Merge pull request #5919 from MicrosoftDocs/v-gmoor-fix-pr-5918

Various fixes to layout & presentation
2025-05-12 13:27:23 +00:00 · 2021-11-04 15:06:26 -07:00 · 2021-11-04 15:06:26 -07:00 · 68a05c50bf
commit 68a05c50bf
parent 748f6bd39a 007002cd9d
4 changed files with 52 additions and 35 deletions
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@ -41,7 +41,7 @@ During the automatic certificate renew process, the device will deny HTTP redire
 The following example shows the details of an automatic renewal request.
-``` xml
+```xml
 <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
   xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u=
   "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
@ -121,7 +121,7 @@ After validation is completed, the web service retrieves the PKCS\#10 content fr
 The following example shows the details of a certificate renewal response.
-``` xml
+```xml
 <wap-provisioningdoc version="1.1">
   <characteristic type="CertificateStore">
 <!-- Root certificate provision is only needed here if it is not in the device already -->      <characteristic type="Root">
@ -147,7 +147,7 @@ The following example shows the details of a certificate renewal response.
 ```
 > [!Note]
-The client receives a new certificate, instead of renewing the initial certificate. The administrator controls which certificate template the client should use. The templates may be different at renewal time than the initial enrollment time.
+> The client receives a new certificate, instead of renewing the initial certificate. The administrator controls which certificate template the client should use. The templates may be different at renewal time than the initial enrollment time.
 ## Configuration service providers supported during MDM enrollment and certificate renewal
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@ -31,7 +31,7 @@ This article provides independent software vendors (ISV) with the information th
 In Windows 10, the MDM protocol has been extended to better enable IT admins to manage updates. In particular, Windows has added configuration service providers (CSPs) that expose policies and actions for MDMs to:
-   Configure automatic update policies to ensure devices stay up-to-date.
+-   Configure automatic update policies to ensure devices stay up to date.
 -   Get device compliance information (the list of updates that are needed but not yet installed).
 -   Enter a per-device update approval list. The list makes sure devices only install updates that are approved and tested.
 -   Approve end-user license agreements (EULAs) for the end user so update deployment can be automated even for updates with EULAs.
@ -56,12 +56,12 @@ The Microsoft Update Catalog contains many updates that aren't needed by MDM-man
 This section describes this setup. The following diagram shows the server-server sync protocol process.
-![mdm server-server sync.](images/deviceupdateprocess2.png)
+:::image type="content" alt-text="mdm server-server sync." source="images/deviceupdateprocess2.png" lightbox="images/deviceupdateprocess2.png":::
 MSDN provides much information about the Server-Server sync protocol. In particular:
 -   It's a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development.
-   You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx.
+-   You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to `https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx`.
 Some important highlights:
@ -121,10 +121,10 @@ These steps get information about the set of Microsoft Updates that IT needs to
 An MDM can manage updates via OMA DM. The details of how to use and integrate an MDM with the Windows OMA DM protocol, and how to enroll devices for MDM management, is documented in [Mobile device management](mobile-device-enrollment.md). This section focuses on how to extend that integration to support update management. The key aspects of update management include the following information:
-   Configure automatic update policies to ensure devices stay up-to-date.
+-   Configure automatic update policies to ensure devices stay up to date.
 -   Get device compliance information (the list of updates that are needed but not yet installed)
 -   Specify a per-device update approval list. The list makes sure devices only install updates that are approved and tested.
-   Approve EULAs for the end-user so update deployment can be automated, even for updates with EULAs
+-   Approve EULAs for the end user so update deployment can be automated, even for updates with EULAs
 The following list describes a suggested model for applying updates.
@ -228,8 +228,8 @@ Supported operations are Get and Replace.
 The following list shows the supported values:
-   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+-   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
-   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart.
+-   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart.
 -   2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This behavior is the default behavior for unmanaged devices. Devices are updated quickly. But, it increases the risk of accidental data loss caused by an application that doesn't shutdown properly on restart.
 -   3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
 -   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only.
@ -239,7 +239,7 @@ The following list shows the supported values:
 > This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
-If the policy isn't configured, end-users get the default behavior (Auto install and restart).
+If the policy isn't configured, end users get the default behavior (Auto install and restart).
 <a href="" id="update-allowmuupdateservice"></a>**Update/AllowMUUpdateService**
 > [!NOTE]
@ -258,7 +258,7 @@ The following list shows the supported values:
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise and Windows 10 Education.
-Allows the IT admin to manage if Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third party software and patch distribution.
+Allows the IT admin to manage if Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution.
 Supported operations are Get and Replace.
@ -267,7 +267,7 @@ The following list shows the supported values:
 -   0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
 -   1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they're signed by a certificate in the "Trusted Publishers" certificate store of the local computer.
-This policy is specific to desktop and local publishing using WSUS for third party updates (binaries and updates not hosted on Microsoft Update). It allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+This policy is specific to desktop and local publishing using WSUS for third-party updates (binaries and updates not hosted on Microsoft Update). It allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
 <a href="" id="update-allowupdateservice"></a>**Update/AllowUpdateService**
 > [!NOTE]
@ -575,7 +575,7 @@ The following list shows the supported values:
 > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
-Allows the IT admin to restrict the updates that are installed on a device to only the updates on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update for the end-user. EULAs are approved once an update is approved.
+Allows the IT admin to restrict the updates that are installed on a device to only the updates on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update for the end user. EULAs are approved once an update is approved.
 Supported operations are Get and Replace.
@ -674,7 +674,7 @@ The following list shows the supported values:
 Example
 ```xml
-        <Replace>
+<Replace>
    <CmdID>$CmdID$</CmdID>
    <Item>
        <Meta>
@ -686,12 +686,13 @@ Example
        </Target>
        <Data>http://abcd-srv:8530</Data>
    </Item>
-        </Replace>
+</Replace>
 ```
 <a href="" id="update-updateserviceurlalternate"></a>**Update/UpdateServiceUrlAlternate**
-> **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+> [!NOTE]
 > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
 Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
@ -747,15 +748,17 @@ The root node.
 Supported operation is Get.
 <a href="" id="approvedupdates"></a>**ApprovedUpdates**
-Node for update approvals and EULA acceptance for the end-user.
+Node for update approvals and EULA acceptance for the end user.
-> **Note** When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
+> [!NOTE]
 > When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list.
 The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to present the EULA is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It's only necessary to approve the EULA once per EULA ID, not one per update.
 The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (updates to the virus and spyware definitions on devices) and Security Updates (product-specific updates for security-related vulnerability). The update approval list doesn't support the uninstall of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs because of changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID.
-> **Note**  For the Windows 10 build, the client may need to reboot after additional updates are added.
+> [!NOTE]
 > For the Windows 10 build, the client may need to reboot after additional updates are added.
@ -1008,5 +1011,16 @@ Set auto update to notify and defer.
 The following diagram and screenshots show the process flow of the device update process using Windows Server Update Services and Microsoft Update Catalog.
-![mdm device update management screenshot3.](images/deviceupdatescreenshot3.png)![mdm device update management screenshot4](images/deviceupdatescreenshot4.png)![mdm device update management screenshot5](images/deviceupdatescreenshot5.png)![mdm device update management screenshot6](images/deviceupdatescreenshot6.png)![mdm device update management screenshot7](images/deviceupdatescreenshot7.png)![mdm device update management screenshot8](images/deviceupdatescreenshot8.png)![mdm device update management screenshot9](images/deviceupdatescreenshot9.png)
+![mdm device update management screenshot3.](images/deviceupdatescreenshot3.png)
 ![mdm device update management screenshot4](images/deviceupdatescreenshot4.png)
 ![mdm device update management screenshot5](images/deviceupdatescreenshot5.png)
 ![mdm device update management screenshot6](images/deviceupdatescreenshot6.png)
 ![mdm device update management screenshot7](images/deviceupdatescreenshot7.png)
 ![mdm device update management screenshot8](images/deviceupdatescreenshot8.png)
 ![mdm device update management screenshot9](images/deviceupdatescreenshot9.png)
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@ -69,7 +69,8 @@ Optional. The node that contains the configured management server's ProviderID.
 -   **Delete** - Delete all policies set by this account. This command could be used in enterprise unenrollment for removing policy values set by the enterprise management server.
 -   **Get** - Return all policies set by the management server.
-> **Note**   The value cannot be changed after it's added. The **Replace** command isn't supported.
+> [!NOTE]
 > The value cannot be changed after it's added. The **Replace** command isn't supported.
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@ -118,7 +118,8 @@ Value options:
 -   0 - Server authentication isn't required.
 -   1 - Server authentication is required.
-> **Note**  If this value isn't specified, then no SMTP authentication is done. Also, this is different from SMTPALTENABLED.
+> [!NOTE]
 > If this value isn't specified, then no SMTP authentication is done. Also, this is different from SMTPALTENABLED.
@ -204,7 +205,8 @@ Required. Character string that specifies the name of the email service to creat
 Supported operations are Get, Add, Replace, and Delete.
-> **Note**   The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.
+> [!NOTE]
 > The EMAIL2 Configuration Service Provider doesn't support the OMA DM **Replace** command on the parameters **SERVICENAME** and **SERVICETYPE**. To replace either the email account name or the account service type, the existing email account must be deleted and then a new one must be created.