CSP](applocker-csp.md) for configuration of WIP enterprise allowed apps.
|
||||
- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
|
||||
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
|
||||
- [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
|
||||
- [DevInfo CSP](devinfo-csp.md).
|
||||
- [DMAcc CSP](dmacc-csp.md).
|
||||
- [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL.
|
||||
- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has WIP policies.
|
||||
- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies.
|
||||
- [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
|
||||
- [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management.
|
||||
- [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas.
|
||||
- [Reporting CSP](reporting-csp.md) for retrieving WIP logs.
|
||||
- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs.
|
||||
- [RootCaTrustedCertificates CSP](rootcacertificates-csp.md).
|
||||
- [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
|
||||
- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
|
||||
@ -116,13 +116,13 @@ MAM policy syncs are modeled after MDM. The MAM client uses an Azure AD token to
|
||||
Windows doesn't support applying both MAM and MDM policies to the same devices. If configured by the admin, users can change their MAM enrollment to MDM.
|
||||
|
||||
> [!NOTE]
|
||||
> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
|
||||
> When users upgrade from MAM to MDM on Windows Home edition, they lose access to Windows Information Protection. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
|
||||
|
||||
To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment.
|
||||
|
||||
In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when WIP policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
|
||||
In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when Windows Information Protection policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
|
||||
|
||||
- Both MAM and MDM policies for the organization support WIP.
|
||||
- Both MAM and MDM policies for the organization support Windows Information Protection.
|
||||
- EDP CSP Enterprise ID is the same for both MAM and MDM.
|
||||
- EDP CSP RevokeOnMDMHandoff is set to false.
|
||||
|
||||
|
||||
@ -68,12 +68,12 @@ manager: dansimp
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
Specifies whether user is allowed to add non-MSA email accounts.
|
||||
Specifies whether user is allowed to add email accounts other than Microsoft account.
|
||||
|
||||
Most restricted value is 0.
|
||||
|
||||
> [!NOTE]
|
||||
> This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
|
||||
> This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
@ -114,7 +114,7 @@ The following list shows the supported values:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
|
||||
Specifies whether the user is allowed to use a Microsoft account for non-email related connection authentication and services.
|
||||
|
||||
Most restricted value is 0.
|
||||
|
||||
@ -160,10 +160,10 @@ The following list shows the supported values:
|
||||
Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
|
||||
|
||||
> [!NOTE]
|
||||
> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
|
||||
> If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
|
||||
|
||||
> [!NOTE]
|
||||
> If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
|
||||
> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
@ -106,7 +106,7 @@ On a device where this policy is configured, the user specified in the policy wi
|
||||
> [!NOTE]
|
||||
>
|
||||
> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
|
||||
> - Auto-logon is only supported for MSA and AAD users.
|
||||
> - Auto-logon is only supported for Microsoft account and AAD users.
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
@ -88,7 +88,7 @@ Specifies the ending time for retrieving logs.
|
||||
- Supported operations are Get and Replace.
|
||||
|
||||
<a href="" id="type"></a>**Type**
|
||||
Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the WIP learning logs.
|
||||
Added in Windows 10, version 1703. Specifies the type of logs to retrieve. You can use this policy to retrieve the Windows Information Protection learning logs.
|
||||
|
||||
- Value type is integer.
|
||||
- Supported operations are Get and Replace.
|
||||
|
||||
@ -30,7 +30,7 @@ The VPNv2 configuration service provider allows the mobile device management (MD
|
||||
Here are the requirements for this CSP:
|
||||
|
||||
- VPN configuration commands must be wrapped in an Atomic block in SyncML.
|
||||
- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
|
||||
- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure Windows Information Protection policies.
|
||||
- Instead of changing individual properties, follow these steps to make any changes:
|
||||
|
||||
- Send a Delete command for the ProfileName to delete the entire profile.
|
||||
@ -541,9 +541,9 @@ If no inbound filter is provided, then by default all unsolicited inbound traffi
|
||||
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
|
||||
|
||||
<a href="" id="vpnv2-profilename-edpmodeid"></a>**VPNv2/**<em>ProfileName</em>**/EdpModeId**
|
||||
Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
|
||||
Enterprise ID, which is required for connecting this VPN profile with a Windows Information Protection policy. When this ID is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
|
||||
|
||||
Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the WIP policies and App lists automatically takes effect.
|
||||
Additionally when a connection is being established with Windows Information Protection (WIP)(formerly known as Enterprise Data Protection), the admin doesn't have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced config is needed) because the Windows Information Protection policies and App lists automatically takes effect.
|
||||
|
||||
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
|
||||
|
||||
|
||||
@ -161,7 +161,7 @@ Value type is bool.
|
||||
Supported operation is Get.
|
||||
|
||||
<a href="" id="universaltelemetryclient-utcconfigurationdiagnosis-msaserviceenabled"></a>**UniversalTelemetryClient/UtcConfigurationDiagnosis/MsaServiceEnabled**
|
||||
A boolean value representing whether the MSA service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
|
||||
A boolean value representing whether the Microsoft account service is enabled. This service must be enabled for UTC data to be indexed with Global Device IDs.
|
||||
|
||||
Value type is bool.
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ All that's required to use Quick Assist is suitable network and internet connect
|
||||
|
||||
### Authentication
|
||||
|
||||
The helper can authenticate when they sign in by using a Microsoft Account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported.
|
||||
The helper can authenticate when they sign in by using a Microsoft account (MSA) or Azure Active Directory (Azure AD). Local Active Directory authentication isn't currently supported.
|
||||
|
||||
### Network considerations
|
||||
|
||||
@ -36,7 +36,7 @@ Both the helper and sharer must be able to reach these endpoints over port 443:
|
||||
| Domain/Name | Description |
|
||||
|--|--|
|
||||
| `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application |
|
||||
| `*.login.microsoftonline.com` | Required for logging in to the application (MSA) |
|
||||
| `*.login.microsoftonline.com` | Required for logging in to the application (Microsoft account) |
|
||||
| `*.channelwebsdks.azureedge.net` | Used for chat services within Quick Assist |
|
||||
| `*.aria.microsoft.com` | Used for accessibility features within the app |
|
||||
| `*.api.support.microsoft.com` | API access for Quick Assist |
|
||||
|
||||
@ -15,7 +15,7 @@ ms.topic: troubleshooting
|
||||
|
||||
# What version of Windows am I running?
|
||||
|
||||
To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them.
|
||||
To determine if your device is enrolled in the [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels) (GA Channel) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so it’s useful to learn about all of them.
|
||||
|
||||
## System Properties
|
||||
Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu
|
||||
|
||||
Reference in New Issue
Block a user