deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into VSO-7173355

Browse Source
This commit is contained in:
Maggie Evans
2016-07-21 18:53:49 -07:00
parent dc17b94eef 9cd12df968
commit 661f5b567c
21 changed files with 383 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/keep-secure/TOC.md
View File

@ -29,6 +29,7 @@
##### [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md)
##### [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md)
#### [Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md)
#### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)
### [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md)
#### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
#### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md)

1
windows/keep-secure/change-history-for-keep-windows-10-secure.md
View File

@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
|New or changed topic | Description |
|----------------------|-------------|
|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |New |
|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New |
|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |New |
|[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New |

6
windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
View File

@ -53,7 +53,7 @@ Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThrea
Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled
> **Note**&nbsp;&nbsp;Policies **Health Status for onboarded machines** use read-only properties and can't be remediated.
> **Note**&nbsp;&nbsp;The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated.
### Offboard and monitor endpoints
@ -82,11 +82,11 @@ Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding |
Health Status for offboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
| ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
> **Note**&nbsp;&nbsp;Policies **Health Status for offboarded machines** use read-only properties and can't be remediated.
> **Note**&nbsp;&nbsp;The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated.
## Related topics
- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)

3
windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
View File

@ -45,6 +45,7 @@ For security reasons, the package used to offboard endpoints will expire 30 days
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Click **Endpoint Management** on the **Navigation pane**.
b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file.
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
@ -66,4 +67,4 @@ For security reasons, the package used to offboard endpoints will expire 30 days
- [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
- [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)

109
windows/keep-secure/create-and-verify-an-efs-dra-certificate.md Normal file
View File

@ -0,0 +1,109 @@
---
title: Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate (Windows 10)
description: Follow these steps to create, verify, and perform a quick recovery by using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate.
keywords: Windows Information Protection, WIP, WIP, Enterprise Data Protection
ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
---
# Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
**Applies to:**
- Windows 10 Insider Preview
- Windows 10 Mobile Preview
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
If you dont already have an EFS DRA certificate, youll need to create and extract one from your system before you can use Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your organization. For the purposes of this section, well use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.
The recovery process included in this topic only works for desktop devices. WIP deletes the data on Windows 10 Mobile devices.
>**Important**<br>
If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy. For more info about when to use a PKI and the general strategy you should use to deploy DRA certificates, see the [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/en-us/magazine/2007.02.securitywatch.aspx) article on TechNet. For more general info about EFS protection, see [Protecting Data by Using EFS to Encrypt Hard Drives](https://msdn.microsoft.com/en-us/library/cc875821.aspx).<p>If your DRA certificate has expired, you wont be able to encrypt your files with it. To fix this, you'll need to create a new certificate, using the steps in this topic, and then deploy it through policy.
**To manually create an EFS DRA certificate**
1. On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
2. Run this command:
`cipher /r:<EFSRA>`
Where *&lt;EFSRA&gt;* is the name of the .cer and .pfx files that you want to create.
3. When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1.
>**Important**<br>
Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as Microsoft Intune or System Center Configuration Manager.
>**Note**<br>
To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) topic.
**To verify your data recovery certificate is correctly set up on an WIP client computer**
1. Find or create a file that's encrypted using Windows Information Protection. For example, you could open an app on your allowed app list, and then create and save a file so its encrypted by WIP.
2. Open an app on your protected app list, and then create and save a file so that its encrypted by WIP.
3. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
`cipher /c <filename>`
Where *&lt;filename&gt;* is the name of the file you created in Step 1.
4. Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
**To recover your data using the EFS DRA certificate in a test environment**
1. Copy your WIP-encrypted file to a location where you have admin access.
2. Install the EFSDRA.pfx file, using its password.
3. Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
`cipher /d <encryptedfile.extension>`
Where *&lt;encryptedfile.extension&gt;* is the name of your encrypted file. For example, corporatedata.docx.
**To quickly recover WIP-protected desktop data after unenrollment**<br>
It's possible that you might revoke data from an unenrolled device only to later want to restore it all. This can happen in the case of a missing device being returned or if an unenrolled employee enrolls again. If the employee enrolls again using the original user profile, and the revoked key store is still on the device, all of the revoked data can be restored at once, by following these steps.
>**Important**<br>To maintain control over your enterprise data, and to be able to revoke again in the future, you must only perform this process after the employee has re-enrolled the device.
1. Have your employee sign in to the unenrolled device, open a command prompt, and type:
`Robocopy “%localappdata%\Microsoft\WIP\Recovery” <“new_location”> /EFSRAW`
Where *&lt;”new_location”&gt;* is in a different directory. This can be on the employees device or on a Windows 8 or Windows Server 2012 or newer server file share that can be accessed while you're logged in as a data recovery agent.
2. Sign in to a different device with administrator credentials that have access to your organization's DRA certificate, and perform the file decryption and recovery by typing:
`cipher.exe /D <“new_location”>`
3. Have your employee sign in to the unenrolled device, and type:
`Robocopy <”new_location”> “%localappdata%\Microsoft\WIP\Recovery\Input”`
4. Ask the employee to lock and unlock the device.
The Windows Credential service automatically recovers the employees previously revoked keys from the `Recovery\Input` location.
## Related topics
- [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/en-us/magazine/2007.02.securitywatch.aspx)
- [Protecting Data by Using EFS to Encrypt Hard Drives](https://msdn.microsoft.com/en-us/library/cc875821.aspx)
- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md)
- [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md)
- [Creating a Domain-Based Recovery Agent](https://msdn.microsoft.com/en-us/library/cc875821.aspx#EJAA)

1
windows/keep-secure/overview-create-edp-policy.md
View File

@ -24,6 +24,7 @@ Microsoft Intune and System Center Configuration Manager Technical Preview versi
|------|------------|
|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Intune helps you create and deploy your EDP policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network. |
|[Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |System Center Configuration Manager Technical Preview version 1605 or later helps you create and deploy your EDP policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network. |
|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)] |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
 
 

2
windows/manage/TOC.md
View File

@ -46,7 +46,7 @@
#### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
#### [Distribute offline apps](distribute-offline-apps.md)
### [Manage apps](manage-apps-windows-store-for-business-overview.md)
#### [App inventory managemement for Windows Store for Business](app-inventory-managemement-windows-store-for-business.md)
#### [App inventory managemement for Windows Store for Business](app-inventory-management-windows-store-for-business.md)
#### [Manage app orders in Windows Store for Business](manage-orders-windows-store-for-business.md)
#### [Manage access to private store](manage-access-to-private-store.md)
#### [Manage private store settings](manage-private-store-settings.md)

222
windows/manage/app-inventory-managemement-windows-store-for-business.md
View File

@ -2,6 +2,7 @@
title: App inventory management for Windows Store for Business (Windows 10)
description: You can manage all apps that you've acquired on your Inventory page.
ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
redirect_url: https://technet.microsoft.com/itpro/windows/manage/app-inventory-management-windows-store-for-business
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
@ -9,224 +10,3 @@ ms.pagetype: store
author: TrudyHa
---
# App inventory management for Windows Store for Business
**Applies to**
- Windows 10
- Windows 10 Mobile
You can manage all apps that you've acquired on your **Inventory** page.
The **Inventory** page in Windows Store for Business shows all apps in your inventory. This includes all apps that you've acquired from Store for Business, and the line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Inventory** page. On the **New line-of-business apps** page, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md).
All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses.
![Image shows Inventory page in Windows Store for Business with status status options for an app.](images/wsfb-inventoryaddprivatestore.png)
Store for Business shows this info for each app in your inventory:
- Name
- Access to actions for the app
- Last modified date
- Supported devices
- Private store status
### Find apps in your inventory
There are a couple of ways to find specific apps, or groups of apps in your inventory.
**Search** - Use the Search box to search for an app.
**Refine** - Use **Refine** to scope your list of apps by one or more of these app attributes:
- **License** - Online or offline licenses. For more info, see [Apps in Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
- **Platforms** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory.
- **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps.
- **Private store** - **In private store**, or **Not in private store**, depending on whether or not you've added the app to your private store.
### Manage apps in your inventory
Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Action</th>
<th align="left">Online-licensed app</th>
<th align="left">Offline-licensed app</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Assign to employees</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="even">
<td align="left"><p>Add to private store</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="odd">
<td align="left"><p>Remove from private store</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="even">
<td align="left"><p>View license details</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="odd">
<td align="left"><p>View product details</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>Download for offline use</p></td>
<td align="left"></td>
<td align="left"><p>X</p></td>
</tr>
</tbody>
</table>
 
The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
### Distribute apps
For online-licensed apps, there are a couple of ways to distribute apps from your inventory:
- Assign apps to people in your organization.
- Add apps to your private store, and let people in your organization install the app.
If you use a management tool that supports Store for Business, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
**To make an app in inventory available in your private store**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
4. From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store.
Employees can claim apps that admins added to the private store by doing the following.
**To claim an app from the private store**
1. Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
2. Click the private store tab.
3. Click the app you want to install, and then click **Install**.
Another way to distribute apps is by assigning them to people in your organization.
If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
**To remove an app from the private store**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
The app will still be in your inventory, but your employees will not have access to the app from your private store.
**To assign an app to an employee**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
4. Type the email address for the employee that you're assigning the app to, and click **Confirm**.
Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
### Manage app licenses
For each app in your inventory, you can view and manage license details. This give you another way to assign apps to people in your organization. It also allows you to reclaim app licenses after they've been assigned to people, or claimed by people in your organization.
**To view license details**
1. Sign in to [Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=691845)
2. Click **Manage**, and then choose **Inventory**.
3. Click the ellipses for an app, and then choose **View license details**.
![Image showing Inventory page in Windows Store for Business.](images/wsfb-inventory-viewlicense.png)
You'll see the names of people in your organization who have installed the app and are using one of the licenses.
![Image showing assigned licenses for an app.](images/wsfb-licensedetails.png)
On **Assigned licenses**, you can do several things:
- Assign the app to other people in your organization.
- Reclaim app licenses.
- View app details.
- Add the app to your private store, if it is not in the private store.
You can assign the app to more people in your organization, or reclaim licenses.
**To assign an app to more people**
- Click **Assign to people**, type the email address for the employee that you're assigning the app to, and click **Assign**.
![Image showing Assign to people dialog for assigning app licenses to people in your organization.](images/wsfb-licenseassign.png)
Store for Business updates the list of assigned licenses.
**To reclaim licenses**
- Choose the person you want to reclaim the license from, click **Reclaim licenses**, and then click **Reclaim licenses**.
![Image showing Assign to people dialog for reclaiming app licenses from people in your organization.](images/wsfb-licensereclaim.png)
Store for Business updates the list of assigned licenses.
### <a href="" id="download-offline-licensed-apps"></a>Download offline-licensed app
Offline licensing is a new feature in Windows 10 and allows apps to be deployed to devices that are not connected to the Internet. This means organizations can deploy apps when users or devices do not have connectivity to the Store.
You can download offline-licensed apps from your inventory. You'll need to download these items:
- App metadata
- App package
- App license
- App framework
For more information about online and offline licenses, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
For more information about downloading offline-licensed apps, see [Download offline apps](distribute-offline-apps.md).
 
 

223
windows/manage/app-inventory-management-windows-store-for-business.md Normal file
View File

@ -0,0 +1,223 @@
---
title: App inventory management for Windows Store for Business (Windows 10)
description: You can manage all apps that you've acquired on your Inventory page.
ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: store
author: TrudyHa
---
# App inventory management for Windows Store for Business
**Applies to**
- Windows 10
- Windows 10 Mobile
You can manage all apps that you've acquired on your **Inventory** page.
The **Inventory** page in Windows Store for Business shows all apps in your inventory. This includes all apps that you've acquired from Store for Business, and the line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Inventory** page. On the **New line-of-business apps** page, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md).
All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses.
![Image shows Inventory page in Windows Store for Business with status status options for an app.](images/wsfb-inventoryaddprivatestore.png)
Store for Business shows this info for each app in your inventory:
- Name
- Access to actions for the app
- Last modified date
- Supported devices
- Private store status
### Find apps in your inventory
There are a couple of ways to find specific apps, or groups of apps in your inventory.
**Search** - Use the Search box to search for an app.
**Refine** - Use **Refine** to scope your list of apps by one or more of these app attributes:
- **License** - Online or offline licenses. For more info, see [Apps in Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
- **Platforms** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory.
- **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps.
- **Private store** - **In private store**, or **Not in private store**, depending on whether or not you've added the app to your private store.
### Manage apps in your inventory
Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Action</th>
<th align="left">Online-licensed app</th>
<th align="left">Offline-licensed app</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Assign to employees</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="even">
<td align="left"><p>Add to private store</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="odd">
<td align="left"><p>Remove from private store</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="even">
<td align="left"><p>View license details</p></td>
<td align="left"><p>X</p></td>
<td align="left"></td>
</tr>
<tr class="odd">
<td align="left"><p>View product details</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
</tr>
<tr class="even">
<td align="left"><p>Download for offline use</p></td>
<td align="left"></td>
<td align="left"><p>X</p></td>
</tr>
</tbody>
</table>
 
The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
### Distribute apps
For online-licensed apps, there are a couple of ways to distribute apps from your inventory:
- Assign apps to people in your organization.
- Add apps to your private store, and let people in your organization install the app.
If you use a management tool that supports Store for Business, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
**To make an app in inventory available in your private store**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
4. From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store.
Employees can claim apps that admins added to the private store by doing the following.
**To claim an app from the private store**
1. Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
2. Click the private store tab.
3. Click the app you want to install, and then click **Install**.
Another way to distribute apps is by assigning them to people in your organization.
If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
**To remove an app from the private store**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
The app will still be in your inventory, but your employees will not have access to the app from your private store.
**To assign an app to an employee**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
4. Type the email address for the employee that you're assigning the app to, and click **Confirm**.
Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
### Manage app licenses
For each app in your inventory, you can view and manage license details. This give you another way to assign apps to people in your organization. It also allows you to reclaim app licenses after they've been assigned to people, or claimed by people in your organization.
**To view license details**
1. Sign in to [Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=691845)
2. Click **Manage**, and then choose **Inventory**.
3. Click the ellipses for an app, and then choose **View license details**.
![Image showing Inventory page in Windows Store for Business.](images/wsfb-inventory-viewlicense.png)
You'll see the names of people in your organization who have installed the app and are using one of the licenses.
![Image showing assigned licenses for an app.](images/wsfb-licensedetails.png)
On **Assigned licenses**, you can do several things:
- Assign the app to other people in your organization.
- Reclaim app licenses.
- View app details.
- Add the app to your private store, if it is not in the private store.
You can assign the app to more people in your organization, or reclaim licenses.
**To assign an app to more people**
- Click **Assign to people**, type the email address for the employee that you're assigning the app to, and click **Assign**.
![Image showing Assign to people dialog for assigning app licenses to people in your organization.](images/wsfb-licenseassign.png)
Store for Business updates the list of assigned licenses.
**To reclaim licenses**
- Choose the person you want to reclaim the license from, click **Reclaim licenses**, and then click **Reclaim licenses**.
![Image showing Assign to people dialog for reclaiming app licenses from people in your organization.](images/wsfb-licensereclaim.png)
Store for Business updates the list of assigned licenses.
### <a href="" id="download-offline-licensed-apps"></a>Download offline-licensed app
Offline licensing is a new feature in Windows 10 and allows apps to be deployed to devices that are not connected to the Internet. This means organizations can deploy apps when users or devices do not have connectivity to the Store.
You can download offline-licensed apps from your inventory. You'll need to download these items:
- App metadata
- App package
- App license
- App framework
For more information about online and offline licenses, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
For more information about downloading offline-licensed apps, see [Download offline apps](distribute-offline-apps.md).

2
windows/manage/apps-in-windows-store-for-business.md
View File

@ -51,7 +51,7 @@ Apps that you acquire from the Store for Business only work on Windows 10-based
Some apps are free, and some apps charge a price. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time.
Some apps which are available to consumers in the Windows Store might not be available to organizations in the Windows Store for Business. App developers can opt-out their apps, and they also need to meet eligibility requirements for Windows Store for Business. For more information, read this info on [Organizational licensing options](https://msdn.microsoft.com/en-us/windows/uwp/publish/organizational-licensing).
Some apps which are available to consumers in the Windows Store might not be available to organizations in the Windows Store for Business. App developers can opt-out their apps, and they also need to meet eligibility requirements for Windows Store for Business. For more information, read this info on [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing).
**Note**<br>
We are still setting up the catalog of apps for Windows Store for Business. If you are searching for an app and it isnt available, please check again in a couple of days.

2
windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
View File

@ -1,6 +1,6 @@
---
title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
redirect_url: https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
---
# Configure Windows 10 devices to stop data flow to Microsoft

2
windows/manage/disconnect-your-organization-from-microsoft.md
View File

@ -1,4 +1,4 @@
---
title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft
redirect_url: https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
---

17
windows/manage/manage-cortana-in-enterprise.md
View File

@ -50,14 +50,15 @@ Set up and manage Cortana by using the following Group Policy and mobile device
|Group policy |MDM policy |Description |
|-------------|-----------|------------|
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Experience/AllowCortana |Specifies whether employees can use Cortana.<p>**Note**<br>Employees can still perform searches even with Cortana turned off. |
|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization |Privacy/AllowInput Personalization |Specifies whether to turn on automatic learning, which allows the collection of speech and handwriting patterns, typing history, contacts, and recent calendar information. It is required for the use of Cortana.<p>**Important**<br>Cortana wont work if this setting is turned off (disabled). |
|None |System/AllowLocation |Specifies whether to allow app access to the Location service. |
|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results |None |Specifies whether search can perform queries on the web and if the web results are displayed in search.<p>**Important**<br>Cortana wont work if this setting is turned off (disabled). |
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location |Search/AllowSearchToUse Location |Specifies whether search and Cortana can provide location aware search and Cortana results.<p>**Important**<br>Cortana wont work if this setting is turned off (disabled). |
|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search |Search/SafeSearch Permissions |Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile. |
|User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box |None |Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference.<p>**Important**<br>Cortana wont work if this setting is turned off (disabled). |
|User Configuration\Administrative Templates\Start Menu and Taskbar\Do not search communications |None |Specifies whether the Start menu search box searches communications.<p>**Important**<br>Cortana wont work if this setting is turned off (disabled). |
|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock |AboveLock/AllowCortanaAboveLock |Specifies whether an employee can interact with Cortana using voice commands when the system is locked.<p>**Note**<br>This setting only applies to Windows 10 for desktop devices. |
|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization |Privacy/AllowInputPersonalization |Specifies whether an employee can use voice commands with Cortana in the enterprise.<p>**In Windows 10, version 1511**<br>Cortana wont work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled). |
|None |System/AllowLocation |Specifies whether to allow app access to the Location service.<p>**In Windows 10, version 1511**<br>Cortana wont work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled). |
|None |Accounts/AllowMicrosoftAccountConnection |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.<p>Use this setting if you only want to support Azure AD in your organization. |
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location |Search/AllowSearchToUseLocation |Specifies whether Cortana can use your current location during searches and for location reminders. |
|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search |Search/SafeSearchPermissions |Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile. |
|User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box |None |Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference. |
|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results |None |Specifies whether search can perform queries on the web and if the web results are displayed in search.<p>**In Windows 10 Pro edition**<br>This setting cant be managed.<p>**In Windows 10 Enterprise edition**<br>Cortana won't work if this setting is turned off (disabled). |
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Experience/AllowCortana |Specifies whether employees can use Cortana.<p>**Important**<br>Cortana wont work if this setting is turned off (disabled). However, employees can still perform local searches even with Cortana turned off. |
**More info:**
- For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkId=717380) topic, located in the configuration service provider reference topics. For specific info about how to set, manage, and use each of these Group Policies to configure Cortana in your enterprise, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=717381).

64
windows/manage/manage-inventory-windows-store-for-business.md
View File

@ -1,70 +1,10 @@
---
title: Manage inventory in Windows Store for Business (Windows 10)
description: When you acquire apps from the Windows Store for Business, we add them to the Inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/app-inventory-management-windows-store-for-business
redirect_url: https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
---
# Manage inventory in Window Store for Business
When you acquire apps from the Windows Store for Business, we add them to the inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
## Distribute apps
You can assign apps to people, or you can make apps available in your private store. Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
**To make an app in inventory available in your private store**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
4. From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store.
Employees can claim apps that admins added to the private store by doing the following.
**To claim an app from the private store**
1. Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
2. Click the private store tab.
3. Click the app you want to install, and then click **Install**.
Another way to distribute apps is by assigning them to people in your organization.
**To assign an app to an employee**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
4. Type the email address for the employee that you're assigning the app to, and click **Confirm**.
Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
## Manage licenses
For apps in inventory, when you assign an app to an employee, a license for the app is assigned to them. You can manage these licenses, either by assigning them, or reclaiming them so you can assign them to another employee. You can also remove an app from the private store.
**To assign licenses**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **View license details**.
4. Click **Assign to people**, type the name you are assigning the license to, and then click **Assign**.
Store for Business assigns a license to the person, and adds them to the list of assigned licenses.
**To reclaim licenses**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **View license details**.
4. Click the name of the person you are reclaiming the license from, and then click **Reclaim licenses**.
Store for Business reclaims the license, and updates the number of avialable licenses. After you reclaim a license, you can assign a license to another employee.
**To remove an app from the private store**
If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
1. Sign in to the [Store for Business](http://businessstore.microsoft.com).
2. Click **Manage**, and then choose **Inventory**.
3. Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
The app will still be in your inventory, but your employees will not have access to the app from your private store.

2
windows/manage/working-with-line-of-business-apps.md
View File

@ -81,7 +81,7 @@ After an app is published and available in the Store, ISVs publish an updated ve
5. Click **Save** to save your changes and start the app submission process.
For more information, see [Organizational licensing options]( http://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](http://go.microsoft.com/fwlink/p/?LinkId=627543).<br>
**Note** In order to get the LOB app, the organization must be located in a [supported market](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-store-for-business-overview#supported-markets), and you must not have excluded that market when submitting your app.
**Note** In order to get the LOB app, the organization must be located in a [supported market](https://technet.microsoft.com/itpro/windows/whats-new/windows-store-for-business-overview#supported-markets), and you must not have excluded that market when submitting your app.
### <a href="" id="add-lob-app-to-inventory"></a>Add app to inventory (admin)