| New or updated article | -Description | -
|---|---|
| BitLocker CSP | -Added support for Windows 10 Pro starting in the version 1809. - |
| Office CSP | -Added FinalStatus setting in Windows 10, version 1809. - |
| RemoteWipe CSP | -Added new settings in Windows 10, version 1809. - |
| TenantLockdown CSP | -Added new CSP in Windows 10, version 1809. - |
| WindowsDefenderApplicationGuard CSP | -Added new settings in Windows 10, version 1809. - |
| Policy DDF file | -Posted an updated version of the Policy DDF for Windows 10, version 1809. - |
| Policy CSP | -Added the following new policies in Windows 10, version 1809: -
Start/DisableContextMenus - added in Windows 10, version 1803. -RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy. - |
Start/DisableContextMenus - added in Windows 10, version 1803.
RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| ## July 2018 -
| New or updated article | -Description | -
|---|---|
| AssignedAccess CSP | -Added the following note: -
|
| PassportForWork CSP | -Added new settings in Windows 10, version 1809. - |
| EnterpriseModernAppManagement CSP | -Added NonRemovable setting under AppManagement node in Windows 10, version 1809. - |
| Win32CompatibilityAppraiser CSP | -Added new configuration service provider in Windows 10, version 1809. - |
| WindowsLicensing CSP | -Added S mode settings and SyncML examples in Windows 10, version 1809. - |
| SUPL CSP | -Added 3 new certificate nodes in Windows 10, version 1809. - |
| Defender CSP | -Added a new node Health/ProductStatus in Windows 10, version 1809. - |
| BitLocker CSP | -Added a new node AllowStandardUserEncryption in Windows 10, version 1809. - |
| DevDetail CSP | -Added a new node SMBIOSSerialNumber in Windows 10, version 1809. - |
| Policy CSP | -Added the following new policies in Windows 10, version 1809: -
Recent changes: -
|
You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.| +|[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.| +|[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.| +|[WindowsLicensing CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.| +|[SUPL CSP](supl-csp.md)|Added 3 new certificate nodes in Windows 10, version 1809.| +|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.| +|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.| +|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
Recent changes:
| New or updated article | -Description | -
|---|---|
| Wifi CSP | -Added a new node WifiCost in Windows 10, version 1809. - |
| Diagnose MDM failures in Windows 10 | -Recent changes: -
|
| BitLocker CSP | -Added new node AllowStandardUserEncryption in Windows 10, version 1809. - |
| Policy CSP | -Recent changes: -
Added the following new policies in Windows 10, version 1809: -
|
| WiredNetwork CSP | -New CSP added in Windows 10, version 1809. - |
Added the following new policies in Windows 10, version 1809:
| New or updated article | -Description | -
|---|---|
| Policy DDF file | -Updated the DDF files in the Windows 10 version 1703 and 1709. - - |
| New or updated article | -Description | -
|---|---|
| WindowsDefenderApplicationGuard CSP | -Added the following node in Windows 10, version 1803: -
|
| NetworkProxy CSP | -Added the following node in Windows 10, version 1803: -
|
| Accounts CSP | -Added a new CSP in Windows 10, version 1803. - |
| MDM Migration Analysis Tool (MMAT) | -Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies. - |
| CSP DDF files download | -Added the DDF download of Windows 10, version 1803 configuration service providers. - |
| Policy CSP | -Added the following new policies for Windows 10, version 1803: -
|
| New or updated article | -Description | -
|---|---|
| eUICCs CSP | -Added the following node in Windows 10, version 1803: -
|
| DeviceStatus CSP | -Added the following node in Windows 10, version 1803: -
|
| Understanding ADMX-backed policies | -Added the following videos: - - |
| AccountManagement CSP | -Added a new CSP in Windows 10, version 1803. - |
| RootCATrustedCertificates CSP | -Added the following node in Windows 10, version 1803: -
|
| Policy CSP | -Added the following new policies for Windows 10, version 1803: -
The following existing policies were updated: -
Added a new section: -
|
| Policy CSP - Bluetooth | -Added new section ServicesAllowedList usage guide. - |
| MultiSIM CSP | -Added SyncML examples and updated the settings descriptions. - |
| RemoteWipe CSP | -Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803. - |
The following existing policies were updated:
Added a new section:
| New or updated article | -Description | -
|---|---|
| Policy CSP | -Added the following new policies for Windows 10, version 1803: -
|
| VPNv2 ProfileXML XSD | -Updated the XSD and Plug-in profile example for VPNv2 CSP. - |
| AssignedAccess CSP | -Added the following nodes in Windows 10, version 1803: -
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite. - |
| MultiSIM CSP | -Added a new CSP in Windows 10, version 1803. - |
| EnterpriseModernAppManagement CSP | -Added the following node in Windows 10, version 1803: -
|
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.| +|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
| New or updated article | -Description | -
|---|---|
| Policy CSP | -Added the following new policies for Windows 10, version 1803: -
Added the following policies the were added in Windows 10, version 1709 -
Security/RequireDeviceEncryption - updated to show it is supported in desktop. - |
| BitLocker CSP | -Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803. - |
| EnterpriseModernAppManagement CSP | -Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update. - |
| DMClient CSP | -Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803: -
|
| Defender CSP | -Added new node (OfflineScan) in Windows 10, version 1803. - |
| UEFI CSP | -Added a new CSP in Windows 10, version 1803. - |
| Update CSP | -Added the following nodes in Windows 10, version 1803: -
|
Added the following policies the were added in Windows 10, version 1709
| New or updated article | -Description | -
|---|---|
| Configuration service provider reference | -Added new section CSP DDF files download - |
| New or updated article | -Description | -
|---|---|
| Policy CSP | -Added the following policies for Windows 10, version 1709: -
Added missing policies from previous releases: -
|
Added missing policies from previous releases:
| New or updated article | -Description | -
|---|---|
| Policy DDF file | -Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. - |
| Policy CSP | -Updated the following policies: -
|
| eUICCs CSP | -Added new CSP in Windows 10, version 1709. - |
| AssignedAccess CSP | -Added SyncML examples for the new Configuration node. - |
| DMClient CSP | -Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. - |
| New or updated article | -Description | -
|---|---|
| Policy CSP | -Added the following new policies for Windows 10, version 1709: -
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709. - |
| AssignedAccess CSP | -Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro. - |
| Microsoft Store for Business and Microsoft Store | -Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store. - |
| The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2 | -The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message: -
For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. - |
| EnterpriseAPN CSP | -Added a SyncML example. - |
| VPNv2 CSP | -Added RegisterDNS setting in Windows 10, version 1709. - |
| Enroll a Windows 10 device automatically using Group Policy | -Added new topic to introduce a new Group Policy for automatic MDM enrollment. - |
| MDM enrollment of Windows-based devices | -New features in the Settings app: -
For details, see Managing connections and Collecting diagnostic logs - |
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.| +|Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.| +|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| +|[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.| +|[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.| +|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.| +|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| ## August 2017 -
| New or updated article | -Description | -
|---|---|
| Enable ADMX-backed policies in MDM | -Added new step-by-step guide to enable ADMX-backed policies. - |
| Mobile device enrollment | -Added the following statement: -
|
| CM_CellularEntries CSP | -Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional. - |
| EnterpriseDataProtection CSP | -Updated the Settings/EDPEnforcementLevel values to the following: -
|
| AppLocker CSP | -Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in Allow list examples. - |
| DeviceManageability CSP | -Added the following settings in Windows 10, version 1709: -
|
| Office CSP | -Added the following setting in Windows 10, version 1709: -
|
| BitLocker CSP | -Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. - |
| Firewall CSP | -Updated the CSP and DDF topics. Here are the changes:
-
|
| Policy DDF file | -Added another Policy DDF file download for the 8C release of Windows 10, version 1607, which added the following policies:
-
|
| Policy CSP | -Added the following new policies for Windows 10, version 1709: -
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials. -Changed the names of the following policies: -
Added links to the additional ADMX-backed BitLocker policies. -There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709: -
|
Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| +|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.| +|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following:
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
Changed the names of the following policies:
Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).
There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
Policy name | Value | When set? |
|---|---|---|
Admin Templates > Control Panel > Personalization | ||
Prevent enabling lock screen slide show | Enabled | Always |
Prevent changing lock screen and logon image | Enabled | Always |
Admin Templates > System > Power Management > Button Settings | ||
Select the Power button action (plugged in) | Sleep | SetPowerPolicies=True |
Select the Power button action (on battery) | Sleep | SetPowerPolicies=True |
Select the Sleep button action (plugged in) | Sleep | SetPowerPolicies=True |
Select the lid switch action (plugged in) | Sleep | SetPowerPolicies=True |
Select the lid switch action (on battery) | Sleep | SetPowerPolicies=True |
Admin Templates > System > Power Management > Sleep Settings | ||
Require a password when a computer wakes (plugged in) | Enabled | SignInOnResume=True |
Require a password when a computer wakes (on battery) | Enabled | SignInOnResume=True |
Specify the system sleep timeout (plugged in) | SleepTimeout | SetPowerPolicies=True |
Specify the system sleep timeout (on battery) | SleepTimeout | SetPowerPolicies=True |
| Turn off hybrid sleep (plugged in) | Enabled | SetPowerPolicies=True |
| Turn off hybrid sleep (on battery) | Enabled | SetPowerPolicies=True |
| Specify the unattended sleep timeout (plugged in) | SleepTimeout | SetPowerPolicies=True |
| Specify the unattended sleep timeout (on battery) | SleepTimeout | SetPowerPolicies=True |
| Allow standby states (S1-S3) when sleeping (plugged in) | Enabled | SetPowerPolicies=True |
| Allow standby states (S1-S3) when sleeping (on battery) | Enabled | SetPowerPolicies=True |
| Specify the system hibernate timeout (plugged in) | Enabled, 0 | SetPowerPolicies=True |
| Specify the system hibernate timeout (on battery) | Enabled, 0 | SetPowerPolicies=True |
| Admin Templates>System>Power Management>Video and Display Settings | ||
| Turn off the display (plugged in) | SleepTimeout | SetPowerPolicies=True |
| Turn off the display (on battery | SleepTimeout | SetPowerPolicies=True |
| Admin Templates>System>Power Management>Energy Saver Settings | ||
| Energy Saver Battery Threshold (on battery) | 70 | SetPowerPolicies=True |
| Admin Templates>System>Logon | ||
| Show first sign-in animation | Disabled | Always |
| Hide entry points for Fast User Switching | Enabled | Always |
| Turn on convenience PIN sign-in | Disabled | Always |
| Turn off picture password sign-in | Enabled | Always |
| Turn off app notification on the lock screen | Enabled | Always |
| Allow users to select when a password is required when resuming from connected standby | Disabled | SignInOnResume=True |
-
| Block user from showing account details on sign-in | Enabled | Always |
| Admin Templates>System>User Profiles | ||
| Turn off the advertising ID | Enabled | SetEduPolicies=True |
| Admin Templates>Windows Components | ||
| Do not show Windows Tips | Enabled | SetEduPolicies=True |
| Turn off Microsoft consumer experiences | Enabled | SetEduPolicies=True |
| Microsoft Passport for Work | Disabled | Always |
| Prevent the usage of OneDrive for file storage | Enabled | Always |
| Admin Templates>Windows Components>Biometrics | ||
| Allow the use of biometrics | Disabled | Always |
| Allow users to log on using biometrics | Disabled | Always |
| Allow domain users to log on using biometrics | Disabled | Always |
| Admin Templates>Windows Components>Data Collection and Preview Builds | ||
| Toggle user control over Insider builds | Disabled | Always |
| Disable pre-release features or settings | Disabled | Always |
| Do not show feedback notifications | Enabled | Always |
| Allow Telemetry | Basic, 0 | SetEduPolicies=True |
| Admin Templates>Windows Components>File Explorer | ||
| Show lock in the user tile menu | Disabled | Always |
| Admin Templates>Windows Components>Maintenance Scheduler | ||
| Automatic Maintenance Activation Boundary | MaintenanceStartTime | Always |
| Automatic Maintenance Random Delay | Enabled, 2 hours | Always |
| Automatic Maintenance WakeUp Policy | Enabled | Always |
| Admin Templates>Windows Components>Windows Hello for Business | ||
| Use phone sign-in | Disabled | Always |
| Use Windows Hello for Business | Disabled | Always |
| Use biometrics | Disabled | Always |
| Admin Templates>Windows Components>OneDrive | ||
| Prevent the usage of OneDrive for file storage | Enabled | Always |
| Windows Settings>Security Settings>Local Policies>Security Options |
-||
| Interactive logon: Do not display last user name | Enabled, Disabled when account model is only guest | Always |
| Interactive logon: Sign-in last interactive user automatically after a system-initiated restart | Disabled | Always |
-
| Shutdown: Allow system to be shut down without having to log on | Disabled | Always |
| User Account Control: Behavior of the elevation prompt for standard users | Auto deny | Always |
- S = Supported; Not considered a downgrade or an upgrade
-[blank] = Not supported or not a downgrade
+✔ = Supported downgrade path +S = Supported; Not considered a downgrade or an upgrade +[blank] = Not supported or not a downgrade -
-
| Destination edition | -|||||||||
|---|---|---|---|---|---|---|---|---|---|
| - | - | Home | -Pro | -Pro for Workstations | -Pro Education | -Education | -Enterprise LTSC | -Enterprise | -|
| Starting edition | -|||||||||
| Home | -- | - | - | - | - | - | - | ||
| Pro | -- | - | - | - | - | - | - | ||
| Pro for Workstations | -- | - | - | - | - | - | - | ||
| Pro Education | -- | - | - | - | - | - | - | ||
| Education | -- | ✔ | -✔ | -✔ | -- | - | S | -||
| Enterprise LTSC | -- | - | - | - | - | - | - | ||
| Enterprise | -- | ✔ | -✔ | -✔ | -S | -- | - | ||
-
| - | - | Windows 10 | -Windows Server 2016 | -Windows Server 2019 | -Windows Server 2022 | -Windows 11 | -
|---|---|---|---|---|---|---|
|
- Boot image version |
- ||||||
| Windows 10 | -Supported, using a boot image from matching or newer version. | -Supported, using a boot image from Windows 10, version 1607 or later. | -Supported, using a boot image from Windows 10, version 1809 or later. | -Not supported. | -Not supported. | -|
| Windows Server 2016 | -Supported, using a boot image from Windows 10, version 1607 or later. | -Supported. | -Not supported. | -Not supported. | -Not supported. | -|
| Windows Server 2019 | -Supported, using a boot image from Windows 10, version 1809 or later. | -Supported. | -Supported. | -Not supported. | -Not supported. | -|
| Windows Server 2022 | -Deprecated, with a warning message. | -Deprecated, with a warning message. | -Deprecated, with a warning message. | -Deprecated, with a warning message. | -Not supported. | -|
| Windows 11 | -Not supported, blocked. | -Not supported, blocked. | -Not supported, blocked. | -Not supported, blocked. | -Not supported, blocked. | -
-
| Category | -Scenario | -Description | -More information |
| Modern | -+### Modern -[Windows Autopilot](#windows-autopilot) | -- Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured. - | --Overview of Windows Autopilot - | -
|
+|Scenario|Description|More information|
+|--- |--- |--- |
+|[Windows Autopilot](#windows-autopilot)|Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured|[Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot)|
+|[In-place upgrade](#in-place-upgrade)|Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.|[Perform an in-place upgrade to Windows 10 with MDT](/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit) [Perform an in-place upgrade to Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager)| -[In-place upgrade](#in-place-upgrade) +### Dynamic - |
- - Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old. - | -
-Perform an in-place upgrade to Windows 10 with MDT Perform an in-place upgrade to Windows 10 using Configuration Manager - |
- |
| - Dynamic - | -+|Scenario|Description|More information| +|--- |--- |--- | +|[Subscription Activation](#windows-10-subscription-activation)|Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.|[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)| +|[AAD / MDM](#dynamic-provisioning)|The device is automatically joined to AAD and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)| +|[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)| -[Subscription Activation](#windows-10-subscription-activation) - | -- Switch from Windows 10 Pro to Enterprise when a subscribed user signs in. - | --Windows 10 Subscription Activation - | -
| - - [AAD / MDM](#dynamic-provisioning) - | -- The device is automatically joined to AAD and configured by MDM. - | --Azure Active Directory integration with MDM - | -|
| - - [Provisioning packages](#dynamic-provisioning) - | -- Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices. - | --Configure devices without MDM - | -|
| - Traditional - | -- - [Bare metal](#new-computer) - | -- Deploy a new device, or wipe an existing device and deploy with a fresh image. - | -
- Deploy a Windows 10 image using MDT Deploy Windows 10 using PXE and Configuration Manager - |
-
| - - [Refresh](#computer-refresh) - | -- Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. - | -
- Refresh a Windows 7 computer with Windows 10 Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager - |
- |
| - - [Replace](#computer-replace) - | -- Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device. - | -
- Replace a Windows 7 computer with a Windows 10 computer Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager - |
-
+### Traditional +|Scenario|Description|More information| +|--- |--- |--- | +|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy a Windows 10 image using MDT](/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt)
[Deploy Windows 10 using PXE and Configuration Manager](/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)| +|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows 7 computer with Windows 10](/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10)
[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)| +|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows 7 computer with a Windows 10 computer](/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer)
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)| >[!IMPORTANT] >The Windows Autopilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index c59e537d48..485e471769 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -44,23 +44,15 @@ This guide provides instructions to install and configure the Microsoft Deployme Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed. -
- -
-
-
-
-
-
+|Topic|Description|Time|
+|--- |--- |--- |
+|[About MDT](#about-mdt)|A high-level overview of the Microsoft Deployment Toolkit (MDT).|Informational|
+|[Install MDT](#install-mdt)|Download and install MDT.|40 minutes|
+|[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)|A reference image is created to serve as the template for deploying new images.|90 minutes|
+|[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)|The reference image is deployed in the PoC environment.|60 minutes|
+|[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)|Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.|60 minutes|
+|[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)|Back up an existing client computer, then restore this backup to a new computer.|60 minutes|
+|[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)|Log locations and troubleshooting hints.|Informational|
## About MDT
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index 3855f4698d..880fc20b4b 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -53,26 +53,20 @@ After completing the instructions in this guide, you will have a PoC environment
Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
-| Topic | Description | Time - - |
| About MDT | A high-level overview of the Microsoft Deployment Toolkit (MDT). | Informational - |
| Install MDT | Download and install MDT. | 40 minutes - |
| Create a deployment share and reference image | A reference image is created to serve as the template for deploying new images. | 90 minutes - |
| Deploy a Windows 10 image using MDT | The reference image is deployed in the PoC environment. | 60 minutes - |
| Refresh a computer with Windows 10 | Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. | 60 minutes - |
| Replace a computer with Windows 10 | Back up an existing client computer, then restore this backup to a new computer. | 60 minutes - |
| Troubleshooting logs, events, and utilities | Log locations and troubleshooting hints. | Informational - |
- -
-
-
-
-
+|Topic|Description|Time|
+|--- |--- |--- |
+|[Hardware and software requirements](#hardware-and-software-requirements)|Prerequisites to complete this guide.|Informational|
+|[Lab setup](#lab-setup)|A description and diagram of the PoC environment.|Informational|
+|[Configure the PoC environment](#configure-the-poc-environment)|Parent topic for procedures.|Informational|
+|[Verify support and install Hyper-V](#verify-support-and-install-hyper-v)|Verify that installation of Hyper-V is supported, and install the Hyper-V server role.|10 minutes|
+|[Download VHD and ISO files](#download-vhd-and-iso-files)|Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host.|30 minutes|
+|[Convert PC to VM](#convert-pc-to-vm)|Convert a physical computer on your network to a VM hosted in Hyper-V.|30 minutes|
+|[Resize VHD](#resize-vhd)|Increase the storage capacity for one of the Windows Server VMs.|5 minutes|
+|[Configure Hyper-V](#configure-hyper-v)|Create virtual switches, determine available RAM for virtual machines, and add virtual machines.|15 minutes|
+|[Configure service and user accounts](#configure-vms)|Start virtual machines and configure all services and settings.|60 minutes|
+|[Configure VMs](#configure-vms)|Start virtual machines and configure all services and settings.|60 minutes|
+|[Appendix A: Verify the configuration](#appendix-a-verify-the-configuration)|Verify and troubleshoot network connectivity and services in the PoC environment.|30 minutes|
+|[Appendix B: Terminology in this guide](#appendix-b-terminology-used-in-this-guide)|Terms used in this guide.|Informational|
## Hardware and software requirements
@@ -85,60 +79,17 @@ Hardware requirements are displayed below:
| Topic | Description | Time |
| Hardware and software requirements | Prerequisites to complete this guide. | Informational - |
| Lab setup | A description and diagram of the PoC environment. | Informational - |
| Configure the PoC environment | Parent topic for procedures. | Informational - |
| Verify support and install Hyper-V | Verify that installation of Hyper-V is supported, and install the Hyper-V server role. | 10 minutes - |
| Download VHD and ISO files | Download evaluation versions of Windows Server 2012 R2 and Windows 10 and prepare these files to be used on the Hyper-V host. | 30 minutes - |
| Convert PC to VM | Convert a physical computer on your network to a VM hosted in Hyper-V. | 30 minutes - |
| Resize VHD | Increase the storage capacity for one of the Windows Server VMs. | 5 minutes - |
| Configure Hyper-V | Create virtual switches, determine available RAM for virtual machines, and add virtual machines. | 15 minutes - |
| Configure service and user accounts | Start virtual machines and configure all services and settings. | 60 minutes - |
| Configure VMs | Start virtual machines and configure all services and settings. | 60 minutes - |
| Appendix A: Verify the configuration | Verify and troubleshoot network connectivity and services in the PoC environment. | 30 minutes - |
| Appendix B: Terminology in this guide | Terms used in this guide. | Informational - |
-
-
-
+||Computer 1 (required)|Computer 2 (recommended)|
+|--- |--- |--- |
+|**Role**|Hyper-V host|Client computer|
+|**Description**|This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module.|This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VM to demonstrate the upgrade process.|
+|**OS**|Windows 8.1/10 or Windows Server 2012/2012 R2/2016*|Windows 7 or a later|
+|**Edition**|Enterprise, Professional, or Education|Any|
+|**Architecture**|64-bit|Any
-
+ 
2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simple to recognize and type.
3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**.
4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host.
- >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**.
+ >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**.
5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simple to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO.
-After completing these steps, you will have three files in the **C:\VHD** directory: **2012R2-poc-1.vhd**, **2012R2-poc-2.vhd**, **w10-enterprise.iso**.
+ After completing these steps, you will have three files in the **C:\VHD** directory: **2012R2-poc-1.vhd**, **2012R2-poc-2.vhd**, **w10-enterprise.iso**.
-The following displays the procedures described in this section, both before and after downloading files:
+ The following displays the procedures described in this section, both before and after downloading files:
-
+
+1. Open the [Download virtual machines](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/) page.
+2. Under **Virtual machine**, choose **IE11 on Win7**.
+3. Under **Select platform** choose **HyperV (Windows)**.
+4. Click **Download .zip**. The download is 3.31 GB.
+5. Extract the zip file. Three directories are created.
+6. Open the **Virtual Hard Disks** directory and then copy **IE11 - Win7.vhd** to the **C:\VHD** directory.
+7. Rename **IE11 - Win7.vhd** to **w7.vhd** (do not rename the file to w7.vhdx).
+8. In step 5 of the [Configure Hyper-V](#configure-hyper-v) section, replace the VHD file name **w7.vhdx** with **w7.vhd**.
If you have a PC available to convert to VM (computer 2):
@@ -301,30 +246,10 @@ If you have a PC available to convert to VM (computer 2):
When creating a VM in Hyper-V, you must specify either generation 1 or generation 2. The following table describes requirements for these two types of VMs.
-
-
| - | Computer 1 (required) | -Computer 2 (recommended) | -
| Role | -Hyper-V host | -Client computer | -
| Description | -This computer will run Hyper-V, the Hyper-V management tools, and the Hyper-V Windows PowerShell module. | -This computer is a Windows 7 or Windows 8/8.1 client on your corporate network that will be converted to a VM to demonstrate the upgrade process. | -
| OS | -Windows 8.1/10 or Windows Server 2012/2012 R2/2016* | -Windows 7 or a later | -
| Edition | -Enterprise, Professional, or Education | -Any | -
| Architecture | -64-bit | -Any Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade. |
-
| RAM | -8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
- 16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager. |
- Any | -
| Disk | -200 GB available hard disk space, any format. | -Any size, MBR formatted. | -
| CPU | -SLAT-Capable CPU | -Any | -
| Network | -Internet connection | -Any | -
*Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.*|
+|**RAM**|8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.|Any|
+|**Disk**|200 GB available hard disk space, any format.|Any size, MBR formatted.|
+|**CPU**|SLAT-Capable CPU|Any|
+|**Network**|Internet connection|Any|
\*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. Providing all steps in this guide as Hyper-V WMI or as 2008 R2 Hyper-V Manager procedures is beyond the scope of the guide.
@@ -236,57 +187,51 @@ When you have completed installation of Hyper-V on the host computer, begin conf
1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory.
- **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately.
+ **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately.
- After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below.
+ After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below.
-
 |
-C:>mkdir VHD -C:>cd VHD -C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd -C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd - 1 file(s) copied. -C:\VHD ren *.iso w10-enterprise.iso -C:\VHD>dir /B -2012R2-poc-1.vhd -2012R2-poc-2.vhd -w10-enterprise.iso -+
+ C:>mkdir VHD + C:>cd VHD + C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd + C:\VHD>copy 2012R2-poc-1.vhd 2012R2-poc-2.vhd + 1 file(s) copied. + C:\VHD ren *.iso w10-enterprise.iso + C:\VHD>dir /B + 2012R2-poc-1.vhd + 2012R2-poc-2.vhd + w10-enterprise.iso +### Convert PC to VM >Important: Do not attempt to use the VM resulting from the following procedure as a reference image. Also, to avoid conflicts with existing clients, do not start the VM outside the PoC network. -
|
If you do not have a PC available to convert to VM, perform the following steps to download an evaluation VM:
- -
|
-
-
-
-
-
+||Architecture|Operating system|Partition style|
+|--- |--- |--- |--- |
+|**Generation 1**|32-bit or 64-bit|Windows 7 or later|MBR|
+|**Generation 2**|64-bit|Windows 8 or later|MBR or GPT|
If the PC is running a 32-bit OS or the OS is Windows 7, it must be converted to a generation 1 VM. Otherwise, it can be converted to a generation 2 VM.
@@ -370,74 +295,42 @@ Number Friendly Name OperationalStatus Tota
**Choosing a VM generation**
-The following table displays the Hyper-V VM generation to choose based on the OS, architecture, and partition style. Links to procedures to create the corresponding VMs are included.
+The following tables display the Hyper-V VM generation to choose based on the OS, architecture, and partition style. Links to procedures to create the corresponding VMs are included.
-| - | Architecture | -Operating system | -Partition style | -
| Generation 1 | -32-bit or 64-bit | -Windows 7 or later | -MBR | -
| Generation 2 | -64-bit | -Windows 8 or later | -MBR or GPT | -
+**Windows 7 MBR**
-
-
+|Architecture|VM generation|Procedure|
+|--- |--- |--- |
+|32|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
+|64|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
-
+**Windows 7 GPT**
+
+|Architecture|VM generation|Procedure|
+|--- |--- |--- |
+|32|N/A|N/A|
+|64|1|[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)|
+
+**Windows 8 or later MBR**
+
+|Architecture|VM generation|Procedure|
+|--- |--- |--- |
+|32|1|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
+|64|1, 2|[Prepare a generation 1 VM](#prepare-a-generation-1-vm)|
+
+**Windows 8 or later GPT**
+
+|Architecture|VM generation|Procedure|
+|--- |--- |--- |
+|32|1|[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)|
+|64|2|[Prepare a generation 2 VM](#prepare-a-generation-2-vm)|
+
+> [!NOTE]
+>
+>- If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk).
+>- If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the mountvol command. In this case, see [Prepare a generation 2 VM](#prepare-a-generation-2-vm).
+>- If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see [Prepare a generation 1 VM](#prepare-a-generation-1-vm).
-Notes:| OS | -Partition style | -Architecture | -VM generation | -Procedure | -
| Windows 7 | -MBR | -32 | -1 | -Prepare a generation 1 VM | -
| 64 | -1 | -Prepare a generation 1 VM | -||
| GPT | -32 | -N/A | -N/A | -|
| 64 | -1 | -Prepare a generation 1 VM from a GPT disk | -||
| Windows 8 or later | -MBR | -32 | -1 | -Prepare a generation 1 VM | -
| 64 | -1, 2 | -Prepare a generation 1 VM | -||
| GPT | -32 | -1 | -Prepare a generation 1 VM from a GPT disk | -|
| 64 | -2 | -Prepare a generation 2 VM | -
-
-
-
- If the PC is running Windows 7, it can only be converted and hosted in Hyper-V as a generation 1 VM. This Hyper-V requirement means that if the Windows 7 PC is also using a GPT partition style, the OS disk can be shadow copied, but a new system partition must be created. In this case, see Prepare a generation 1 VM from a GPT disk. -
- If the PC is running Windows 8 or later and uses the GPT partition style, you can capture the disk image and create a generation 2 VM. To do this, you must temporarily mount the EFI system partition which is accomplished using the mountvol command. In this case, see Prepare a generation 2 VM. -
- If the PC is using an MBR partition style, you can convert the disk to VHD and use it to create a generation 1 VM. If you use the Disk2VHD tool described in this guide, it is not necessary to mount the MBR system partition, but it is still necessary to capture it. In this case, see Prepare a generation 1 VM. -
- -
-
-
-
-
-
+|Term|Definition|
+|--- |--- |
+|GPT|GUID partition table (GPT) is an updated hard-disk formatting scheme that enables the use of newer hardware. GPT is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions.|
+|Hyper-V|Hyper-V is a server role introduced with Windows Server 2008 that lets you create a virtualized computing environment. Hyper-V can also be installed as a Windows feature on Windows client operating systems, starting with Windows 8.|
+|Hyper-V host|The computer where Hyper-V is installed.|
+|Hyper-V Manager|The user-interface console used to view and configure Hyper-V.|
+|MBR|Master Boot Record (MBR) is a legacy hard-disk formatting scheme that limits support for newer hardware. MBR is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. MBR is in the process of being replaced by the GPT partition format.|
+|Proof of concept (PoC)|Confirmation that a process or idea works as intended. A PoC is carried out in a test environment to learn about and verify a process.|
+|Shadow copy|A copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes.|
+|Virtual machine (VM)|A VM is a virtual computer with its own operating system, running on the Hyper-V host.|
+|Virtual switch|A virtual network connection used to connect VMs to each other and to physical network adapters on the Hyper-V host.|
+|VM snapshot|A point in time image of a VM that includes its disk, memory and device state. It can be used to return a virtual machine to a former state corresponding to the time the snapshot was taken.|
## Related Topics
| Term - | Definition - |
| GPT | GUID partition table (GPT) is an updated hard-disk formatting scheme that enables the use of newer hardware. GPT is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. - |
| Hyper-V | Hyper-V is a server role introduced with Windows Server 2008 that lets you create a virtualized computing environment. Hyper-V can also be installed as a Windows feature on Windows client operating systems, starting with Windows 8. - |
| Hyper-V host | The computer where Hyper-V is installed. - |
| Hyper-V Manager | The user-interface console used to view and configure Hyper-V. - |
| MBR | Master Boot Record (MBR) is a legacy hard-disk formatting scheme that limits support for newer hardware. MBR is one of the partition formats that can be chosen when first initializing a hard drive, prior to creating and formatting partitions. MBR is in the process of being replaced by the GPT partition format. - |
| Proof of concept (PoC) | Confirmation that a process or idea works as intended. A PoC is carried out in a test environment to learn about and verify a process. - |
| Shadow copy | A copy or "snapshot" of a computer at a point in time, created by the Volume Shadow Copy Service (VSS), typically for backup purposes. - |
| Virtual machine (VM) | A VM is a virtual computer with its own operating system, running on the Hyper-V host. - |
| Virtual switch | A virtual network connection used to connect VMs to each other and to physical network adapters on the Hyper-V host. - |
| VM snapshot | A point in time image of a VM that includes its disk, memory and device state. It can be used to return a virtual machine to a former state corresponding to the time the snapshot was taken. - |