deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #216 from Justinha/VSTS8867491

Browse Source 
Vsts8867491
This commit is contained in:
Justin Hall 2016-09-26 11:25:31 -07:00 committed by GitHub
commit 6162ef5f41
19 changed files with 160 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
browsers/internet-explorer/ie11-deploy-guide/index.md
View File

@ -6,6 +6,7 @@ ms.prod: ie11
ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
ms.sitesec: library
localizationpriority: low
---

1
browsers/internet-explorer/ie11-ieak/index.md
View File

@ -6,6 +6,7 @@ ms.prod: ie11
ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
localizationpriority: low
---

1
devices/surface/index.md
View File

@ -2,6 +2,7 @@
title: Surface (Surface)
description:
ms.assetid: 2a6aec85-b8e2-4784-8dc1-194ed5126a04
localizationpriority: high
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices

1
windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
View File

@ -6,7 +6,6 @@ keywords: deployment, task sequence, custom, customize
ms.prod: w10
localizationpriority: high
ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
author: mtniehaus
---

1
windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
View File

@ -7,7 +7,6 @@ ms.prod: w10
ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
localizationpriority: high
author: mtniehaus
ms.pagetype: mdt
---

BIN
windows/deploy/images/upgrade-analytics-create-iedataoptin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
windows/deploy/images/upgrade-analytics-most-active-sites.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
windows/deploy/images/upgrade-analytics-query-activex-name.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.6 KiB

BIN
windows/deploy/images/upgrade-analytics-site-activity-by-doc-mode.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
windows/deploy/images/upgrade-analytics-site-domain-detail.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

1
windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
View File

@ -6,7 +6,6 @@ keywords: install, configure, deploy, deployment
ms.prod: w10
localizationpriority: high
ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
author: mtniehaus
---

1
windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
View File

@ -7,7 +7,6 @@ ms.prod: w10
ms.mktglfcycl: deploy
localizationpriority: high
ms.sitesec: library
localizationpriority: high
ms.pagetype: mdt
author: mtniehaus
---

68
windows/deploy/upgrade-analytics-review-site-discovery.md Normal file
View File

@ -0,0 +1,68 @@
---
title: Review site discovery
description: Explains how to review internet web site discovery with Upgrade Analytics.
ms.prod: w10
author: Justinha
---
# Review site discovery
This section of the Upgrade Analytics workflow provides an inventory of web sites that are being used by client computers that run Internet Explorer on Windows 8.1 and Windows 7 in your environment. This inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. Data from Edge browser is not collected.
> Note: After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the user. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
## Install prerequisite security update for Internet Explorer
Ensure the following prerequisites are met before using site discovery:
1. Install the latest Internet Explorer 11 Cumulative Update. This update provides the capability for site discovery and is available in the [July 2016 cumulative update (KB3170106)](https://support.microsoft.com/kb/3170106) and later.
2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it.
If necessary, you can also enable it by creating the following registry entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
Entry name: IEDataOptIn
Data type: DWORD
Values:
0 Internet Explorer data collection is disabled
1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones
2 Data collection is enabled for sites in the Internet + Restricted sites zones
3 Data collection is enabled for all sites
For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx).
![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
## Review most active sites
This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL.
![Most active sites](Images/upgrade-analytics-most-active-sites.png)
Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name.
![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
## Review document modes in use
This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
## Run browser-related queries
You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries.
![](images/upgrade-analytics-query-activex-name.png)

1
windows/keep-secure/TOC.md
View File

@ -35,6 +35,7 @@
#### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
#### [Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md)
#### [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md)
#### [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
## [VPN profile options](vpn-profile-options.md)

3
windows/keep-secure/change-history-for-keep-windows-10-secure.md
View File

@ -16,6 +16,9 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
| New or changed topic | Description |
| --- | --- |
|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) | New |
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. |
|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. |
| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs |
| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate |

3
windows/keep-secure/guidance-and-best-practices-wip.md
View File

@ -25,4 +25,5 @@ This section includes info about the enlightened Microsoft apps, including how t
|[Windows Information Protection (WIP) overview](wip-enterprise-overview.md) |High-level overview info about why to use WIP, the enterprise scenarios, and how to turn it off. |
|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise. |
|[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. |
|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |We've come up with a list of suggested testing scenarios that you can use to test WIP in your company. |
|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |We've come up with a list of suggested testing scenarios that you can use to test WIP in your company. |
|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |The most common problems you might encounter while using Windows Information Protection (WIP). |

77
windows/keep-secure/limitations-with-wip.md Normal file
View File

@ -0,0 +1,77 @@
---
title: Limitations while using Windows Information Protection (WIP) (Windows 10)
description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP).
keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
author: eross-msft
localizationpriority: high
---
# Limitations while using Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 1607
- Windows 10 Mobile
This table provides info about the most common problems you might encounter while running WIP in your organization.
<table>
<tr>
<th>Limitation</th>
<th>How it appears</th>
<th>Workaround</th>
</tr>
<tr>
<td>Enterprise data on USB drives is tied to the device it was protected on.</td>
<td>Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.</td>
<td>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.</td>
</tr>
<tr>
<td>Direct Access is incompatible with WIP.</td>
<td>Direct Access might experience problems with how WIP enforces app behavior and data movement because of how WIP determines what is and isnt a corporate network resource.</td>
<td>We recommend that you use VPN for client access to your intranet resources.<p><strong>Note</strong><br>VPN is optional and isnt required by WIP.</td>
</tr>
<tr>
<td><strong>NetworkIsolation</strong> Group Policy setting is incompatible with WIP.</td>
<td>The <strong>NetworkIsolation</strong> Group Policy setting has incompatible network settings that can conflict and cause problems with WIP.</td>
<td>We recommend that you dont use the NetworkIsolation Group Policy setting.</td>
</tr>
<tr>
<td>Cortana can potentially allow data leakage if its on the allowed apps list.</td>
<td>If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.</td>
<td>We dont recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.</td>
</tr>
<tr>
<td>WIP is designed for use by a single user per device.</td>
<td>A secondary user on a device might experience app compat issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled users content can be revoked during the unenrollment process.</td>
<td>We recommend only having one user per managed device.</td>
</tr>
<tr>
<td>Installers copied from an enterprise network file share might not work properly.</td>
<td>An app might fail to properly install because it cant read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action.</td>
<td>To fix this, you can:
<ul>
<li>Start the installer directly from the file share.<p>-OR-</li>
<li>Decrypt the locally copied files needed by the installer.<p>-OR-</li>
<li>Mark the file share with the installation media as “personal”. To do this, youll need to set the Enterprise IP ranges as <strong>Authoritative</strong> and then exclude the IP address of the file server, or youll need to put the file server on the Enterprise Proxy Server list.</li>
</ul></td>
</tr>
<tr>
<td>Changing your primary Corporate Identity isnt supported.</td>
<td>You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access.</td>
<td>Turn off WIP for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying.</td>
</tr>
<tr>
<td>Redirected folders with Client Side Caching are not compatible with WIP.</td>
<td>Apps might encounter access errors while attempting to read a cached, offline file.</td>
<td>Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.</td>
</tr>
<tr>
<td>You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.</td>
<td>A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**.</td>
<td>Open File Explorer and change the file ownership to **Personal** before you upload.</td>
</tr>
</table>

5
windows/manage/appv-deploying-appv.md
View File

@ -30,6 +30,11 @@ App-V supports a number of different deployment options. Review this topic for i
This section provides a deployment checklist that can be used to assist with installing App-V.
- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)<br>
[Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
These sections describe how to use App-V to deliver Microsoft Office as a virtualized application to computers in your organization.
## Other Resources for Deploying App-V

2
windows/manage/appv-deploying-microsoft-office-2013-with-appv.md
View File

@ -14,7 +14,7 @@ ms.prod: w10
**Applies to**
- Windows 10, version 1607
Use the information in this article to use Microsoft Application Virtualization (App-V), or later versions, to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
Use the information in this article to use Application Virtualization (App-V) to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
This topic contains the following sections: