From 439fd4968bbd5e9e4ad404082f1caf2cd782086a Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 3 Apr 2019 10:16:19 -0600 Subject: [PATCH 01/22] Clarifications with notes for issue #940 --- .../remove-provisioned-apps-during-update.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 489c97927a..988b50757d 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -18,16 +18,21 @@ When you update a computer running Windows 10, version 1703 or 1709, you might s >* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates. >* This only applies to first-party apps that shipped with Windows 10. This doesn't apply to third-party apps, Microsoft Store apps, or LOB apps. -To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you removed the packages in one of the following ways: +To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you [removed the packages](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage) in one of the following ways: * If you removed the packages while the wim file was mounted when the device was offline. * If you removed the packages by running a PowerShell cmdlet on the device while Windows was online. Although the apps won't appear for new users, you'll still see the apps for the user account you signed in as. -When you remove a provisioned app, we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.) +When you [remove a provisioned app](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage), we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.) + +>[!TIP] +>Alternatively, you can also remove packages using (Get-AppxPackage)[https://docs.microsoft.com/powershell/module/appx/get-appxpackage] cmdlet, these packages can reappear on any case, no matter what cmdlet you used it to removed them. + >[!NOTE] >If you remove a provisioned app while Windows is online, it's only removed for *new users*—the user that you signed in as will still have that provisioned app. That's because the registry key created when you deprovision the app only applies to new users created *after* the key is created. This doesn't happen if you remove the provisioned app while Windows is offline. + To prevent these apps from reappearing at the next update, manually create a registry key for each app, then update the computer. ## Create registry keys for deprovisioned apps @@ -38,7 +43,7 @@ Use the following steps to create a registry key: 2. Create a .reg file to generate a registry key for each app. Use [this list of Windows 10, version 1709 registry keys](#registry-keys-for-provisioned-apps) as your starting point. 1. Paste the list of registry keys into Notepad (or a text editor). 2. Remove the registry keys belonging to the apps you want to keep. For example, if you want to keep the Bing Weather app, delete this registry key: - ``` + ```yaml HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\A ppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe] ``` 3. Save the file with a .txt extension, then right-click the file and change the extension to .reg. From 017978269a84ae9b8b620e4c33f9d173ec2b125b Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 3 Apr 2019 21:29:52 +0500 Subject: [PATCH 02/22] Mention the file location The log file location was missing which has been included in the document. --- windows/deployment/upgrade/log-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 1e62227e0d..289b0b5793 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -55,7 +55,7 @@ Event logs: Generic rollbacks (0xC1900101) or unexpected reboots. ## Log entry structure -A setupact.log or setuperr.log entry includes the following elements: +A setupact.log or setuperr.log (files are located at C:\Windows) entry includes the following elements:
  1. The date and time - 2016-09-08 09:20:05. From 1218b3099c5686503809cbd31612e204213be8ad Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 3 Apr 2019 10:57:08 -0600 Subject: [PATCH 03/22] Added Note on #1593 --- .../attack-surface-reduction-exploit-guard.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 2e78745404..28a743ec00 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -175,7 +175,9 @@ This rule blocks the following file types from launching unless they either meet >[!NOTE] >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. -Intune name: Executables that don't meet a prevalence, age, or trusted list criteria +>[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. +>You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. +Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. SCCM name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria From c55fa1f71d3a62ca146650b3777a4cfea81ac619 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 3 Apr 2019 22:23:39 +0500 Subject: [PATCH 04/22] Code Change And Typing Issue There was a code change and typing issue in the document which has been corrected. Problem1: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1330 Problem2: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2329 --- windows/client-management/mdm/vpnv2-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 4142e8244f..b57e6e3f98 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -151,7 +151,7 @@ If set to True, this DomainName rule will trigger the VPN By default, this value is false. -Value type is bool. Persistent +Value type is bool. **VPNv2/***ProfileName***/DomainNameInformationList/***dniRowId***/Persistent** Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values: @@ -624,10 +624,10 @@ Profile example SplitTunnel - + .contoso.com 10.5.5.5 - + %ProgramFiles%\Internet Explorer\iexplore.exe From 1f82febbc8e9251512894c9c9262efc2133508bf Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 3 Apr 2019 14:33:36 -0600 Subject: [PATCH 05/22] Here's a rewrite for the tip --- .../remove-provisioned-apps-during-update.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 988b50757d..0cec8f58f6 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -25,8 +25,14 @@ To remove a provisioned app, you need to remove the provisioning package. The ap When you [remove a provisioned app](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage), we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.) ->[!TIP] ->Alternatively, you can also remove packages using (Get-AppxPackage)[https://docs.microsoft.com/powershell/module/appx/get-appxpackage] cmdlet, these packages can reappear on any case, no matter what cmdlet you used it to removed them. +>[!IMPORTANT] +>This behavior can appear no matter the way you can removed the packages you used to remove the packages, using: +>```Powershell +>Remove-appxprovisionedpackage +>#or +>Get-AppxPackage -allusers | Remove-AppxPackage -Allusers +>``` + >[!NOTE] @@ -163,3 +169,9 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe] ``` + + + +[Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) +[Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) +[Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage) \ No newline at end of file From 58a4d669a6de37e35ad63cf9ff8c3dd6dcf4f738 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 3 Apr 2019 22:37:37 +0200 Subject: [PATCH 06/22] Update deploy-a-windows-10-image-using-mdt.md typo fix addresses part of https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2400 --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index c75048f117..1750d67101 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -488,7 +488,7 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee   ## Step 8: Deploy the Windows 10 client image -These steps will walk you throug the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process. +These steps will walk you through the process of using task sequences to deploy Windows 10 images through a fully automated process. First, you need to add the boot image to Windows Deployment Services (WDS) and then start the deployment. In contrast with deploying images from the MDT Build Lab deployment share, we recommend using the Pre-Installation Execution Environment (PXE) to start the full deployments in the datacenter, even though you technically can use an ISO/CD or USB to start the process. ### Configure Windows Deployment Services From 09eb0c89e1b981e54ffa34a187dd77ffe3496ed3 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 3 Apr 2019 22:42:20 +0200 Subject: [PATCH 07/22] Update microsoft-store-for-business-overview.md Typo fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3143 --- store-for-business/microsoft-store-for-business-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md index 276c980fae..0bf1fdc2d4 100644 --- a/store-for-business/microsoft-store-for-business-overview.md +++ b/store-for-business/microsoft-store-for-business-overview.md @@ -360,7 +360,7 @@ Customers in these markets can use Microsoft Store for Business and Education to - Ukraine ### Support to only manage products -Customers in these markets can use Microsoft Store for Business and Education only to manage products that they've purchased from other channels. For example, they might have purchased products through Volume Licensing Service Center. However, they can't purhcase apps directly from Microsoft Store for Business and Education. +Customers in these markets can use Microsoft Store for Business and Education only to manage products that they've purchased from other channels. For example, they might have purchased products through Volume Licensing Service Center. However, they can't purchase apps directly from Microsoft Store for Business and Education. - Puerto Rico This table summarize what customers can purchase, depending on which Microsoft Store they are using. From 5cd95ab75c0acc79de686d7e3eb24195a1c4078f Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 3 Apr 2019 15:14:43 -0700 Subject: [PATCH 08/22] rewrote and moved to note --- .../remove-provisioned-apps-during-update.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 0cec8f58f6..b41972de75 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -17,6 +17,7 @@ When you update a computer running Windows 10, version 1703 or 1709, you might s >[!NOTE] >* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates. >* This only applies to first-party apps that shipped with Windows 10. This doesn't apply to third-party apps, Microsoft Store apps, or LOB apps. +>* This issue can occur whether you removed the app using `Remove-appxprovisionedpackage` or `Get-AppxPackage -allusers | Remove-AppxPackage -Allusers`. To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you [removed the packages](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage) in one of the following ways: @@ -25,15 +26,6 @@ To remove a provisioned app, you need to remove the provisioning package. The ap When you [remove a provisioned app](https://docs.microsoft.com/powershell/module/dism/remove-appxprovisionedpackage), we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn't online when you deprovision the app, then we don't create that registry key. (This behavior is fixed in Windows 10, version 1803. If you're running Windows 10, version 1709, apply the latest security update to fix it.) ->[!IMPORTANT] ->This behavior can appear no matter the way you can removed the packages you used to remove the packages, using: ->```Powershell ->Remove-appxprovisionedpackage ->#or ->Get-AppxPackage -allusers | Remove-AppxPackage -Allusers ->``` - - >[!NOTE] >If you remove a provisioned app while Windows is online, it's only removed for *new users*—the user that you signed in as will still have that provisioned app. That's because the registry key created when you deprovision the app only applies to new users created *after* the key is created. This doesn't happen if you remove the provisioned app while Windows is offline. @@ -174,4 +166,4 @@ Windows Registry Editor Version 5.00 [Get-AppxPackage](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) [Get-AppxPackage -allusers](https://docs.microsoft.com/powershell/module/appx/get-appxpackage) -[Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage) \ No newline at end of file +[Remove-AppxPackage](https://docs.microsoft.com/powershell/module/appx/remove-appxpackage) From 009a61b482d93b19bfd543bfccad0b8dac96e384 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Thu, 4 Apr 2019 10:53:30 +0200 Subject: [PATCH 09/22] Update windows-10-enterprise-faq-itpro.md New link for Windows Onboarding kit --- .../deployment/planning/windows-10-enterprise-faq-itpro.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index bebac9fa94..aa8bdae83a 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -109,7 +109,7 @@ To find out which version of Windows 10 is right for your organization, you can ### How will people in my organization adjust to using Windows 10 Enterprise after upgrading from Windows 7 or Windows 8.1? -Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. To help you make the transition a seamless one, download the [Windows 10 for Business Onboarding Kit](https://blogs.technet.microsoft.com/windowsitpro/2016/06/28/windows-10-for-business-onboarding-kit/) and see our [end user readiness](https://technet.microsoft.com/windows/dn621092) resources. +Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. To help you make the transition a seamless one, download the [Windows 10 for Business Onboarding Kit](https://info.microsoft.com/Windows10AdoptionPlanningKit) and see our [end user readiness](https://technet.microsoft.com/windows/dn621092) resources. ### How does Windows 10 help people work with applications and data across a variety of devices? @@ -127,4 +127,4 @@ Use the following resources for additional information about Windows 10. - If you are an IT professional or if you have a question about administering, managing, or deploying Windows 10 in your organization or business, visit the [Windows 10 IT Professional forums](https://social.technet.microsoft.com/forums/home?category=windows10itpro) on TechNet. - If you are an end user or if you have a question about using Windows 10, visit the [Windows 10 forums on Microsoft Community](https://answers.microsoft.com/windows/forum/windows_10). - If you are a developer or if you have a question about making apps for Windows 10, visit the [Windows Desktop Development forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsdesktopdev) or [Windows and Windows phone apps forums](https://social.msdn.microsoft.com/forums/en-us/home?category=windowsapps) on MSDN. -- If you have a question about Internet Explorer, visit the [Internet Explorer forums](https://social.technet.microsoft.com/forums/ie/en-us/home) on TechNet. \ No newline at end of file +- If you have a question about Internet Explorer, visit the [Internet Explorer forums](https://social.technet.microsoft.com/forums/ie/en-us/home) on TechNet. From a903df9dc80bec369abf9514ac3b7b018ba11fbd Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 4 Apr 2019 08:35:56 -0700 Subject: [PATCH 10/22] fixed note --- .../attack-surface-reduction-exploit-guard.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 28a743ec00..acadbc2c45 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -175,8 +175,11 @@ This rule blocks the following file types from launching unless they either meet >[!NOTE] >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. ->[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. +>[!IMPORTANT] +>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses Microsoft Cloud's Protection to update its trusted list regularly. It uses cloud-delivered protection to update its trusted list regularly. +> >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. + Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. SCCM name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria From e4602ba14e7076dcb334c6e948ffabff8940bd82 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 4 Apr 2019 08:38:41 -0700 Subject: [PATCH 11/22] fix paste error --- .../attack-surface-reduction-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index acadbc2c45..e16b905b59 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -176,7 +176,7 @@ This rule blocks the following file types from launching unless they either meet >You must [enable cloud-delivered protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) to use this rule. >[!IMPORTANT] ->The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses Microsoft Cloud's Protection to update its trusted list regularly. It uses cloud-delivered protection to update its trusted list regularly. +>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. > >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. From 3c866e6ec987a9d6990d79d89e7ee446f485e182 Mon Sep 17 00:00:00 2001 From: Michael Niehaus Date: Thu, 4 Apr 2019 09:10:04 -0700 Subject: [PATCH 12/22] Update existing-devices.md Clarify that Windows 8.1 is also supported. --- windows/deployment/windows-autopilot/existing-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 643cfeb6bd..0996810392 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -20,7 +20,7 @@ ms.topic: article Modern desktop management with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away. -This topic describes how to convert Windows 7 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot. +This topic describes how to convert Windows 7 or Windows 8.1 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot. ## Prerequisites @@ -278,7 +278,7 @@ Next, ensure that all content required for the task sequence is deployed to dist ### Complete the client installation process -1. Open the Software Center on the target Windows 7 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt: +1. Open the Software Center on the target Windows 7 or Windows 8.1 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt: ``` C:\Windows\CCM\SCClient.exe From 37f12a0207778c2da742b5eabf6fc87f99647297 Mon Sep 17 00:00:00 2001 From: "H. Poulsen" Date: Thu, 4 Apr 2019 10:30:43 -0700 Subject: [PATCH 13/22] Added new item to latest news --- windows/deployment/update/windows-as-a-service.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index 624b72ef06..c3b63fef39 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -25,6 +25,7 @@ Everyone wins when transparency is a top priority. We want you to know when upda The latest news:
      +
    • Improving the Windows 10 update experience with control, quality and transparency - Aoril 4, 2019
    • Windows 10, version 1809 designated for broad deployment - March 28, 2019
    • Data, insights and listening to improve the customer experience - March 6, 2019
    • Getting to know the Windows update history pages - February 21, 2019
      • From 8ed47bda98a06ba1143d36d1e9b07afadcb5d7d6 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 4 Apr 2019 10:31:52 -0700 Subject: [PATCH 14/22] fixed typo --- windows/deployment/update/windows-as-a-service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index c3b63fef39..0b1327b761 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -25,7 +25,7 @@ Everyone wins when transparency is a top priority. We want you to know when upda The latest news:
        -
      • Improving the Windows 10 update experience with control, quality and transparency - Aoril 4, 2019
        • +
      • Improving the Windows 10 update experience with control, quality and transparency - April 4, 2019
      • Windows 10, version 1809 designated for broad deployment - March 28, 2019
      • Data, insights and listening to improve the customer experience - March 6, 2019
      • Getting to know the Windows update history pages - February 21, 2019
        • From 11c32b778c25cb79e73c03fadd3218e7fd8473e9 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 4 Apr 2019 10:53:03 -0700 Subject: [PATCH 15/22] Added a minor edit per task 3239310 --- windows/client-management/mdm/policy-csp-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 2760176424..446b3f2374 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -357,7 +357,7 @@ When Storage Sense runs, it can delete files in the user’s Downloads folder if If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. -If you enable this policy setting, you must provide the number of days since a file in the Downloads folder has been opened before Storage Sense will delete it. Supported values are: 0–365. +If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are 0-365. If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder. From a9db4e1f32896754ace434c1c6cd641d7eb8c51c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 4 Apr 2019 11:31:12 -0700 Subject: [PATCH 16/22] Added minor edit per Task 3239310 --- windows/client-management/mdm/policy-csp-storage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 446b3f2374..13b90dbd3a 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -288,7 +288,7 @@ When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t bee If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. -If you enable this policy setting, you must provide the number of days since a cloud-backed file has been opened before Storage Sense will dehydrate it. Supported values are: 0–365. +If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it from the sync root. Supported values are: 0–365. If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content. @@ -357,7 +357,7 @@ When Storage Sense runs, it can delete files in the user’s Downloads folder if If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. -If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are 0-365. +If you enable this policy setting, you must provide the minimum number of days a file can remain unopened before Storage Sense deletes it from the Downloads folder. Supported values are: 0-365. If you set this value to zero, Storage Sense will not delete files in the user’s Downloads folder. The default is 0, or never deleting files in the Downloads folder. From 426d39e63cacb888897016b840435a223b2fbd55 Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Fri, 5 Apr 2019 01:20:19 +0530 Subject: [PATCH 17/22] Added deployment values added deployment values to Start/HidePeopleBar and Start/DisableContextMenus --- windows/client-management/mdm/policy-csp-start.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index bbbecfc8b2..ee31dd0aa6 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -666,6 +666,13 @@ The following list shows the supported values: Enabling this policy prevents context menus from being invoked in the Start Menu. + +The following list shows the supported values: + +- 0 (default) – False (Do not disable). +- 1 - True (disable). + + ADMX Info: - GP English name: *Disable context menus in the Start Menu* @@ -1091,6 +1098,13 @@ Added in Windows 10, version 1709. Enabling this policy removes the people icon Value type is integer. + +The following list shows the supported values: + +- 0 (default) – False (do not hide). +- 1 - True (hide). + + ADMX Info: - GP English name: *Remove the People Bar from the taskbar* From f4460340447e8ecda9c99d3908f12d6a975aa3bc Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Thu, 4 Apr 2019 19:03:41 -0600 Subject: [PATCH 18/22] Fixed the type of cloud. Added new Related Topic link --- .../enable-attack-surface-reduction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 469f6ba57b..c5d238cf59 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -37,7 +37,7 @@ You can exclude files and folders from being evaluated by most attack surface re You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. >[!IMPORTANT] ->The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25, it's owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. +>The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). @@ -179,3 +179,4 @@ Value: c:\path|e:\path|c:\Whitelisted.exe - [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) - [Evaluate attack surface reduction](evaluate-attack-surface-reduction.md) +- [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus) From ac0d696d20a851e0798eca22d187f5cc56cdb98c Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Fri, 5 Apr 2019 10:27:08 +0200 Subject: [PATCH 19/22] Update windows-10-enterprise-faq-itpro.md --- windows/deployment/planning/windows-10-enterprise-faq-itpro.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index aa8bdae83a..cd611c67ef 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -109,7 +109,7 @@ To find out which version of Windows 10 is right for your organization, you can ### How will people in my organization adjust to using Windows 10 Enterprise after upgrading from Windows 7 or Windows 8.1? -Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. To help you make the transition a seamless one, download the [Windows 10 for Business Onboarding Kit](https://info.microsoft.com/Windows10AdoptionPlanningKit) and see our [end user readiness](https://technet.microsoft.com/windows/dn621092) resources. +Windows 10 combines the best aspects of the user experience from Windows 8.1 and Windows 7 to make using Windows simple and straightforward. Users of Windows 7 will find the Start menu in the same location as they always have. In the same place, users of Windows 8.1 will find the live tiles from their Start screen, accessible by the Start button in the same way as they were accessed in Windows 8.1. To help you make the transition a seamless one, download the [Windows 10 Adoption Planning Kit](https://info.microsoft.com/Windows10AdoptionPlanningKit) and see our [end user readiness](https://technet.microsoft.com/windows/dn621092) resources. ### How does Windows 10 help people work with applications and data across a variety of devices? From c5ee6638729fc3f2a89d85bb9be4ca0a57db58dd Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 5 Apr 2019 11:20:41 -0400 Subject: [PATCH 20/22] Updated link at top of article Due to retirement of blogs, the link at the top of the article has been moved. I updated with the new location of the article --- ...er-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md index 7c9ec9ded2..703010dfa2 100644 --- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md +++ b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md @@ -14,7 +14,7 @@ ms.date: 04/23/2017 # How to Enable BitLocker by Using MBAM as Part of a Windows Deployment -This topic explains how to enable BitLocker on an end user's computer by using MBAM as part of your Windows imaging and deployment process. If you see a black screen at restart (after Install phase concludes) indicating that the drive cannot be unlocked, see [Windows versions prior Windows 10 build 1511 fail to start after "Setup Windows and Configuration Manager" step when Pre-Provision BitLocker is used with Windows PE 10.0.586.0 (1511)](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2016/03/30/windows-versions-prior-windows-10-build-1511-fail-to-start-after-setup-windows-and-configuration-manager-step-when-pre-provision-bitlocker-is-used-with-windows-pe-10-0-586-0-1511/). +This topic explains how to enable BitLocker on an end user's computer by using MBAM as part of your Windows imaging and deployment process. If you see a black screen at restart (after Install phase concludes) indicating that the drive cannot be unlocked, see [Earlier Windows versions don't start after "Setup Windows and Configuration Manager" step if Pre-Provision BitLocker is used with Windows 10, version 1511](https://support.microsoft.com/en-us/help/4494799/earlier-windows-versions-don-t-start-after-you-use-pre-provision-bitlo). **Prerequisites:** @@ -330,4 +330,4 @@ Here are a list of common error messages: ## Got a suggestion for MBAM? - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). \ No newline at end of file +- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). From 431076c6126b99df5056bbaab6c6ecd03cb6d9b6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 5 Apr 2019 11:56:13 -0700 Subject: [PATCH 21/22] Added minor edit per Task 3239310 --- windows/client-management/mdm/policy-csp-storage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 13b90dbd3a..101a8715e5 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -288,7 +288,7 @@ When Storage Sense runs, it can dehydrate cloud-backed content that hasn’t bee If the Storage/AllowStorageSenseGlobal policy is disabled, then this policy does not have any effect. -If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it from the sync root. Supported values are: 0–365. +If you enable this policy setting, you must provide the minimum number of days a cloud-backed file can remain unopened before Storage Sense dehydrates it. Supported values are: 0–365. If you set this value to zero, Storage Sense will not dehydrate any cloud-backed content. The default value is 0, which never dehydrates cloud-backed content. From 3a0fcb21722f9d7572ab75793bd30ba6552f8a41 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 8 Apr 2019 09:11:47 +0100 Subject: [PATCH 22/22] Update windows-autopilot-requirements.md --- .../windows-autopilot-requirements.md | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index fc304b4020..358e9fefd8 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -22,16 +22,26 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur - Windows 10 version 1703 (semi-annual channel) or higher is required. - The following editions are supported: - - Pro - - Pro Education - - Pro for Workstations - - Enterprise - - Education + - Windows 10 Pro + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Enterprise 2019 LTSC + + - If you're using Autopilot for Surface devices, note that only the following Surface devices support Autopilot: + - Surface Go + - Surface Go with LTE Advanced + - Surface Pro (5th gen) + - Surface Pro with LTE Advanced (5th gen) + - Surface Pro 6 + - Surface Laptop (1st gen) + - Surface Laptop 2 + - Surface Studio (1st gen) + - Surface Studio 2 + - Surface Book 2 -- Windows 10 Enterprise 2019 LTSC is also supported. - -See the following topics for details on licensing, network, and configuration requirements: -- [Licensing requirements](windows-autopilot-requirements-licensing.md) +See the following topics for details on network and configuration requirements: - [Networking requirements](windows-autopilot-requirements-network.md) - [Configuration requirements](windows-autopilot-requirements-configuration.md) - For details about specific configuration requirements to enable user-driven Hybrid Azure Active Directory join for Windows Autopilot, see [Intune Connector (preview) language requirements](intune-connector.md). This requirement is a temporary workaround, and will be removed in the next release of Intune Connector.