deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 7732: 5/2 AM Publish

Browse Source
This commit is contained in:
Alma Jenks 2018-05-02 17:37:57 +00:00
commit 5f4906900a
20 changed files with 125 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
View File

@ -2,12 +2,14 @@
ms.localizationpriority: low
ms.mktglfcycl: plan
description: Learn about which version of the IEAK 11 you should run, based on your license agreement.
author: eross-msft
ms.prod: ie11
author: pashort
ms.author: shortpatti
ms.manager: elizapo
ms.prod: ie11, ieak11
ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
ms.date: 05/02/2018
---
@ -45,7 +47,7 @@ You must pick a version of IEAK 11 to run during installation, either **Externa
|Automatic configuration |Not available |
|Proxy settings |Proxy settings |
|Security and privacy settings |Not available |
|Not available |Add a root certificate |
|Add a root certificate |Not available |
|Programs |Programs |
|Additional settings |Not available |
|Wizard complete |Wizard complete |

7
devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
View File

@ -45,13 +45,6 @@ You can enroll your Surface Hubs using bulk, manual, or automatic enrollment.
Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory.
**To enable automatic enrollment for Microsoft Intune**
1. In the [Azure classic portal](https://manage.windowsazure.com/), navigate to the **Active Directory** node and select your directory.
2. Click the **Applications** tab, then click **Microsoft Intune**.
3. Under **Manage devices for these users**, click **Groups**.
4. Click **Select Groups**, then select the groups of users you want to automatically enroll into Intune.
5. Click the checkmark button, then click **Save**.
For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).

132
education/windows/switch-to-pro-education.md
View File

@ -1,7 +1,7 @@
---
title: Switch to Windows 10 Pro Education from Windows 10 Pro
description: Learn how IT Pros can opt into switching to Windows 10 Pro Education from Windows 10 Pro.
keywords: switch, free switch, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
title: Change to Windows 10 Education from Windows 10 Pro
description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro.
keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
@ -9,20 +9,20 @@ ms.pagetype: edu
ms.localizationpriority: high
author: MikeBlodge
ms.author: MikeBlodge
ms.date: 10/30/2017
ms.date: 04/30/2018
---
# Switch to Windows 10 Pro Education from Windows 10 Pro
# Change to Windows 10 Education from Windows 10 Pro
Windows 10 Pro Education is a new offering in Windows 10, version 1607. This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings.
If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free switch to Windows 10 Pro Education depending on your scenario.
- [Switch from Windows 10 Pro in S mode to Windows 10 Pro Education in S mode](https://www.microsoft.com/en-us/education/windows/s-mode-switch-to-edu)
- [Switch from Windows 10 Pro to Windows 10 Pro Education](#switch-from-windows-10-pro-to-windows-10-pro-education)
If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free change to Windows 10 Pro Education depending on your scenario.
- [change from Windows 10 Pro in S mode to Windows 10 Pro Education in S mode](https://www.microsoft.com/en-us/education/windows/s-mode-change-to-edu)
- [change from Windows 10 Pro to Windows 10 Pro Education](#change-from-windows-10-pro-to-windows-10-pro-education)
To take advantage of this offering, make sure you meet the [requirements for switching](#requirements-for-switching). For academic customers who are eligible to switch to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance.
To take advantage of this offering, make sure you meet the [requirements for changing](#requirements-for-changing). For academic customers who are eligible to change to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance.
## Requirements for switching
Before you switch to Windows 10 Pro Education, make sure you meet these requirements:
## Requirements for changing
Before you change to Windows 10 Pro Education, make sure you meet these requirements:
- Devices must be running Windows 10 Pro, version 1607 or higher.
- Devices must be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure AD are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices).
@ -37,129 +37,115 @@ You can [compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsFor
For more info about Windows 10 default settings and recommendations for education customers, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
## Switch from Windows 10 Pro to Windows 10 Pro Education
## change from Windows 10 Pro to Windows 10 Pro Education
For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free switch through the Microsoft Store for Education.
For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free change through the Microsoft Store for Education.
In this scenario:
- The IT admin of the tenant chooses to turn on the switch for all Azure AD joined devices.
- Any device that joins the Azure AD will switch automatically to Windows 10 Pro Education.
- The IT admin of the tenant chooses to turn on the change for all Azure AD joined devices.
- Any device that joins the Azure AD will change automatically to Windows 10 Pro Education.
- The IT admin has the option to automatically roll back to Windows 10 Pro, if desired. See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
See [Switch using Microsoft Store for Education](#switch-using-microsoft-store-for-education) for details on how to do this.
See [change using Microsoft Store for Education](#change-using-microsoft-store-for-education) for details on how to do this.
### Switch using Intune for Education
### change using Intune for Education
1. In Intune for Education, select **Groups** and then choose the group that you want to apply the MAK license key to.
For example, to apply the switch for all teachers, select **All Teachers** and then select **Settings**.
For example, to apply the change for all teachers, select **All Teachers** and then select **Settings**.
2. In the settings page, find **Edition upgrade** and then:
1. Select the edition in the **Edition to upgrade to** field
2. Enter the MAK license key in the **Product key** field
**Figure 1** - Enter the details for the Windows edition switch
**Figure 1** - Enter the details for the Windows edition change
![Enter the details for the Windows edition switch](images/i4e_editionupgrade.png)
![Enter the details for the Windows edition change](images/i4e_editionupgrade.png)
3. The switch will automatically be applied to the group you selected.
3. The change will automatically be applied to the group you selected.
### Switch using Windows Configuration Designer
You can use Windows Configuration Designer to create a provisioning package that you can use to switch the Windows edition for your device(s). [Install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) to create a provisioning package.
### change using Windows Configuration Designer
You can use Windows Configuration Designer to create a provisioning package that you can use to change the Windows edition for your device(s). [Install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) to create a provisioning package.
1. In Windows Configuration Designer, select **Provision desktop devices** to open the simple editor and create a provisioning package for Windows desktop editions.
2. In the **Set up device** page, enter the MAK license key in the **Enter product key** field to switch to Windows 10 Pro Education.
2. In the **Set up device** page, enter the MAK license key in the **Enter product key** field to change to Windows 10 Pro Education.
**Figure 2** - Enter the license key
![Enter the license key to switch to Windows 10 Pro Education](images/wcd_productkey.png)
![Enter the license key to change to Windows 10 Pro Education](images/wcd_productkey.png)
3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to switch to Windows 10 Pro Education.
3. Complete the rest of the process for creating a provisioning package and then apply the package to the devices you want to change to Windows 10 Pro Education.
For more information about using Windows Configuration Designer, see [Set up student PCs to join domain](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain).
### Switch using the Activation page
### change using the Activation page
1. On the Windows device that you want to switch, open the **Settings** app.
1. On the Windows device that you want to change, open the **Settings** app.
2. Select **Update & security** > **Activation**, and then click **Change product key**.
3. In the **Enter a product key** window, enter the MAK key for Windows 10 Pro Education and click **Next**.
## Education customers with Azure AD joined devices
Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system switches to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features.
Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Education without using activation keys or reboots. When one of your users enters their Azure AD credentials associated with a Windows 10 Pro Education license, the operating system changees to Windows 10 Pro Education and all the appropriate Windows 10 Pro Education features are unlocked. Previously, only schools or organizations purchasing devices as part of the Shape the Future K-12 program or with a Microsoft Volume Licensing Agreement could deploy Windows 10 Pro Education to their users. Now, if you have an Azure AD for your organization, you can take advantage of the Windows 10 Pro Education features.
When you switch to Windows 10 Pro Education, you get the following benefits:
When you change to Windows 10 Pro Education, you get the following benefits:
- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB).
- **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have.
- **Roll back options to Windows 10 Pro**
- When a user leaves the domain or you turn off the setting to automatically switch to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days).
- When a user leaves the domain or you turn off the setting to automatically change to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days).
- For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro.
See [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro) for more info.
### Switch using Microsoft Store for Education
Once you enable the setting to switch to Windows 10 Pro Education, the switch will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the switch. The switch will only apply to Windows 10 Pro devices.
### change using Microsoft Store for Education
Once you enable the setting to change to Windows 10 Pro Education, the change will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the change. The change will only apply to Windows 10 Pro devices.
**To turn on the automatic switch to Windows 10 Pro Education**
**To turn on the automatic change to Windows 10 Pro Education**
1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your work or school account.
If this is the first time you're signing into the Microsoft Store for Education, you'll be prompted to accept the Microsoft Store for Education Terms of Use.
2. Click **Manage** from the top menu and then select the **Benefits tile**.
3. In the **Benefits** tile, look for the **Switch to Windows 10 Pro Education for free** link and then click it.
3. In the **Benefits** tile, look for the **change to Windows 10 Pro Education for free** link and then click it.
You will see the following page informing you that your school is eligible to switch free to Windows 10 Pro Education to Windows 10 Pro.
**Figure 3** - Switch Windows 10 Pro to Windows 10 Pro Education
![Eligible for free Windows 10 Pro to Windows 10 Pro Education switch](images/msfe_manage_benefits_switchtoproedu.png)
4. In the **Switch all your devices to Windows 10 Pro Education for free** page, check box next to **I understand enabling this setting will switch all domain-joined devices running Windows 10 Pro in my organization**.
4. In the **change all your devices to Windows 10 Pro Education for free** page, check box next to **I understand enabling this setting will change all domain-joined devices running Windows 10 Pro in my organization**.
**Figure 4** - Check the box to confirm
![Check the box to confirm](images/msfe_manage_benefits_checktoconfirm.png)
5. Click **Switch all my devices**.
5. Click **change all my devices**.
A confirmation window pops up to let you know that an email has been sent to you to enable the switch.
A confirmation window pops up to let you know that an email has been sent to you to enable the change.
6. Close the confirmation window and check the email to proceed to the next step.
7. In the email, click the link to **Switch to Windows 10 Pro Education**. Once you click the link, this will take you back to the Microsoft Store for Education portal.
7. In the email, click the link to **change to Windows 10 Pro Education**. Once you click the link, this will take you back to the Microsoft Store for Education portal.
**Figure 5** - Click the link in the email to switch to Windows 10 Pro Education
8. Click **change now** in the **changing your device to Windows 10 Pro Education for free** page in the Microsoft Store.
![Click the email link to switch to Windows 10 Pro Education](images/msfe_clickemaillink_switchtoproedu.png)
8. Click **Switch now** in the **Switching your device to Windows 10 Pro Education for free** page in the Microsoft Store.
You will see a window that confirms you've successfully switched all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically switch the next time someone in your organization signs in to the device.
You will see a window that confirms you've successfully changeed all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically change the next time someone in your organization signs in to the device.
9. Click **Close** in the **Success** window.
Enabling the automatic switch also triggers an email message notifying all global administrators in your organization about the switch. It also contains a link that enables any global administrators to cancel the switch if they choose. For more info about rolling back or canceling the switch, see [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).\
**Figure 6** - Email notifying all global admins about the switch
![Email notifying all global admins about the switch](images/msfe_switchtoproedu_globaladminsemail_cancelswitch.png)
Enabling the automatic change also triggers an email message notifying all global administrators in your organization about the change. It also contains a link that enables any global administrators to cancel the change if they choose. For more info about rolling back or canceling the change, see [Roll back Windows 10 Pro Education to Windows 10 Pro](#roll-back-windows-10-pro-education-to-windows-10-pro).
## Explore the switch experience
## Explore the change experience
So what will users experience? How will they switch their devices?
So what will users experience? How will they change their devices?
### For existing Azure AD joined devices
Existing Azure AD domain joined devices will be switched to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed.
Existing Azure AD domain joined devices will be changeed to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed.
### For new devices that are not Azure AD joined
Now that you've turned on the setting to automatically switch to Windows 10 Pro Education, the users are ready to switch their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition.
#### Step 1: Join users devices to Azure AD
@ -232,19 +218,19 @@ If there are any problems with the Windows 10 Pro Education license or the acti
### Troubleshoot the user experience
In some instances, users may experience problems with the Windows 10 Pro Education switch. The most common problems that users may experience are as follows:
In some instances, users may experience problems with the Windows 10 Pro Education change. The most common problems that users may experience are as follows:
- The existing operating system (Windows 10 Pro, version 1607 or higher, or version 1703) is not activated.
- The Windows 10 Pro Education switch has lapsed or has been removed.
- The Windows 10 Pro Education change has lapsed or has been removed.
Use the following figures to help you troubleshoot when users experience these common problems:
**Figure 13** - Illustrates a device in a healthy state, where the existing operating system is activated, and the Windows 10 Pro Education switch is active.
**Figure 13** - Illustrates a device in a healthy state, where the existing operating system is activated, and the Windows 10 Pro Education change is active.
<img src="images/win-10-pro-edu-activated-subscription-active.png" alt="Windows 10 activated and subscription active" /></br></br>
**Figure 14** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education switch is active.
**Figure 14** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education change is active.
<img src="images/win-10-pro-edu-not-activated-subscription-active.png" alt="Windows 10 not activated and subscription active" /></br></br>
@ -274,23 +260,23 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
A popup window will display the Windows 10 version number and detailed OS build information.
> [!NOTE]
> If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be switched to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license.
> If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be changeed to Windows 10 Pro Education when a user signs in, even if the user has been assigned a license.
### Roll back Windows 10 Pro Education to Windows 10 Pro
If your organization has the Windows 10 Pro to Windows 10 Pro Education switch enabled, and you decide to roll back to Windows 10 Pro or to cancel the switch, you can do this by:
If your organization has the Windows 10 Pro to Windows 10 Pro Education change enabled, and you decide to roll back to Windows 10 Pro or to cancel the change, you can do this by:
- Logging into Microsoft Store for Education page and turning off the automatic switch.
- Selecting the link to turn off the automatic switch from the notification email sent to all global administrators.
- Logging into Microsoft Store for Education page and turning off the automatic change.
- Selecting the link to turn off the automatic change from the notification email sent to all global administrators.
Once the automatic switch to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were switched will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was switched may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a switch was enabled and then turned off will never see their device change from Windows 10 Pro.
Once the automatic change to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were changeed will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was changeed may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a change was enabled and then turned off will never see their device change from Windows 10 Pro.
> [!NOTE]
> Devices that were switched from mode to Windows 10 Pro Education cannot roll back to Windows 10 Pro Education S mode.
> Devices that were changeed from mode to Windows 10 Pro Education cannot roll back to Windows 10 Pro Education S mode.
**To roll back Windows 10 Pro Education to Windows 10 Pro**
1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic switch.
1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change.
2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link.
3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**.
@ -298,10 +284,10 @@ Once the automatic switch to Windows 10 Pro Education is turned off, the change
![Revert to Windows 10 Pro](images/msfe_manage_reverttowin10pro.png)
4. You will be asked if you're sure that you want to turn off automatic switches to Windows 10 Pro Education. Click **Yes**.
4. You will be asked if you're sure that you want to turn off automatic changees to Windows 10 Pro Education. Click **Yes**.
5. Click **Close** in the **Success** page.
All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic switches again, you can do this by selecting **Switch to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education.
All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic changees again, you can do this by selecting **change to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education.
## Preparing for deployment of Windows 10 Pro Education licenses

2
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1215,7 +1215,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode</li>
<li>SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</li>
<li>TaskScheduler/EnableXboxGameSaveTask</li>
<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
<li>TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode</li>
<li>TextInput/ForceTouchKeyboardDockedState</li>
<li>TextInput/TouchKeyboardDictationButtonAvailability</li>
@ -1800,7 +1799,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Display/EnablePerProcessDpi</li>
<li>Display/EnablePerProcessDpiForApps</li>
<li>Experience/AllowWindowsSpotlightOnSettings</li>
<li>TextInput/AllowHardwareKeyboardTextSuggestions</li>
<li>TextInput/ForceTouchKeyboardDockedState</li>
<li>TextInput/TouchKeyboardDictationButtonAvailability</li>
<li>TextInput/TouchKeyboardEmojiButtonAvailability</li>

14
windows/client-management/mdm/policy-csp-textinput.md
View File

@ -114,10 +114,10 @@ ms.date: 04/16/2018
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td></td>
<td></td>
</tr>
@ -134,14 +134,10 @@ ms.date: 04/16/2018
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1803. Specifies text prediction for hardware keyboard is always disabled. When this policy is set to 0, text prediction for hardware keyboard is always disabled.
Added in Windows 10, version 1803. Placeholder only. Do not use in production environment.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 Text prediction for the hardware keyboard is disabled and the switch is unusable (user cannot activate the feature).
- 1 (default) Text prediction for the hardware keyboard is enabled. User can change the setting.
<!--/SupportedValues-->
<!--/Policy-->

4
windows/client-management/windows-version-search.md
View File

@ -5,7 +5,7 @@ keywords: Long-Term Servicing Channel, LTSC, LTSB, Semi-Annual Channel, SAC, Win
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: MikeBlodge
author: kaushika-msft
ms.author: MikeBlodge
ms.date: 04/30/2018
---
@ -45,4 +45,4 @@ At the Command Prompt or PowerShell, type **"slmgr /dlv"**, and then press ENTER
The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This build of Windows doesnt contain many in-box applications, such as Microsoft Edge, Microsoft Store, Cortana (you do have some limited search capabilities), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. Its important to remember that the LTSC model is primarily for specialized devices.
In the Semi-Annual Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.
In the Semi-Annual Channel, you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows 10 feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.

2
windows/deployment/planning/windows-10-1803-removed-features.md
View File

@ -49,4 +49,4 @@ If you have feedback about the proposed replacement of any of these features, yo
|Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.|
|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.|
|IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.|
|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers have been deprecated since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. Installed Layered Service Providers are not migrated when you upgrade to Windows 10, version 1803; you'll need to re-install them after upgrading.|

2
windows/deployment/update/waas-delivery-optimization.md
View File

@ -284,7 +284,7 @@ If you suspect this is the problem, try these steps:
### Clients aren't able to connect to peers offered by the cloud service
If you suspect this is the problem, un a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps:
If you suspect this is the problem, run a Telnet test between two devices on the network to ensure they can connect using port 7680. To do this, follow these steps:
1. Install Telnet by running **dism /online /Enable-Feature /FeatureName:TelnetClient** from an elevated command prompt.
2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.

9
windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
View File

@ -19,9 +19,9 @@ Describes the best practices, location, values, and security considerations for
## Reference
The **Domain member: Maximum machine account password age** policy setting determines the maximum allowable age for a machine account password.
The **Domain member: Maximum machine account password age** policy setting determines when a domain member submits a password change.
In Active Directorybased domains, each device has an account and password, just like every user. By default, the domain members automatically change their domain password every 30 days. Increasing this interval significantly, or setting it to **0** so that the device no longer change their passwords, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
In Active Directorybased domains, each device has an account and password, just like every user. By default, the domain members submit a password change every 30 days. Increasing this interval significantly, or setting it to **0** so that a device no longer submits a password change, gives a malicious user more time to undertake a brute-force password-guessing attack against one of the machine accounts.
### Possible values
@ -31,7 +31,7 @@ In Active Directorybased domains, each device has an account and password, ju
### Best practices
1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days.
2. Some organizations pre-build devices and then store them for later use or ship them to remote locations. If the machine's account has expired, it will no longer be able to authenticate with the domain. Devices that cannot authenticate with the domain must be removed from the domain and rejoined to it. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days.
2. If the machine's password has expired, it will no longer be able to authenticate with the domain. The easiest way to get authentication working again might require removing the device from the domain and then re-joining it. For this reason, some organizations create a special organizational unit (OU) for computers that are prebuilt and then stored for later use or shipped to remote locations, and change the value to more than 30 days.
### Location
@ -64,8 +64,7 @@ This section describes how an attacker might exploit a feature or its configurat
### Vulnerability
In Active Directorybased domains, each device has an account and password, just as every user does. By default, the domain members automatically change their domain password every 30 days. If you increase this interval significantly, or set it to 0 so that the computers no longer change their
passwords, an attacker has more time to undertake a brute-force attack to guess the password of one or more computer accounts.
By default, the domain members submit a password change every 30 days. If you increase this interval significantly, or set it to 0 so that the computers no longer submit a password change, an attacker has more time to undertake a brute-force attack to guess the password of one or more computer accounts.
### Countermeasure

BIN
windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-download.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

BIN
windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-vgpu.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 183 KiB

2
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -164,7 +164,7 @@
### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
### [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
## [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
###General
#### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)

3
windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
View File

@ -36,7 +36,8 @@ The Automated investigations list shows all the investigations that have been in
## Understand the Automated investigation flow
### How the Automated investigation starts
Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) an Automated investigation starts.
Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a *supported operating system for Automated investigation then an Automated investigation can start.
*Currently only Windows 10 version 1803 (spring creators update) and above are supported operating systems for Autoamted Investigation
The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.

46
windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 04/24/2018
ms.date: 05/01/2018
---
# Configure alert notifications in Windows Defender ATP
@ -38,44 +38,30 @@ You can also add or remove recipients of the email notification. New recipients
The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
## Create rules for alert notifications
You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients.
## Set up email notifications for alerts
The email notifications feature is turned off by default. Turn it on to start receiving email notifications.
1. On the navigation pane, select **Settings** > **Alert notifications**.
2. Toggle the setting between **On** and **Off**.
3. Select the alert severity level that youd like your recipients to receive:
- **High** Select this level to send notifications for high-severity alerts.
- **Medium** Select this level to send notifications for medium-severity alerts.
- **Low** - Select this level to send notifications for low-severity alerts.
- **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of.
4. In **Email recipients to notify on new alerts**, type the email address then select the + sign.
5. Click **Save preferences** when youve completed adding all the recipients.
1. In the navigation pane, select **Settings** > **General** > **Alert notifications**.
2. Click **Add notification rule**.
3. Specify the General information:
- **Rule name**
- **Machines** - Choose whether to notify recipients for all alerts on all machines or on selected machine group. If you choose to only send on a selected machine group, make sure that the machine group has been created. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
- **Alert severity** - Choose the alert severity level
4. Click **Next**.
5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
7. Click **Save notification rule**.
Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email.
Here's an example email notification:
![Image of example email notification](images/atp-example-email-notification.png)
## Edit a notification rule
1. Select the notification rule you'd like to edit.
## Remove email recipients
2. Update the General and Recipient tab information.
1. Select the trash bin icon beside the email address youd like to remove.
2. Click **Save preferences**.
3. CLick **Save notification rule**.
## Delete notification rule
1. Select the notification rule you'd like to delete.
2. Click **Delete**.
## Troubleshoot email notifications for alerts
This section lists various issues that you may encounter when using email notifications for alerts.

19
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -63,6 +63,14 @@ When a rule is triggered, a notification will be displayed from the Action Cente
You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack surface reduction would impact your organization if it were enabled.
## Requirements
Attack surface reduction requires Windows 10 Enterprise E5 and Windows Defender AV real-time protection.
Windows 10 version | Windows Defender Antivirus
- | -
Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
## Attack surface reduction rules
Windows 10, version 1803 has five new Attack surface reduction rules:
@ -192,17 +200,6 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
- Executable files (such as .exe, .dll, or .scr)
- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
## Requirements
The following requirements must be met before Attack surface reduction will work:
Windows 10 version | Windows Defender Antivirus
- | -
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
## Review Attack surface reduction events in Windows Event Viewer
You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited):

4
windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
View File

@ -61,11 +61,9 @@ As with other features of Windows Defender Exploit Guard, you can use [audit mod
## Requirements
The following requirements must be met before Controlled folder access will work:
Windows 10 version | Windows Defender Antivirus
-|-
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
## Review Controlled folder access events in Windows Event Viewer

4
windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
View File

@ -63,11 +63,11 @@ Exploit protection works best with [Windows Defender Advanced Threat Protection]
## Requirements
The following requirements must be met before Exploit protection will work:
Exploit protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
Windows 10 version | Windows Defender Advanced Threat Protection
-|-
Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
Windows 10 version 1709 or later | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
## Review Exploit protection events in Windows Event Viewer

4
windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
View File

@ -56,11 +56,11 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
## Requirements
The following requirements must be met before Network protection will work:
Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
Windows 10 version | Windows Defender Antivirus
- | -
Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
Windows 10 version 1709 or later | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled
## Review Network protection events in Windows Event Viewer

26
windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -63,7 +63,15 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e
## Requirements
Each of the features in Windows Defender EG have slightly different requirements:
This section covers requirements for each feature in Windows Defender EG.
| Symbol | Support |
|--------|---------|
| ![not supported](./images/ball_empty.png) | Not supported |
| ![supported](./images/ball_50.png) | Supported |
| ![supported, enhanced](./images/ball_75.png) | Includes advanced exploit protection for the kernel mode via [HVCI](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) |
| ![supported, full reporting](./images/ball_full.png) | Includes automated reporting into the Windows Defender ATP console|
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
@ -72,20 +80,14 @@ Each of the features in Windows Defender EG have slightly different requirements
| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
> [!NOTE]
> ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).<br/>
> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes automated reporting into the Windows Defender ATP console.
The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus.
| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
| Feature | Real-time protection |
|-----------------| ------------------------------------ |
| Exploit protection | No requirement |
| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
> [!NOTE]
> Each feature's requirements are further described in the individual topics in this library.
| Attack surface reduction | Must be enabled |
| Network protection | Must be enabled |
| Controlled folder access | Must be enabled |
## In this library

2
windows/whats-new/whats-new-windows-10-version-1803.md
View File

@ -85,7 +85,7 @@ The following new DISM commands have been added to manage feature updates:
DISM /Online /Set-OSUninstallWindow
Sets the number of days after upgrade during which uninstall can be performed.
For more information, see [DISM operating system uninstall command-line options](https://review.docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options).
For more information, see [DISM operating system uninstall command-line options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-uninstallos-command-line-options).
### Windows Setup