From ceebe7f10bdf9fd40db2cbaeb66acdb0455cfc7f Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 10 Aug 2016 15:28:30 -0700 Subject: [PATCH 01/21] fixing link --- .../deploy-device-guard-enable-virtualization-based-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md index fdd547a277..c64e07578a 100644 --- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md +++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md @@ -20,7 +20,7 @@ Hardware-based security features, also called virtualization-based security or V 2. **Verify that hardware and firmware requirements are met**. Verify that your client computers possess the necessary hardware and firmware to run these features. A list of requirements for hardware-based security features is available in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). -3. **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool]((https://www.microsoft.com/en-us/download/details.aspx?id=53337)), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). +3. **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). 4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following sections in this topic: From 01417e64d110bb73f7ffdae60907cffbb6828b4b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 11 Aug 2016 14:07:16 +1000 Subject: [PATCH 02/21] Redirected page --- ...nal-configuration-windows-advanced-threat-protection.md | 7 +++++++ ...onitor-onboarding-windows-advanced-threat-protection.md | 7 +++++++ 2 files changed, 14 insertions(+) create mode 100644 windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md create mode 100644 windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md new file mode 100644 index 0000000000..279966110f --- /dev/null +++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md @@ -0,0 +1,7 @@ + --- + redirect_url: https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection + --- + +# Additional Windows Defender ATP configuration settings + +This page has been redirected to [Configure endpoints](https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md new file mode 100644 index 0000000000..a462835906 --- /dev/null +++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md @@ -0,0 +1,7 @@ + --- + redirect_url: https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection + --- + +# Monitor the Windows Defender Advanced Threat Protection onboarding + +This page has been redirected to [Configure endpoints](https://technet.microsoft.com/en-au/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection) \ No newline at end of file From a1eb06bd3361f5f2a19b147fd0b252662331070a Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 11 Aug 2016 07:36:26 -0700 Subject: [PATCH 03/21] update references to Passport --- windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md | 2 +- .../implement-microsoft-passport-in-your-organization.md | 8 ++++---- ...nage-identity-verification-using-microsoft-passport.md | 3 ++- .../microsoft-passport-and-password-changes.md | 2 +- windows/keep-secure/passport-event-300.md | 2 +- .../prepare-people-to-use-microsoft-passport.md | 6 +----- .../keep-secure/why-a-pin-is-better-than-a-password.md | 2 +- windows/keep-secure/windows-hello-in-enterprise.md | 2 +- 8 files changed, 12 insertions(+), 15 deletions(-) diff --git a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md index 28f0292d02..e3c6cbddf6 100644 --- a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md +++ b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md @@ -17,7 +17,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -In Windows 10, Version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app. +In Windows 10, version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app. ![Sign in to a device](images/phone-signin-menu.png) diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md index 2dc4c2628a..e449b17214 100644 --- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md +++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md @@ -20,7 +20,7 @@ localizationpriority: high You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10. > **Important:** The Group Policy setting **Turn on PIN sign-in** does not apply to Windows 10. Use **Windows Hello for Business** policy settings to manage PINs.   -## Group Policy settings for Passport +## Group Policy settings for Windows Hello for Businness The following table lists the Group Policy settings that you can configure for Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**. @@ -139,7 +139,7 @@ The following table lists the Group Policy settings that you can configure for H -## MDM policy settings for Passport +## MDM policy settings for Windows Hello for Business The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=692070). @@ -285,8 +285,8 @@ The following table lists the MDM policy settings that you can configure for Win
-**Note**   -If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN. +>[!NOTE]   +> If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.   ## Prerequisites diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md index 5422f94366..30bcc08dfa 100644 --- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md +++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md @@ -18,7 +18,8 @@ localizationpriority: high In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. -> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. +>[!NOTE] +> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. Hello addresses the following problems with passwords: - Passwords can be difficult to remember, and users often reuse passwords on multiple sites. diff --git a/windows/keep-secure/microsoft-passport-and-password-changes.md b/windows/keep-secure/microsoft-passport-and-password-changes.md index dd002d75b8..128f1ffe29 100644 --- a/windows/keep-secure/microsoft-passport-and-password-changes.md +++ b/windows/keep-secure/microsoft-passport-and-password-changes.md @@ -9,7 +9,7 @@ ms.pagetype: security author: jdeckerMS localizationpriority: high --- -# Microsoft Passport and password changes +# Windows Hello and password changes **Applies to** - Windows 10 diff --git a/windows/keep-secure/passport-event-300.md b/windows/keep-secure/passport-event-300.md index 3609eec53d..25c9b86986 100644 --- a/windows/keep-secure/passport-event-300.md +++ b/windows/keep-secure/passport-event-300.md @@ -35,7 +35,7 @@ This is a normal condition. No further action is required. ## Related topics -[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md) +[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md) [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md index 81f36a3d4e..f6419c6ced 100644 --- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md +++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md @@ -83,15 +83,11 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows **Sign in to PC using the phone** -<<<<<<< HEAD + 1. Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to. > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account. ![select a device](images/phone-signin-device-select.png) -======= -1. Open the **Microsoft Authenticator** app and tap the name of the PC to sign in to. - > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account. ->>>>>>> parent of 9891b67... from master   2. Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account. diff --git a/windows/keep-secure/why-a-pin-is-better-than-a-password.md b/windows/keep-secure/why-a-pin-is-better-than-a-password.md index b9bb671c49..f1321ab0de 100644 --- a/windows/keep-secure/why-a-pin-is-better-than-a-password.md +++ b/windows/keep-secure/why-a-pin-is-better-than-a-password.md @@ -70,7 +70,7 @@ If you only had a biometric sign-in configured and, for any reason, were unable ## Related topics -[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md) +[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md) [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)   \ No newline at end of file diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md index 9907572763..28fed4cfd5 100644 --- a/windows/keep-secure/windows-hello-in-enterprise.md +++ b/windows/keep-secure/windows-hello-in-enterprise.md @@ -78,7 +78,7 @@ To allow facial recognition, you must have devices with integrated special infra - [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md) - [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) - [Microsoft Passport guide](microsoft-passport-guide.md) -- [Prepare people to use Microsoft Passport](prepare-people-to-use-microsoft-passport.md) +- [Prepare people to use Windows Hello for Work](prepare-people-to-use-microsoft-passport.md) - [PassportforWork CSP](http://go.microsoft.com/fwlink/p/?LinkId=708219)   From ff950d75f58f3c3652b197ad879fc6e3d911b150 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 11 Aug 2016 09:17:21 -0700 Subject: [PATCH 04/21] removing locale from links --- ...-windows-telemetry-in-your-organization.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md index 9965ade8d5..09dc4ad2c3 100644 --- a/windows/manage/configure-windows-telemetry-in-your-organization.md +++ b/windows/manage/configure-windows-telemetry-in-your-organization.md @@ -66,7 +66,7 @@ Telemetry can sometimes be confused with functional data. Some Windows component There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. -If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services). +If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services). The following are specific examples of functional data: @@ -150,7 +150,7 @@ The following table defines the endpoints for telemetry services: ### Data use and access -The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management. +The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management. ### Retention @@ -377,15 +377,15 @@ There are a few more settings that you can turn off that may send telemetry info FAQs -- [Cortana, Search, and privacy](http://windows.microsoft.com/en-us/windows-10/cortana-privacy-faq) -- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/en-us/windows-10/feedback-diagnostics-privacy-faq) -- [Windows 10 camera and privacy](http://windows.microsoft.com/en-us/windows-10/camera-privacy-faq) -- [Windows 10 location service and privacy](http://windows.microsoft.com/en-us/windows-10/location-service-privacy) -- [Microsoft Edge and privacy](http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq) -- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/en-us/windows-10/speech-inking-typing-privacy-faq) -- [Windows Hello and privacy](http://windows.microsoft.com/en-us/windows-10/windows-hello-privacy-faq) -- [Wi-Fi Sense](http://windows.microsoft.com/en-us/windows-10/wi-fi-sense-faq) -- [Windows Update Delivery Optimization](http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq) +- [Cortana, Search, and privacy](http://windows.microsoft.com/windows-10/cortana-privacy-faq) +- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/windows-10/feedback-diagnostics-privacy-faq) +- [Windows 10 camera and privacy](http://windows.microsoft.com/windows-10/camera-privacy-faq) +- [Windows 10 location service and privacy](http://windows.microsoft.com/windows-10/location-service-privacy) +- [Microsoft Edge and privacy](http://windows.microsoft.com/windows-10/edge-privacy-faq) +- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/windows-10/speech-inking-typing-privacy-faq) +- [Windows Hello and privacy](http://windows.microsoft.com/windows-10/windows-hello-privacy-faq) +- [Wi-Fi Sense](http://windows.microsoft.com/windows-10/wi-fi-sense-faq) +- [Windows Update Delivery Optimization](http://windows.microsoft.com/windows-10/windows-update-delivery-optimization-faq) Blogs @@ -393,11 +393,11 @@ Blogs Privacy Statement -- [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement) +- [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) TechNet -- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) +- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) Web Pages From 4ff194b21aab3ee96e761f8cd4be6cb5506959e6 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 11 Aug 2016 11:41:53 -0700 Subject: [PATCH 05/21] redirecting --- devices/hololens/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 867e2c8492..4b581a5c10 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -1 +1,3 @@ -# Placeholder \ No newline at end of file +--- +redirect_url: https://developer.microsoft.com/windows/holographic/commercial_features +--- From 83ed0961c349a7875c60cdc18c69dc98bbd1eb88 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 11 Aug 2016 12:12:20 -0700 Subject: [PATCH 06/21] opening Windows for public contributions --- .openpublishing.publish.config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 2358d61c40..c81fb7b606 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -89,7 +89,7 @@ "build_output_subfolder": "windows", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } @@ -101,7 +101,7 @@ "branches_to_filter": [ "" ], - "git_repository_url_open_to_public_contributors": "", + "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs", "skip_source_output_uploading": false, "dependent_repositories": [] } From 110cba96fb9cc43dc332ff29f853364300bfa687 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 11 Aug 2016 13:31:45 -0700 Subject: [PATCH 07/21] adding master branch config --- .openpublishing.publish.config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index c81fb7b606..1883afb349 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -102,6 +102,7 @@ "" ], "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "master", "skip_source_output_uploading": false, "dependent_repositories": [] } From 30cc9c45225ac354ecce143fdb41cc78d742c092 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Thu, 11 Aug 2016 13:46:38 -0700 Subject: [PATCH 08/21] remove en-us from links --- .../advanced-uefi-security-features-for-surface-pro-3.md | 2 +- .../surface/customize-the-oobe-for-surface-deployments.md | 4 ++-- devices/surface/manage-surface-dock-firmware-updates.md | 4 ++-- devices/surface/manage-surface-uefi-settings.md | 6 +++--- devices/surface/microsoft-surface-deployment-accelerator.md | 2 +- .../surface/step-by-step-surface-deployment-accelerator.md | 2 +- devices/surface/surface-diagnostic-toolkit.md | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md index a590b85c20..7a4c04dabc 100644 --- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md +++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md @@ -23,7 +23,7 @@ To address more granular control over the security of Surface devices, the v3.11 Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030). -To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/en-us/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates). +To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). ## Manually configure additional security settings diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md index aa17e2e68f..9160b9b3f5 100644 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -25,9 +25,9 @@ In some scenarios, you may want to provide complete automation to ensure that at This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](http://go.microsoft.com/fwlink/p/?LinkID=618042). >**Note:**  Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
-- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit) +- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
-- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager) +- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)   diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md index 4d2733a4ad..21c8a0d24f 100644 --- a/devices/surface/manage-surface-dock-firmware-updates.md +++ b/devices/surface/manage-surface-dock-firmware-updates.md @@ -16,12 +16,12 @@ author: jobotto Read about the different methods you can use to manage the process of Surface Dock firmware updates. -The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/en-us/mt697552) video. +The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/mt697552) video. Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device. >**Note:**  You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:
-- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/en-us/mt697551) from Microsoft Mechanics +- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/mt697551) from Microsoft Mechanics - [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog   diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md index 7071bb2da7..246334a4d4 100644 --- a/devices/surface/manage-surface-uefi-settings.md +++ b/devices/surface/manage-surface-uefi-settings.md @@ -26,7 +26,7 @@ On the **PC information** page, detailed information about your Surface device i - **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management. - **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios. -- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/en-us/download/details.aspx?id=44076). +- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/download/details.aspx?id=44076). You will also find detailed information about the firmware of your Surface device. Surface devices have several internal components that each run different versions of firmware. The firmware version of each of the following devices is displayed on the **PC information** page (as shown in Figure 1): @@ -44,7 +44,7 @@ You will also find detailed information about the firmware of your Surface devic *Figure 1. System information and firmware version information* -You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history) for your device. +You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device. ##Security @@ -70,7 +70,7 @@ On the **Security** page you can also change the configuration of Secure Boot on *Figure 3. Configure Secure Boot* -You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. +You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. ![Configure Surface UEFI security settings](images/manage-surface-uefi-fig4.png "Configure Surface UEFI security settings") diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index c7b442925d..28bbfd35f7 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -83,7 +83,7 @@ You can find a full list of available driver downloads at [Download the latest f ## Changes and updates -SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/en-us/itpro/surface/step-by-step-surface-deployment-accelerator). +SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator). >**Note:**  To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share.   diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index c2113bd72b..3e6df89af7 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -300,7 +300,7 @@ The **2 – Create Windows Reference Image** task sequence is used to perform a Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations. ->**Note:**  Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt). +>**Note:**  Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).   diff --git a/devices/surface/surface-diagnostic-toolkit.md b/devices/surface/surface-diagnostic-toolkit.md index 78142a380b..283a22273c 100644 --- a/devices/surface/surface-diagnostic-toolkit.md +++ b/devices/surface/surface-diagnostic-toolkit.md @@ -339,7 +339,7 @@ The device orientation sensor determines what the angle of the Surface device is This test cycles the screen through brightness levels from 0 percent to 100 percent, and then a message is displayed to confirm if the brightness level changed accordingly. You are then prompted to test for brightness reaction. To test the reaction of brightness when running on battery, disconnect the power adapter. The screen should automatically dim when power is disconnected. #### Surface Dock test -The Microsoft Surface Diagnostic Toolkit uses this test only if a Surface Dock is connected to the device. If a Surface Dock is detected, this test verifies that the Surface Dock driver firmware is updated. For more detailed analysis of Surface Dock firmware status and how to manually initiate the firmware update process, see the [Microsoft Surface Dock Updater](https://technet.microsoft.com/en-us/itpro/surface/surface-dock-updater) article. +The Microsoft Surface Diagnostic Toolkit uses this test only if a Surface Dock is connected to the device. If a Surface Dock is detected, this test verifies that the Surface Dock driver firmware is updated. For more detailed analysis of Surface Dock firmware status and how to manually initiate the firmware update process, see the [Microsoft Surface Dock Updater](https://technet.microsoft.com/itpro/surface/surface-dock-updater) article. #### System assessment From 62a89d16d252acfc727e897d4b33b222a7bf7670 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 11 Aug 2016 13:56:25 -0700 Subject: [PATCH 09/21] opening the remaining docsets for public contributions --- .openpublishing.publish.config.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 1883afb349..576b2cc42a 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -9,7 +9,7 @@ "build_output_subfolder": "education", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } @@ -20,7 +20,7 @@ "build_output_subfolder": "browsers/internet-explorer", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } @@ -45,7 +45,7 @@ "build_output_subfolder": "mdop", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } @@ -56,7 +56,7 @@ "build_output_subfolder": "browsers/edge", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } @@ -67,7 +67,7 @@ "build_output_subfolder": "devices/surface", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } @@ -78,7 +78,7 @@ "build_output_subfolder": "devices/surface-hub", "locale": "en-us", "version": 0, - "open_to_public_contributors": false, + "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content" } From 363f808a4b533a9bf0142baba4247afe9d9cf6ef Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 11 Aug 2016 14:58:27 -0700 Subject: [PATCH 10/21] added text for released vs. Insider Preview versions of Windows --- ...-operating-system-components-to-microsoft-services.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index d1bedc3492..a2f9376e50 100644 --- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -273,7 +273,14 @@ To turn off font streaming, create a REG\_DWORD registry setting called **Disabl ### 6. Insider Preview builds -To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds. +To turn off Insider Preview builds for a released version of Windows 10: + +- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Toggle user control over Insider builds**. + +To turn off Insider Preview builds for an Insider Preview version of Windows 10: + +> [!NOTE] +> If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds. - Turn off the feature in the UI: **Settings** > **Update & security** > **Windows Insider Program** > **Stop Insider Preview builds**. From 841ca505a29d07375f9759dcc8c41d34a888f708 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 11 Aug 2016 16:43:57 -0700 Subject: [PATCH 11/21] Per request from Suhas, combined two partly-redundant procedures into one --- ...rd-enable-virtualization-based-security.md | 108 ++++++------------ 1 file changed, 35 insertions(+), 73 deletions(-) diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md index c64e07578a..ad07a92a09 100644 --- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md +++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md @@ -22,10 +22,7 @@ Hardware-based security features, also called virtualization-based security or V 3. **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). -4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following sections in this topic: - - - [Enable Unified Extensible Firmware Interface Secure Boot](#enable-unified-extensible-firmware-interface-secure-boot) - - [Enable virtualization-based security for kernel-mode code integrity](#enable-virtualization-based-security-for-kernel-mode-code-integrity) +4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security for Device Guard](#enable-virtualization-based-security-for-device-guard), later in this topic. For information about enabling Credential Guard, see [Protect derived domain credentials with Credential Guard](credential-guard.md). @@ -45,15 +42,19 @@ Hyper-V Hypervisor and Isolated User Mode (not shown). Figure 1. Enable operating system feature for VBS -After you enable the feature or features, you can configure any additional hardware-based security features you want. The following sections provide more information: -- [Enable Unified Extensible Firmware Interface Secure Boot](#enable-unified-extensible-firmware-interface-secure-boot) -- [Enable virtualization-based security for kernel-mode code integrity](#enable-virtualization-based-security-for-kernel-mode-code-integrity) +After you enable the feature or features, you can enable VBS for Device Guard, as described in the following sections. -## Enable Unified Extensible Firmware Interface Secure Boot +## Enable Virtualization Based Security (VBS) -Before you begin this process, verify that the target device meets the hardware requirements for UEFI Secure Boot that are laid out in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). There are two options to configure UEFI Secure Boot: manual configuration of the appropriate registry keys and Group Policy deployment. Complete the following steps to manually configure UEFI Secure Boot on a computer running Windows 10. +Before you begin this process, verify that the target device meets the hardware and firmware requirements for the features that you want, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). Also, confirm that you have enabled the Windows features discussed in the previous section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). -> **Important**  Secure boot settings include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats). +There are multiple ways to configure VBS features for Device Guard. You can use the [readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) rather than the procedures in this topic, or you can use the following procedures, either to configure the appropriate registry keys manually or to use Group Policy. + +> **Important**   +> - The settings in the following procedure include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can still have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
+> - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. + +**To configure VBS manually** 1. Navigate to the **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard** registry subkey. @@ -65,13 +66,19 @@ Before you begin this process, verify that the target device meets the hardware | ---------------- | ---------------- | | **1** enables the **Secure Boot** option
**3** enables the **Secure Boot and DMA protection** option | **1** enables the **Secure Boot** option
**2** enables the **Secure Boot and DMA protection** option | -4. Restart the client computer. +4. With a supported operating system earlier than Windows 10, version 1607, or Windows Server 2016, skip this step, and remain in the same registry subkey. -Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy UEFI Secure Boot to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups. + With Windows 10, version 1607, or Windows Server 2016, navigate to **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios**. -> **Note**  We recommend that you test-enable this feature on a group of test computers before you deploy it to users' computers. +5. Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**. -### Use Group Policy to deploy Secure Boot +6. Restart the client computer. + +Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy these features to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups. + +> **Note**  We recommend that you test-enable these features on a group of test computers before you enable them on users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail. + +### Use Group Policy to enable VBS 1. To create a new GPO, right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**. @@ -79,7 +86,7 @@ Unfortunately, it would be time consuming to perform these steps manually on eve Figure 2. Create a new OU-linked GPO -2. Give the new GPO a name, for example, **Contoso Secure Boot GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention. +2. Give the new GPO a name, for example, **Contoso VBS settings GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention. 3. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**. @@ -89,77 +96,32 @@ Unfortunately, it would be time consuming to perform these steps manually on eve Figure 3. Enable VBS -5. Select the **Enabled** button, and then select a secure boot option, such as **Secure Boot**, from the **Select Platform Security Level** list. +5. Select the **Enabled** button, and then choose a secure boot option, such as **Secure Boot**, from the **Select Platform Security Level** list. ![Group Policy, Turn On Virtualization Based Security](images/device-guard-gp.png) - Figure 4. Enable Secure Boot (in Windows 10, version 1607) + Figure 4. Configure VBS, Secure Boot setting (in Windows 10, version 1607) - > **Important**  Secure boot settings include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats). + > **Important**  These settings include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can have code integrity policies enabled.
For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats). -6. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. After you configure this setting, UEFI Secure Boot will be enabled upon restart. +6. For **Virtualization Based Protection of Code Integrity**, select the appropriate option: -7. Check the test computer’s event log for Device Guard GPOs. - - Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy. - -## Enable virtualization-based security for kernel-mode code integrity - -Before you begin this process, verify that the desired computer meets the hardware requirements for VBS found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), and enable the Windows features discussed in the [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security) section. When validated, you can enable virtualization-based protection of KMCI in one of two ways: manual configuration of the appropriate registry subkeys and Group Policy deployment. - -> **Note**  All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable this feature on a group of test computers before you enable it on users' computers. - -**To configure virtualization-based protection of KMCI manually:** - -1. Navigate to the appropriate registry subkey: - - - With Windows 10, version 1607, or Windows Server 2016:
**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios** - - - With an earlier version of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:
**HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard** - -2. Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**. - -3. Restart the client computer. - -It would be time consuming to perform these steps manually on every protected computer in your enterprise. Instead, use Group Policy to deploy virtualization-based protection of KMCI. This example creates a test OU called *DG Enabled PCs*, which you will use to link the GPO. If you prefer to link the policy to an existing OU rather than create a test OU and scope the policy by using appropriately named computer security groups, that is another option. - -> **Note**  We recommend that you test-enable this feature on a group of test computers before you deploy it to users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail. - -### Use Group Policy to configure VBS of KMCI - -1. Create a new GPO: Right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**. - - ![Group Policy Management, create a GPO](images/dg-fig5-createnewou.png) - - Figure 5. Create a new OU-linked GPO - -2. Give the new GPO a name, for example, **Contoso VBS CI Protection GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention. - -3. Open the Group Policy Management Editor: Right-click the new GPO, and then click **Edit**. - -4. Within the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**. - - ![Edit the group policy for Virtualization Based Security](images/dg-fig6-enablevbs.png) - - Figure 6. Enable VBS - -5. Select the **Enabled** button, and then for **Virtualization Based Protection of Code Integrity**, select the appropriate option: - - - With Windows 10, version 1607 or Windows Server 2016, choose an enabled option:
For an initial deployment or test deployment, we recommend **Enabled without lock**.
When your deployment is stable in your environment, we recommend changing to **Enabled with lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person. + - With Windows 10, version 1607 or Windows Server 2016, choose an appropriate option:
For an initial deployment or test deployment, we recommend **Enabled without lock**.
When your deployment is stable in your environment, we recommend changing to **Enabled with lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person. - With earlier versions of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:
Select the **Enable Virtualization Based Protection of Code Integrity** check box. ![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png) - Figure 7. Enable VBS of KMCI (in Windows 10, version 1607) + Figure 5. Configure VBS, Lock setting (in Windows 10, version 1607) -6. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. With this setting configured, the VBS of the KMCI will take effect upon restart. +7. Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart. -7. Check the test client event log for Device Guard GPOs. +8. Check the test computer’s event log for Device Guard GPOs. - Processed Device Guard policies are logged in event viewer under **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy has been successfully processed, event ID 7000 is logged, which contains the selected settings within the policy. + Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy. -**Validate enabled Device Guard hardware-based security features** + +### Validate enabled Device Guard hardware-based security features Windows 10 and Windows Server 2016 and later have a WMI class for Device Guard–related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: @@ -260,11 +222,11 @@ Table 1. Win32\_DeviceGuard properties -Another method to determine the available and enabled Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 8. +Another method to determine the available and enabled Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 6. ![Device Guard properties in the System Summary](images/dg-fig11-dgproperties.png) -Figure 8. Device Guard properties in the System Summary +Figure 6. Device Guard properties in the System Summary ## Related topics From 3b5999ac47a0bff06386199348026acfd52102af Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 11 Aug 2016 16:50:46 -0700 Subject: [PATCH 12/21] Fixed a bookmark link --- .../deploy-device-guard-enable-virtualization-based-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md index ad07a92a09..ab38821fff 100644 --- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md +++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md @@ -22,7 +22,7 @@ Hardware-based security features, also called virtualization-based security or V 3. **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). -4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security for Device Guard](#enable-virtualization-based-security-for-device-guard), later in this topic. +4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security for Device Guard](#enable-virtualization-based-security-vbs), later in this topic. For information about enabling Credential Guard, see [Protect derived domain credentials with Credential Guard](credential-guard.md). From e8e94d37ae31bdbae09511dc4155ed17d1226707 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 11 Aug 2016 16:54:15 -0700 Subject: [PATCH 13/21] Fixed a bookmark link --- .../deploy-device-guard-enable-virtualization-based-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md index ab38821fff..bf63f5df7f 100644 --- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md +++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md @@ -22,7 +22,7 @@ Hardware-based security features, also called virtualization-based security or V 3. **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security). -4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security for Device Guard](#enable-virtualization-based-security-vbs), later in this topic. +4. **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security (VBS)](#enable-virtualization-based-security-vbs), later in this topic. For information about enabling Credential Guard, see [Protect derived domain credentials with Credential Guard](credential-guard.md). From ea5d88237c69bfa6b7eadf0cc896d58c71856d88 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 11 Aug 2016 18:06:45 -0700 Subject: [PATCH 14/21] Fixed link text for App-V what's new topic --- windows/manage/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md index a976bf9afc..e49b9df2ec 100644 --- a/windows/manage/TOC.md +++ b/windows/manage/TOC.md @@ -38,7 +38,7 @@ ## [Application development for Windows as a service](application-development-for-windows-as-a-service.md) ## [Application Virtualization (App-V) for Windows](appv-for-windows.md) ### [Getting Started with App-V](appv-getting-started.md) -#### [About App-V](appv-about-appv.md) +#### [What's new in App-V](appv-about-appv.md) ##### [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md) #### [Evaluating App-V](appv-evaluating-appv.md) #### [High Level Architecture for App-V](appv-high-level-architecture.md) From 93a63ef88b1c1c7b75da0f1f5a285ec6e9a3a0a5 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 11 Aug 2016 19:32:55 -0700 Subject: [PATCH 15/21] Made improvements to http links --- windows/manage/appv-about-appv.md | 2 +- ...pplication-publishing-and-client-interaction.md | 10 +++++----- ...ppv-deploying-microsoft-office-2010-wth-appv.md | 14 +++++++------- ...pv-deploying-microsoft-office-2013-with-appv.md | 14 +++++++------- ...h-electronic-software-distribution-solutions.md | 4 ++-- ...appv-deploying-the-appv-sequencer-and-client.md | 4 ++-- windows/manage/appv-deploying-the-appv-server.md | 2 +- windows/manage/appv-for-windows.md | 2 +- windows/manage/appv-getting-started.md | 2 +- ...ng-on-a-stand-alone-computer-with-powershell.md | 2 +- windows/manage/appv-performance-guidance.md | 4 ++-- ...planning-for-sequencer-and-client-deployment.md | 2 +- ...h-electronic-software-distribution-solutions.md | 2 +- windows/manage/appv-reporting.md | 4 ++-- 14 files changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/manage/appv-about-appv.md b/windows/manage/appv-about-appv.md index 571fcda8b1..5c6ea7dcf4 100644 --- a/windows/manage/appv-about-appv.md +++ b/windows/manage/appv-about-appv.md @@ -90,7 +90,7 @@ Complete the following steps to upgrade each component of the App-V infrastructu

SQL scripts

-

Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts).

+

Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).

diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index 1d9ff36d03..f8eaf4ce98 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -67,7 +67,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The   -For information about sequencing, see [Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkID=269810). +For information about sequencing, see [How to Sequence a New Application with App-V](https://technet.microsoft.com/itpro/windows/manage/appv-sequence-a-new-application). ## What’s in the appv file? @@ -123,7 +123,7 @@ To change the default location of the package store during setup, see [Enable th ### Shared Content Store -If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see . +If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 ? Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). > [!NOTE] > The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. @@ -600,7 +600,7 @@ This process will re-create both the local and network locations for AppData and In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client. -This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: . +This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177). The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) or use Windows PowerShell: @@ -990,7 +990,7 @@ The App-V Client supports publishing applications with support for COM integrati App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml). -Details on App-V integration are available at: . +For details on App-V integration, see [Microsoft Application Virtualization 5.0 Integration](https://blogs.technet.microsoft.com/appv/2013/01/03/microsoft-application-virtualization-5-0-integration). ### Software clients and application capabilities @@ -1059,7 +1059,7 @@ For situations where there is more than one application that could register the The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing. -The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: . +The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: [App Paths ? A Virtual Application Extension in App-V 5.0](https://blogs.technet.microsoft.com/virtualworld/2012/12/12/app-paths-a-virtual-application-extension-in-app-v-5-0/). ### Virtual application diff --git a/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md index 694046b16c..87112ed665 100644 --- a/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md @@ -65,7 +65,7 @@ The following table shows the App-V versions, methods of Office package creation Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions: -[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676) +[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069) ## Creating Office 2010 App-V packages using package accelerators @@ -170,7 +170,7 @@ The following table provides a full list of supported integration points for Off

Active X Controls:

-

For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).

+

For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx).

@@ -268,19 +268,19 @@ The following table provides a full list of supported integration points for Off **Office 2013 App-V Packages Additional Resources** -[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680) +[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509) **Office 2010 App-V Packages** -[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681) +[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399) -[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682) +[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619) -[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676) +[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069) **Connection Groups** -[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683) +[Deploying Connection Groups in Microsoft App-V v5](https://blogs.technet.microsoft.com/appv/2012/11/06/deploying-connection-groups-in-microsoft-app-v-v5/) [Managing Connection Groups](appv-managing-connection-groups.md) diff --git a/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md index b092b860ba..1664333c9f 100644 --- a/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md +++ b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md @@ -46,7 +46,7 @@ Use the following table to get information about supported versions of Office an -

[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)

+

[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)

  • Supported versions of Office

  • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)

    • @@ -54,7 +54,7 @@ Use the following table to get information about supported versions of Office an
-

[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)

+

[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)

Considerations for installing different versions of Office on the same computer

@@ -860,19 +860,19 @@ The following table describes the requirements and options for deploying Visio 2 [Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672) -[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680) +[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509) **Office 2010 App-V Packages** -[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681) +[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399) -[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682) +[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619) -[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676) +[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069) **Connection Groups** -[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683) +[Deploying Connection Groups in Microsoft App-V v5](https://blogs.technet.microsoft.com/appv/2012/11/06/deploying-connection-groups-in-microsoft-app-v-v5/) [Managing Connection Groups](appv-managing-connection-groups.md) diff --git a/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md index 40d840f195..67811c04b2 100644 --- a/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md +++ b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md @@ -14,7 +14,7 @@ ms.prod: w10 You can deploy App-V packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md). -To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816) +To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv) ## How to deploy virtualized packages using an ESD @@ -38,7 +38,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros ## Other resources for using an ESD and App-V -Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294). +Use the following link for more information about [App-V and Citrix Integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885). [Operations for App-V](appv-operations.md) diff --git a/windows/manage/appv-deploying-the-appv-sequencer-and-client.md b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md index 19cb04b5f4..809872cdec 100644 --- a/windows/manage/appv-deploying-the-appv-sequencer-and-client.md +++ b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md @@ -76,9 +76,9 @@ There might be cases when the administrator pre-loads some virtual applications The Sequencer is a tool that is used to convert standard applications into virtual packages for deployment to computers that run the App-V client. The Sequencer helps provide a simple and predictable conversion process with minimal changes to prior sequencing workflows. In addition, the Sequencer allows users to more easily configure applications to enable connections of virtualized applications. -For a list of changes in the App-V Sequencer, see [About App-V](appv-about-appv.md). +For a list of changes in the App-V Sequencer, see [What's new in App-V](appv-about-appv.md#bkmk-seqimprove). -[How to Install the Sequencer](appv-install-the-sequencer.md) +To deploy the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md). ## App-V Client and Sequencer logs diff --git a/windows/manage/appv-deploying-the-appv-server.md b/windows/manage/appv-deploying-the-appv-server.md index 60f2618aad..c690b835bd 100644 --- a/windows/manage/appv-deploying-the-appv-server.md +++ b/windows/manage/appv-deploying-the-appv-server.md @@ -16,7 +16,7 @@ Applies to: Windows 10, version 1607 You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md). -For information about deploying App-V for Windows 10, see [About App-V](appv-about-appv.md). +For information about deploying App-V for Windows 10, see [What's new in App-V](appv-about-appv.md). >**Important**
Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings. diff --git a/windows/manage/appv-for-windows.md b/windows/manage/appv-for-windows.md index aae7e37db8..17e12bb59e 100644 --- a/windows/manage/appv-for-windows.md +++ b/windows/manage/appv-for-windows.md @@ -16,7 +16,7 @@ The topics in this section provide information and step-by-step procedures to he [Getting Started with App-V](appv-getting-started.md) -- [About App-V](appv-about-appv.md) +- [What's new in App-V](appv-about-appv.md) - [Evaluating App-V](appv-evaluating-appv.md) - [High Level Architecture for App-V](appv-high-level-architecture.md) - [Accessibility for App-V](appv-accessibility.md) diff --git a/windows/manage/appv-getting-started.md b/windows/manage/appv-getting-started.md index 68cd9233fd..de7fadffcd 100644 --- a/windows/manage/appv-getting-started.md +++ b/windows/manage/appv-getting-started.md @@ -41,7 +41,7 @@ If you are new to this product, we recommend that you read the documentation tho ## Getting started with App-V -- [About App-V](appv-about-appv.md) +- [What's new in App-V](appv-about-appv.md) Provides a high-level overview of App-V and how it can be used in your organization. diff --git a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index 9386a9d9b2..5447eb8b36 100644 --- a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -273,7 +273,7 @@ The pending task will run later, according to the following rules:   -For more information about pending tasks, see [About App-V 5.0 SP2](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks). +For more information about pending tasks, see [Upgrading an in-use App-V package](appv-application-publishing-and-client-interaction.md#upgrading-an-in-use-app-v-package). **Have a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md index d5e0a70918..0154fa543b 100644 --- a/windows/manage/appv-performance-guidance.md +++ b/windows/manage/appv-performance-guidance.md @@ -20,9 +20,9 @@ You should read and understand the following information before reading this doc - [Application Virtualization (App-V) overview](appv-for-windows.md) -- [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206) +- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) -- [Microsoft Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953) +- [Microsoft Application Virtualization Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760) **Note**   Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. diff --git a/windows/manage/appv-planning-for-sequencer-and-client-deployment.md b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md index c2d5c87f95..9911146ef4 100644 --- a/windows/manage/appv-planning-for-sequencer-and-client-deployment.md +++ b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md @@ -19,7 +19,7 @@ Before you can use App-V, you must install the App-V Sequencer, enable the App-V App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer. > [!NOTE] -> For information about the new functionality of App-V sequencer, see the **Sequencer Improvements** section of [About App-V](appv-about-appv.md). +> For information about the new functionality of App-V sequencer, see [What's new in App-V](appv-about-appv.md#bkmk-seqimprove). The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md). diff --git a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md index f323d22bfb..e1cbb7a833 100644 --- a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md +++ b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -10,7 +10,7 @@ ms.prod: w10 # Planning to Deploy App-V with an electronic software distribution system -If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816). +If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv). Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: diff --git a/windows/manage/appv-reporting.md b/windows/manage/appv-reporting.md index bd794779e4..86af72e123 100644 --- a/windows/manage/appv-reporting.md +++ b/windows/manage/appv-reporting.md @@ -31,7 +31,7 @@ The following list displays the end–to-end high-level workflow for reporting i 2. Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server. -3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at . +3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports ](https://www.microsoft.com/en-us/download/details.aspx?id=42630). >**Note**   If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V. @@ -286,7 +286,7 @@ To retrieve report information and create reports using App-V you must use one o - **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. - Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596). + Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://technet.microsoft.com/en-us/library/ms159106(v=sql.130).aspx). - **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example: From dba564210a681fccc54f8575e1e9a72304e69bdc Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 11 Aug 2016 19:38:12 -0700 Subject: [PATCH 16/21] Fixed a character that might not display correctly --- .../appv-application-publishing-and-client-interaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index f8eaf4ce98..d9e5931749 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -123,7 +123,7 @@ To change the default location of the package store during setup, see [Enable th ### Shared Content Store -If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 ? Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). +If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). > [!NOTE] > The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. From 39f8ae34cf6896c88e29811971de26acaa77449b Mon Sep 17 00:00:00 2001 From: Mattias Fors Date: Fri, 12 Aug 2016 14:56:33 +0200 Subject: [PATCH 17/21] clarifing Just to clarify that when using county code this will not merge/append with TaskPinList without country or region defined. --- windows/manage/configure-windows-10-taskbar.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md index aaa7856125..f731255619 100644 --- a/windows/manage/configure-windows-10-taskbar.md +++ b/windows/manage/configure-windows-10-taskbar.md @@ -175,7 +175,7 @@ If you only want to remove some of the default pinned apps, you would use this m ## Configure taskbar by country or region -The following example shows you how to configure taskbars by country or region. When you specify one or more country or region in ``, the pinned apps in that section are only pinned on computers that are configured for that country or region. When specifying taskbar configuration by country or region, the taskbar will concatenate pinlists together so long as the target computer meets the country or region requirements. If no country or region is specified for a `` node, it will apply to every country and region. +The following example shows you how to configure taskbars by country or region. When you specify one or more country or region in ``, the pinned apps in that section are only pinned on computers that are configured for that country or region. When specifying taskbar configuration by country or region, the taskbar will concatenate pinlists together so long as the target computer meets the country or region requirements. If no country or region is specified for a `` node, it will apply to every country and region, only if the country or region has not been defined prior. Unspecified country or region in `` will not merge with a `` that has country or region specified. ```xml From ce1c1053d1571ada6e2709b54d0ffb8d7ab47680 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 12 Aug 2016 07:39:53 -0700 Subject: [PATCH 18/21] exclude drivers --- windows/whats-new/whats-new-windows-10-version-1607.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index fa89197f86..7eb664abab 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -57,6 +57,7 @@ Windows 10, version 1607, provides administrators with increased control over up - Quality Updates can be deferred up to 30 days and paused for 35 days - Feature Updates can be deferred up to 180 days and paused for 60 days - Update deferrals can be applied to both Current Branch (CB) and Current Branch for Business (CBB) +- Drivers can be excluded from udpates ## Security From 336c2b0000dbd570affb0b1a9ae1da73bfb99570 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 12 Aug 2016 09:19:42 -0700 Subject: [PATCH 19/21] adding Windows breadcrumbs --- windows/breadcrumb/toc.yml | 19 +++++++++++++++++++ windows/docfx.json | 5 +++-- 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 windows/breadcrumb/toc.yml diff --git a/windows/breadcrumb/toc.yml b/windows/breadcrumb/toc.yml new file mode 100644 index 0000000000..fa80416cab --- /dev/null +++ b/windows/breadcrumb/toc.yml @@ -0,0 +1,19 @@ +- name: Windows + tocHref: /itpro/windows/ + topicHref: /itpro/windows/index + items: + - name: What's new + tocHref: /itpro/windows/whats-new/ + topicHref: /itpro/windows/whats-new/index + - name: Plan + tocHref: /itpro/windows/plan/ + topicHref: /itpro/windows/plan/index + - name: Deploy + tocHref: /itpro/windows/deploy/ + topicHref: /itpro/windows/deploy/index + - name: Keep secure + tocHref: /itpro/windows/keep-secure/ + topicHref: /itpro/windows/keep-secure/index + - name: Manage + tocHref: /itpro/windows/manage/ + topicHref: /itpro/windows/manage/index \ No newline at end of file diff --git a/windows/docfx.json b/windows/docfx.json index 4d4f037a4c..4b2035530d 100644 --- a/windows/docfx.json +++ b/windows/docfx.json @@ -3,7 +3,7 @@ "content": [ { - "files": ["**/**.md"], + "files": ["**/**.md", "**/**.yml"], "exclude": ["**/obj/**"] } ], @@ -14,7 +14,8 @@ } ], "globalMetadata": { - "ROBOTS": "INDEX, FOLLOW" + "ROBOTS": "INDEX, FOLLOW", + "breadcrumb_path": "/itpro/windows/breadcrumb/toc.json" }, "externalReference": [ ], From 0c5612063882c98682e7f303046654cf20c70aab Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Fri, 12 Aug 2016 12:33:46 -0700 Subject: [PATCH 20/21] Preparing to do a redirect from appv-planning-for-migrating topic --- windows/manage/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md index e49b9df2ec..30561f90ce 100644 --- a/windows/manage/TOC.md +++ b/windows/manage/TOC.md @@ -54,7 +54,6 @@ ##### [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md) ##### [Planning for the App-V 5.1 Server Deployment](appv-planning-for-appv-server-deployment.md) ##### [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md) -##### [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md) ##### [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md) ##### [Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md) #### [App-V Planning Checklist](appv-planning-checklist.md) From 2d511737f221c3d825023252b940f61fbdcb0cbd Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Fri, 12 Aug 2016 12:42:34 -0700 Subject: [PATCH 21/21] Redirecting the planning-for-migrating topic --- ...grating-from-a-previous-version-of-appv.md | 152 +----------------- 1 file changed, 1 insertion(+), 151 deletions(-) diff --git a/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md index 1b58aa37ae..5b98eac02b 100644 --- a/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md +++ b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md @@ -1,154 +1,4 @@ --- title: Planning for Migrating from a Previous Version of App-V (Windows 10) -description: Planning for Migrating from a Previous Version of App-V -author: MaggiePucciEvans -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 +redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-migrating-to-appv-from-a-previous-version --- - - -# Planning for Migrating from a Previous Version of App-V - - -Use the following information to plan how to migrate to Microsoft Application Virtualization (App-V) from previous versions of App-V. - -## Migration requirements - - -Before you start any upgrades, review the following requirements: - -- If you are upgrading from a version earlier than 4.6 SP2, upgrade to version 4.6 SP2 or version 4.6 SP3 first before upgrading to App-V or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. - -- App-V supports only packages that are created using App-V 5.0 or App-V, or packages that have been converted to the **.appv** format. - -- If you are upgrading the App-V Server from App-V 5.0 SP1, see [About App-V](appv-about-appv.md#bkmk-migrate-to-51) for instructions. - -## Running the App-V client concurrently with App-V 4.6 SP2 or later - - -You can run the App-V client concurrently on the same computer with the App-V 4.6 SP2 client or App-V 4.6 SP3 client. - -When you run coexisting App-V clients, you can: - -- Convert an App-V 4.6 SP2 or 4.6 SP3 package to the App-V format and publish both packages, when you have both clients running. - -- Define the migration policy for the converted package, which allows the converted App-V package to assume the file type associations and shortcuts from the App-V 4.6 SP2 package. - -### Supported coexistence scenarios - -The following table shows the supported App-V coexistence scenarios. We recommend that you install the latest available updates of a given release when you are running coexisting clients. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
App-V 4.6.x client typeApp-V client type

App-V 4.6 SP2

App-V

App-V 4.6 SP2 RDS

App-V RDS

App-V 4.6 SP3

App-V

App-V 4.6 SP3 RDS

App-V RDS

- -  - -### Requirements for running coexisting clients - -To run coexisting clients, you must: - -- Install the App-V 4.6 SP2 or App-V 4.6 SP3 client before you install the App-V client. - -- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](http://technet.microsoft.com/library/dn659707.aspx). - -**Note**   -App-V packages can run side by side with App-V 4.X packages if you have coexisting installations of App-V and 4.X. However, App-V packages cannot interact with App-V 4.X packages in the same virtual environment. - -  - -### Client downloads and documentation - -The following table provides links to the App-V 4.6.x client downloads and to the TechNet documentation about the releases. The downloads include the App-V “regular” and RDS clients. The TechNet documentation about the App-V client applies to both clients, unless stated otherwise. - - ----- - - - - - - - - - - - - - - - - - - - -
App-V versionLink to download the clientLink to TechNet documentation

App-V 4.6 SP2

[Microsoft Application Virtualization 4.6 Service Pack 2](http://www.microsoft.com/download/details.aspx?id=35513)

[About Microsoft Application Virtualization 4.6 SP2](http://technet.microsoft.com/library/jj680847.aspx)

App-V 4.6 SP3

[Microsoft Application Virtualization 4.6 Service Pack 3](http://www.microsoft.com/download/details.aspx?id=41187)

[About Microsoft Application Virtualization 4.6 SP3](http://technet.microsoft.com/library/dn511019.aspx)

- -  - -For more information about how to configure App-V client coexistence, see: - -- [App-V 5.0 Coexistence and Migration](http://technet.microsoft.com/windows/jj835811.aspx) - -## Converting “previous-version” packages using the package converter - - -Before migrating a package, created using App- 4.6 SP2 or earlier, to App-V, review the following requirements: - -- You must convert the package to the **.appv** file format. - -- The Package Converter supports only the direct conversion of packages that were created by using App-V 4.5 and later. To use the package converter on a package that was created using a previous version, you must use an App-V 4.5 or later version of the sequencer to upgrade the package, and then you can perform the package conversion. - -For more information about using the package converter to convert a package, see [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md). After you convert the file, you can deploy it to target computers that run the App-V client. - -## Have a suggestion for App-V? - - -Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). - -## Related topics - - -[Planning to Deploy App-V](appv-planning-to-deploy-appv.md) - -  - -  - - - - -